[framework] Payload Handler issues in MSF 3.0-r3
H D Moore
hdm at metasploit.com
Thu Jun 29 12:42:28 CDT 2006
The stable tree (2.x) behaves the same way. The alternative would require
every exploit to explicitly start the payload handler, which IMO is more
boilerplate and not very useful in the long run. Most exploits have a
very small time window between the initial exploit launch and when the
payload has been injected. I agree that with some exploits, such as
netvault, this can seem a bit silly, since the payload handler starts
running way before the exploit could have possibly finished. If the
behavior bothers you, just switch to a handler that doesn't generate
traffic (any of the *reverse* payloads for instance).
-HD
On Thursday 29 June 2006 11:17, Rhys Kidd wrote:
> While the port 4444 attempts are simply met with a RST flag until the
> bind socket is correctly initialised, I’m wondering why the attempts
> begin so early. This particular exploit does take some time to run
> through the exploitation process, and the ret overwrite doesn’t occur
> until we have made ~6 further attempts to connect to the vulnerable
> service after the payload is delivered.
> Can anyone shed some light on why the payload handler is so eager?
More information about the framework
mailing list