[framework] find_tag Payloads

[Thomas Werth]

thank you very much.

mmiller at hick.org schrieb:
> I've committed a fix for this issue.  The find tag support was
> inadvertently broken by the introduction of the intermediate stage code
> we added to support reliably handling large stages.  The intermediate
> stage (a small payload blob) was being sent before the tag itself which
> caused things to break.  I tested the fix and confirmed that it works on
> trunk.  You can find the change set information here:
> 
> http://www.metasploit.com/dev/trac/changeset/5084
> 
> On Thu, Aug 30, 2007 at 11:00:02AM -0700, mmiller at hick.org wrote:
>> Can you take a capture between the attacking machine and the target?
>> The key is to observe that a four byte tag is being sent across my the
>> wire.  My guess is that the payload isn't actually finding the
>> connection on the target machine.  The attacking machine's framework has
>> no ability to tell at present that the target machine has found the
>> socket, it just assumes that it has.
>>
>> The find_tag payload hasn't been extensively used, so it's possible that
>> there is a bug lingering somewhere.  You can do 'set TAG MSF1' which
>> should force an explicit tag to be used rather than a randomly generated
>> one.
>>
>> On Thu, Aug 30, 2007 at 10:06:58AM +0200, Thomas Werth wrote:
>>> Dear List,
>>>
>>> I'm trying to get a find_tag payload to work. I tested several of them.
>>> Meterpreter and vnc at least "printf" they have opened a session. But in
>>> meterpreter is no communication possible (help won't show fs funcs,
>>> migrate timed out, use priv , too ). VNC is the same.
>>>
>>> I'm just setting a find_tag as payload and fire test exploit. DLL
>>> tranfer is ok. After a while searching for a connection msf tells he has
>>> a session. But this one isn't working.
>>>
>>> There is one tcp connection between victim and attacker, exactly that
>>> one where exploit is send over.
>>>
>>> What is needed to get find_tag payloads working ?
>>>
>>> Thomas