Closed huxinyi718 closed 7 years ago
Please try the stageless version instead, which will do DNS resolution:
linux/mipsle/mettle_reverse_tcp
The staged version does not do DNS resolution because that's how the stager works - it is minimal shellcode to load the main stage, and in this case Metasploit will try to do the DNS resolution itself and embed the IP address instead. Changing this requires a change to the general stager shellcode, and would be best to do across all architectures if possible. It's not a specific mettle problem, but in almost any of our staged Linux shellcode works the same way.
Yes. Stagedless payload works well. But are there some easy ways to make staged mettle do the DNS resolutionin ?
easy is relative. we could make a script-based stager that uses python, perl, php, or shell(wget/curl) to do the injection. That's pretty much what the command stagers do already.
If you want a native shellcode blob suitable for using in a BoF, etc, someone just needs to write the shellcode for it. Add a couple of syscalls for doing the name resolution, and some struct manipulation. Are you still going to be dropping a stager executable, or are you taking advantage of memory corruption?
Steps to reproduce
Expected behavior
It should start an reverse shell to the domain
Current behavior
mettle exit with "Segmentation fault"
I use tcpdump port 53 in victim ,but noting
System stuff
Metasploit version
4.14.10-dev
I installed Metasploit with:
OS
Kali2