Home page logo

metasploit logo Metasploit mailing list archives

Re: Issues with x64 based payloads
From: David Kennedy <kennedyd013 () gmail com>
Date: Sun, 20 Jun 2010 22:08:40 -0400

Awesome thanks!

On Sun, Jun 20, 2010 at 2:44 PM, Joshua J. Drake <jdrake () metasploit com>wrote:

On Sat, Jun 19, 2010 at 11:37:43PM -0400, David Kennedy wrote:
Anyone experiencing issues when using mssql_payload via a x64 based
It worked fine about two weeks ago however it appears something may have
changed. Example below tested on a server 2008 x64:


The scripts/shell/spawn_meterpreter.rb script uses a hardcoded payload
handler of windows/meterpreter/reverse_tcp, which will always use an
x86 second stage.  If you edit the payload used inside that script, it
should work.

In the future we'll work out a better way of handling this, but this
should get it working in a pinch. Oops, just realized that is
completely unrelated here too hehehe..

mssql_payload as well as some other stuff uses the CmdStager mixins
which in turn use the Msf::Exploit::EXE mixin to generate an executable.
The psexec module doesn't use this stuff, but as was said elsewhere
uses an explicit to_win32pe_service call inside Msf::Util::EXE ..

For the CmdStager (mssql_payload), etc you can set the EXETEMPLATE
variable to "data/templates/template_x64_windows.exe". That should fix

Since psexec doesn't use the Msf::Exploit:EXE mixin it won't work for
that one. We will need some more code changes, likely moving it to use
the Msf::Exploit::EXE mixin..

In all cases, automatically detecting that the target is x64 is
tricky. We'll have to look further into doing that..

PS. Always make sure your handler and your payload match, otherwise
you could get strange crashes when staging happens.

Joshua J. Drake


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]