[framework] PassiveX-based payloads and MS06-055

mmiller at hick.org mmiller at hick.org
Tue Mar 13 13:40:24 CDT 2007 

Definitely sounds buggy.  I'll try to reproduce this later this evening
and send a mail with my findings.  Thanks for the additional info.

On Tue, Mar 13, 2007 at 07:15:41PM +0100, Angelo Dell'Aera wrote:
> Il giorno Tue, 13 Mar 2007 18:53:17 +0100
> Angelo Dell'Aera <buffer at softmedia.info> ha scritto:
> 
> > These are the most significant lines in framework.log
> > 
> > [03/13/2007 18:20:29] [d(2)] core: windows/meterpreter/reverse_http:
> > Successfully encoded with encoder x86/shikata_ga_nai (size is 479)
> > [03/13/2007 18:20:29] [d(2)] core: PassiveX listener started on
> > http://192.168.33.130:8080/px 
> > [03/13/2007 18:20:41] [e(0)] rex: Failed to find handler for
> > resource: / 
> > [03/13/2007 18:20:47] [d(2)] core: windows/meterpreter/reverse_http:
> > Successfully encoded with encoder x86/shikata_ga_nai (size is 479)
> > [03/13/2007 18:21:15] [e(0)] rex: Failed to find handler for
> > resource: /
> > 
> > After looking at this last log message I even tried setting PXURI to /
> > and to an empty string but no results at all even in this case.
> 
> 
> Moreover here to you a dump of the PXURI reply to the browser request 
> (GET / HTTP/1.1) which is not shown by the browser in any case.
> 
> 
> 0x0000:  4500 0127 6cfa 4000 4006 083d c0a8 2182     E..'l. at .@..=..!.
> 0x0010:  c0a8 21c7 2710 041e f57a 1c20 f519 471c       ..!.'....z....G.
> 0x0020:  5018 1920 1957 0000 4854 5450 2f31 2e31     P....W..HTTP/1.1
> 0x0030:  2034 3034 2046 696c 6520 6e6f 7420 666f    .404.File.not.fo
> 0x0040:  756e 640d 0a53 6572 7665 723a 2052 6578  und..Server:.Rex
> 0x0050:  0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type:.
> 0x0060:  7465 7874 2f68 746d 6c0d 0a43 6f6e 7465     text/html..Conte
> 0x0070:  6e74 2d4c 656e 6774 683a 2031 3431 0d0a    nt-Length:.141..
> 0x0080:  436f 6e6e 6563 7469 6f6e 3a20 4b65 6570    Connection:.Keep
> 0x0090:  2d41 6c69 7665 0d0a 0d0a 3c68 746d 6c3e   -Alive....<html>
> 0x00a0:  3c68 6561 643e 3c74 6974 6c65 3e34 3034     <head><title>404
> 0x00b0:  204e 6f74 2046 6f75 6e64 3c2f 7469 746c        .Not.Found</titl
> 0x00c0:  653e 3c2f 6865 6164 3e3c 626f 6479 3e3c      e></head><body><
> 0x00d0:  6831 3e4e 6f74 2066 6f75 6e64 3c2f 6831      h1>Not.found</h1
> 0x00e0:  3e54 6865 2072 6571 7565 7374 6564 2055    >The.requested.U
> 0x00f0:  524c 202f 2077 6173 206e 6f74 2066 6f75        RL./.was.not.fou
> 0x0100:  6e64 206f 6e20 7468 6973 2073 6572 7665   nd.on.this.serve
> 0x0110:  722e 3c70 3e3c 6872 3e3c 2f62 6f64 793e       r.<p><hr></body>
> 0x0120:  3c2f 6874 6d6c 3e				</html>
> 
> 
> It seems to me that problem is Rex is unable to serve the resource.
> From what I'm seeing maybe it could be a problem with the PXURI
> environment variable since Rex searches for / in any case and even if I
> define PXURI to / it still fails.
> 
> 
> Regards,
> 
> -- 
> 
> Angelo Dell'Aera 'buffer' 
> Antifork Research, Inc.	  	http://buffer.antifork.org
> Metro Olografix
> 
> PGP information in e-mail header
> 
>

More information about the framework mailing list