metasploit-framework March 2011 archive
Main Archive Page > Month Archives  > metasploit-framework archives
metasploit-framework: Re: [framework] my handler has been p0wned

Re: [framework] my handler has been p0wned ?

From: al1c3andb0b <al1c3andb0b_at_nospam>
Date: Wed Mar 16 2011 - 16:30:59 GMT

On 03/16/2011 04:05 PM, c0lists wrote:
> had you tried it(1), you would have seen that if you connect to your
> IP/port the handler would attempt to send you the stage too. Add that
> you are listening on a commonly scanned port this isnt too surprising.
> 1.
You're right, a simple netcat connect triggers the staging step. And I
hadn't tried it. Thanks

Actually, the scan option touched me, but lightly as I thought there
should be a protocol between the stager and the handler, involving a
custom scanner to fingerprint the MSF handler and an exploit at hand to
abuse it, which is IMHO not the kind of tools used by either script
kiddies nor large criminal organizations who perform untargeted scans.
But obviously, keeping the stager shorter was preferred, at the price of
being revealed through a simple connect scan.

At least I'm right on my last point: the Internet is continuously
scanned for vulnerable hosts at a terrible pace.