View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0005586Kali LinuxGeneral Bugpublic2019-07-12 05:582019-07-23 09:33
ReporterRoseDeSable Assigned Torhertzog  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionno change required 
Product Versionkali-dev 
Summary0005586: Framework Version 5.0.35-dev: Reflective DLL Rejection with meterpreter fails
Description

Hello,
my test scenario is the following:

  • the target is a notebook with Windows 10

  • meterpreter_reverse_winhttps (x86) is hidden in a 7zip-exe-archive with the aid of shellter

  • the zip is the stage one to establisch a meterpreter on the target

  • after the meterpreter in the zip is connected to my multi-handler, I try to make the reflective dll injection to establish a second meterpreter under a process, which lives the whole time, where the user's session exists !

    msf5 post(windows/manage/reflective_dll_inject) > run
    [] Running module against <my target>
    [    ] Injecting ....meterpreter_reverse_winhttps32.dll into 43448 ... <== is a x86 process
    [-] Post failed: NoMethodError undefined method entries' for nil:NilClass [-] Call stack: [-] /usr/share/metasploit-framework/lib/msf/core/reflective_dll_loader.rb:55:inparse_pe'
    [-] /usr/share/metasploit-framework/lib/msf/core/reflective_dll_loader.rb:24:in `load_rdi_dll'

Is this a failure, or has windows 10 a mechanism to block this kind of attack ?

Activities

usama

usama

2019-07-13 03:43

reporter   ~0010779

Raise this issue on metasploit repository
RoseDeSable

RoseDeSable

2019-07-15 08:41

reporter   ~0010780

Ok, I opened issue #12089 in Github-Metasploit this morning.

Rose
RoseDeSable

RoseDeSable

2019-07-23 09:07

reporter   ~0010790

Ok, I had a lack of knoweledge about this theme. After reading for a longer time I now know the following: The dll, that should be injected, must have implemented a specific module named "reflective loader". But the meterpreter-dll, which I generated by msfvenom, hasn't this module implemented.

Please close the case
rhertzog

rhertzog

2019-07-23 09:33

administrator   ~0010791

Closing as requested.

Issue History

Date Modified Username Field Change
2019-07-12 05:58 RoseDeSable New Issue
2019-07-13 03:43 usama Note Added: 0010779
2019-07-15 08:41 RoseDeSable Note Added: 0010780
2019-07-23 09:07 RoseDeSable Note Added: 0010790
2019-07-23 09:33 rhertzog Assigned To => rhertzog
2019-07-23 09:33 rhertzog Status new => closed
2019-07-23 09:33 rhertzog Resolution open => no change required
2019-07-23 09:33 rhertzog Note Added: 0010791