Comments on: Metasploit: Does it talk your language ? http://blog.c22.cc/2009/09/07/metasploit-does-it-talk-your-language/ Because we're damned if we do, and we're damned if we don't! Mon, 13 Feb 2012 14:56:03 +0000 hourly 1 http://wordpress.com/ By: ChrisJohnRiley http://blog.c22.cc/2009/09/07/metasploit-does-it-talk-your-language/comment-page-1/#comment-334 Tue, 08 Sep 2009 07:57:07 +0000 http://c22blog.wordpress.com/?p=796#comment-334 The lack of support for systems before Windows 2000 is an issue. I’m looking to work a little more on the script to make it an option of adduser.rb instead of a seperate script altogether.

I can see the point about just inserting it into a EXEC payload, but getting the syntax just right to function but not break the payload takes a little bit or trial and error (just ask my girlfriend). I’ll work a little more on it and see if it’s something you want to add to SVN. If not I’ll leave it here for those interested (and personal use of course).

]]> By: HD http://blog.c22.cc/2009/09/07/metasploit-does-it-talk-your-language/comment-page-1/#comment-333 Tue, 08 Sep 2009 03:30:18 +0000 http://c22blog.wordpress.com/?p=796#comment-333 Nice work! I believe CANVAS handles it in couple ways, mostly they just return to codepage addresses that don’t change as often, but I haven’t had good luck with the same technique. Immunity also developed the language fingerprinting technique that I implemented for MS08-067. The issue was adduser.rb and using “net user” vs “wmic” is that only newer versions of windows have wmic.exe — it wouldn’t work on older 2000 machines for example. The adduser payload is just a slim wrapper around exec, you can implement the same thing by using the “exec” payload and just setting CMD to “wmic something something” instead of creating a new payload module (or better yet, use meterp and script it out).

]]> By: ChrisJohnRiley http://blog.c22.cc/2009/09/07/metasploit-does-it-talk-your-language/comment-page-1/#comment-330 Mon, 07 Sep 2009 19:59:35 +0000 http://c22blog.wordpress.com/?p=796#comment-330 Good to know, thanks. I’m actually due to have a conference call with a few guys from Core about the same issues sometime this week, so I guess CANVAS are next on the list. I’ve got a copy from last year sometime so I can take a look at the code and see what they were doing at that point in time.

Thanks again for the pointer…

]]> By: CG http://blog.c22.cc/2009/09/07/metasploit-does-it-talk-your-language/comment-page-1/#comment-329 Mon, 07 Sep 2009 19:53:07 +0000 http://c22blog.wordpress.com/?p=796#comment-329 you should probably take a look at canvas and see how they are tackling the problem. As i dont have any real foreign language targets i havent really played with it but they tout it as being able to address some of the foreign language issues.

]]>