Results 1 to 10 of 10

Thread: reverse shell ?

  1. #1
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    5

    Default reverse shell ?

    hi every1.
    i use metasploit reverse shellcode . with exe format (./msfpayload ..... X > ...) my shell works very well in win 2k3 but when use shell in service bug in exploit doesn't work. 2k3 connect to random port . what's matter?

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Bad characters?

    Wrong offset for the exploit itself?

    There are a lot of reasons, what happens when you debug the issue?
    Tiocfaidh ár lá

  3. #3
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    5

    Default

    i use exploit for 2k but i change return address for 2k3.
    i find return address in dlls of application from olly & findjmp & other way.
    how can i find exact return address in 2k3?

    i use exploit with reverse shell on port xxxxx, but my server connect to other random port(yyyyy). why?

  4. #4
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    I already gave you another possible answer and asked you a question, you didn't check either one of em.
    Tiocfaidh ár lá

  5. #5
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    5

    Default

    there is a point.
    if the return address be wrong the session cant established, but in my test i have established connection but the port is wrong. i listen to port 5678 but the server connect to me with 34765 or other.
    i use metasploit shells and test exe of shell on 2k3. it works well.
    in other shell situation is same.
    my server has stablished connection on other ports.
    this is pop3 exploit .

    reasons:
    1.bad charecters: i check exe of shell .it works. this reason fails.
    2.wrong return address: i have established connection. this reason fails too.
    3. other reasons?

  6. #6
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Bad characters?

    You know that there is a difference between exe files and shellcode being injected?

    Also what happens if you attach a debugger? That should tell you what is wrong.
    Tiocfaidh ár lá

  7. #7
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    5

    Default

    i attach inetinfo.exe, get INT 3(ntdll!DbgBreakPoint) .
    i use (g) command for run it but windbg suspend in busy mode.
    i'm in mistake?

  8. #8
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Well does your shellcode executed? Compare it to the shellcode you sent if it is the same or if something changed.
    Tiocfaidh ár lá

  9. #9
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    5

    Default

    now test inetinfo.exe without shellcode in windbg, (BUSY and Debuggee is running) yet.
    i do these:
    1. i attache inetinfo.exe in windbg.
    2.the result is INT 3 and program stop on DbgBreakPoint.
    3.i use >g
    4.the result is BUSY,Debuggee is Running.
    5.then windbg stay in busy mode.

    which 1 isn't true!?

  10. #10
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    It is really hard to understand you and you seem not to understand what I am asking you to try.
    Tiocfaidh ár lá

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •