Bug #817
Using AIX payloads, /bin/csh will not exit when using the "exit" command
| Status: | New | Start: | 02/08/2010 | |
|---|---|---|---|---|
| Priority: | Low | Due date: | ||
| Assigned to: | Ramon Valle | % Done: | 0% |
|
| Category: | payloads | |||
| Target version: | Metasploit 3.4 | |||
| Resolution: |
Description
The "exit" command does nothing! This might be due to the close() syscalls failing (as shown below).
bash-2.04# truss -p 17518
sigprocmask(0, 0x2FF22C60, 0x2FF22C68) = 0
close(0) Err#9 EBADF
kfcntl(19, F_DUPFD, 0x00000000) = 0
close(1) Err#9 EBADF
kfcntl(17, 14, 0x00000001) = 1
close(2) Err#9 EBADF
kfcntl(18, 14, 0x00000002) = 2
sys_parm(0x00000000, 0x0000000E, 0x20004150, 0x20003F70, 0x00000000, 0x60000000, 0x60007FDD, 0x00000000) = 0x00000000
lseek(16, 0, 2) Err#29 ESPIPE
close(0) = 0
close(1) = 0
close(2) = 0
sigprocmask(0, 0x2FF22C60, 0x2FF22C68) = 0
sigprocmask(2, 0x2FF22C60, 0x2FF22C68) = 0
Suspicions point to dup'n of sockets..
History
Updated by Joshua Drake about 1 month ago
- Subject changed from AIX bind/reverse payloads won't exit to Using AIX payloads, /bin/csh will not exit when using the "exit" command
Clarified description
Updated by HD Moore about 1 month ago
- Assigned to changed from HD Moore to Ramon Valle
- Target version set to 18
Ramon, could you take a look?
Updated by Ramon Valle 30 days ago
Joshua Drake wrote:
The "exit" command does nothing! This might be due to the close() syscalls failing (as shown below).
bash-2.04# truss -p 17518 sigprocmask(0, 0x2FF22C60, 0x2FF22C68) = 0 close(0) Err#9 EBADF kfcntl(19, F_DUPFD, 0x00000000) = 0 close(1) Err#9 EBADF kfcntl(17, 14, 0x00000001) = 1 close(2) Err#9 EBADF kfcntl(18, 14, 0x00000002) = 2 sys_parm(0x00000000, 0x0000000E, 0x20004150, 0x20003F70, 0x00000000, 0x60000000, 0x60007FDD, 0x00000000) = 0x00000000 lseek(16, 0, 2) Err#29 ESPIPE close(0) = 0 close(1) = 0 close(2) = 0 sigprocmask(0, 0x2FF22C60, 0x2FF22C68) = 0 sigprocmask(2, 0x2FF22C60, 0x2FF22C68) = 0
Suspicions point to dup'n of sockets..
Which AIX version this happens?