Home page logo
/

metasploit logo Metasploit mailing list archives

Re: WinExec payload?
From: Jun Koi <junkoi2004 () gmail com>
Date: Wed, 18 May 2011 14:33:34 +0800

On Wed, May 18, 2011 at 2:00 PM, Jose Selvi <jselvi () pentester es> wrote:
Are you using a debugger with the service you're exploiting?

yes, i do.

Maybe you're not catching the interruption.

i dont think so, because that should not happen.


thanks,
J


El 18/05/11 07:38, Jun Koi escribió:
hi,

i am using payload WinExec to test one vulnerable application (the
exploitation also comes from metasploit)

before launching the exploit, i put 2 breakpoints on WinExec and
GetProcAddress function of this application.
then i run the exploit, and it successes.

however, the problem is none of my breakpoints were triggered. this is a
surprise to me, as i supposed that the payload cannot work without using
these 2 functions. clearly i missed something there!

could anybody please tell me why this happens?

thanks a lot,
Jun

--
Jose Selvi.
Security Technical Consultant
CISA, CISSP, CNAP, GCIH, GPEN

http://www.pentester.es

SANS Mentor in Madrid (Spain). September 23 - November 25
SEC560: Network Penetration Testing and Ethical Hacking
http://www.sans.org/mentor/details.php?nid=24133
http://www.pentester.es/2010/12/nuevo-grupo-y-descuento-para-network.html
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]