[framework] win32_reverse_meterpreter question
H D Moore
hdm at metasploit.com
Wed Sep 13 21:23:02 CDT 2006
This is a known bug in both 2.6 and 3.0-beta-2. The problem is caused by
machines that enforce the NX bit on pages. A typo in the Sam and Priv
extensions (2.6/3.0) resulted in a page not being allocated with the
execute permission bit set. This has been fixed in the source, but
compiled versions of the extensions have not yet been pushed to the
update tree.
Since this crash occurs in the LSASS service, the machine will not be able
to process authentication requests until it has been restarted. I should
be able to rebuild and update the Sam extension tonight, thanks for
reporting it!
-HD
On Wednesday 13 September 2006 20:45, captgoodnight wrote:
> Hello list, right now I'm in the middle of a pen test. Netapi is
> thrashing about ;p)
>
> My question; I have done a use -m Sam and gethashes on a few machines
> and 2 out of say 50 ;p) have crashed. I'm thinking I hit a DC or
> something. Is there a file left behind on the crashed servers? I get
> all the way to the 'gethashes' and nothing was returned, I then waited
> and exited.
>
> Any ideas?
More information about the framework
mailing list