[framework] Loading meterpreter extensions in ms 3.0 beta (shedding new light...)
mmiller at hick.org
mmiller at hick.org
Thu Mar 1 11:41:13 CST 2007
On Thu, Mar 01, 2007 at 03:55:27PM +0000, Luke J wrote:
> It was failing with the same ruby stack trace that Vedran had (as
> below). I didn't attach a debugger but the server side didn't crash. I
> could still carry on using the meterpreter perfectly.
>
> The error code 1168 is windows system error ERROR_NOT_FOUND which seemed
> to be returned from the server side code based on my brief code analysis.
>
> If this is definitely just due to the file size then I guess it is not
> so big an issue unless people want to write some huge extensions.
> However, I just figured it might be worth a little bit of investigation.
>
> If there is anything specific you'd like me to do/test or if you'd like
> me to send you an example compiled DLL that fails on win2k3 then let me
> know.
As it relates to size, my only guess would be that somehow an incomplete
version of the DLL is being sent to the server. Here's something to
try.
In lib/rex/post/meterpreter/client_core.rb inside load_library, there's
this block of code:
::File.open(library_path, 'rb') { |f|
image = f.read
}
Try adding a $stdout.puts("#{image.length}") after that block. Compare
the output to the size of the file. If they mismatch, then we know this
is the problem.
More information about the framework
mailing list