New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
windows/*/reverse_ord_tcp
does not appear to work?
#16642
Comments
windows/*/reverse_rd_tcp
does not appear to work?windows/*/reverse_ord_tcp
does not appear to work?
Hi! This issue has been left open with no activity for a while now. We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request. |
That likely isn't going to end well, given that the payload suggests
Although confusingly the documentation later uses a Windows XP SP2 target with metasploit-framework/documentation/modules/payload/windows/shell/reverse_ord_tcp.md Lines 114 to 126 in 172ee9a
This payload was designed during the Windows XP SP2 era. Apparently it was a rockin Windows payload in 2005. Perhaps this stopped working in the Windows XP SP3 / Windows 7 era?
You can find some details in the slides from "Beyond EIP" (pages 14 to 16) presented at BlackHat Briefings by spoonm and skape in 2005. These payloads use a technique discussed in Oded Horovitz's lightning talk at CanSecWest/core04. I wasn't able to find details about the lightning talk, but Matt Conover and Oded Horovitz presented "Reliably Exploiting Windows Heap Overflows" at core04, so perhaps the technique was discussed during the presentation. Matt and Oded presented a bunch of heap exploitation related work for Windows 2000 to Windows XP SP2 in 2004/2005. As you suggest, the primary benefit is the size due to leveraging in-memory |
For what it is worth, this payload failed on Windows XP SP0 for me too.
|
Based on the documentation here: https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/payload/windows/shell/reverse_ord_tcp.md
I should be doing this right, but the result is no session, and a crashed smb service:
Success if I just use reverse_tcp:
I'm not entirely clear on the use case on this payload type- is it just the size?
The text was updated successfully, but these errors were encountered: