Drop the exploit in your msfcli command.
Have you had any success running that exploit against Vista?
msfcli cannot load "listening" exploit?
Hi,
This seems more of a metasploit issue than a bt4b issue, but thought I should post here anyway.
I am running bt4b installed in VMWare (note, I am not using the proper VMWare image becuase my version of vmware workstation is out of date).
The problem:
Trying to launch any exploit via msfcli that uses a "listening" exploit, (I.E the majority of client-side browser exploits), msfcli just fails as below (no errors), however running the same exploit with same parameters in msfconsole works and the exploit is launched and ready for a connection.
msfcli
root@bt:/pentest/exploits/framework3# ./msfcli exploit/windows/browser/ms09_002_memory_corruption SRVPORT=80 URIPATH=test PAYLOAD=windows/shell/bind_tcp LPORT=4444 E
root@bt:/pentest/exploits/framework3#
msfconsole
msf exploit(ms09_002_memory_corruption) > exploit
[*] Exploit running as background job.
msf exploit(ms09_002_memory_corruption) >
[*] Started bind handler
[*] Using URL: http://0.0.0.0:81/test
[*] Local IP: http://10.0.0.232:81/test
[*] Server started.
Drop the exploit in your msfcli command.
Have you had any success running that exploit against Vista?
not sure I understand what you mean by "drop"?Originally Posted by level
If I remember correctly, Vista SP0 is a supported target but I don't have any Vista "disposable" machines at present.
I mean use the command without 'exploit'
./msfcli /windows/browser/ms09_002_memory_corruption SRVPORT=80 URIPATH=test PAYLOAD=windows/shell/bind_tcp LPORT=4444
Thanks for the suggestion but msfcli complains that it is an invalid module if dropping the "exploit" part.
It works fine for me without 'exploit'. Did you download the module from the website?Originally posted by bruk0ut
Thanks for the suggestion but msfcli complains that it is an invalid module if dropping the "exploit" part.
strange!
I svn update'd!
I'll try some other modules that listen when I next get time.
I don't know what you mean by 'strange', but it seems you have a bad module. The easiest way would be to download it from the website.Originally posted by bruk0ut
strange!
I svn update'd!
I'll try some other modules that listen when I next get time.
http://trac.metasploit.com/browser/f..._corruption.rb
I see what you're saying now. I never tried metasploit in vmware until now.
What I think has to be done is to make the top three lines of the new module similar to the existing browser modules. I think you'll see what I mean when you compare the two. Doing this seemed to allow the module to be loaded but I encountered syntax errors at the end of the file. Unfortunately, I don't have the time to do more with it. Also, I'm using BT3 in vmware, but I believe the problem is the same with BT4b. Let us know if you have any success.
Posting Permissions