The samba_trans2open module fails to function

"Todd Adam D Civ AFIT/ENG" <Adam.Todd@afit.edu>

I am conducting research on numerous exploits and payloads for my thesis. One of the end goals is to create a payload that forges server responses which will hopefully make some attacks detected by NIDS look like they were unsuccessful (e.g. if a vulnerable server provides no response and a patched server generates an HTTP 404 error, then have the payload mimic the patched server and send back a 404 error).

I have been testing numerous exploits, but have not been successful with the samba_trans2open exploit. I have installed Samba 2.2.5 on various operating systems including Red Hat 7.3, SuSe? 9.3, Debian 3.0 and 3.1, and Mandrake 9.1. I have tried different payloads including linux_ia32_bind and linux_ia32_exec. I have also tried different versions of this exploit: 1.19, 1.37, and the recent REV 4062. I have also tried different host operating systems including Fedora C5 and Windows XP. Next I tried different versions of the framework: 2.6 and 2.7 (3.0 didn't appear to have this exploit). All variations with zero success.

Finally, I tried using the public exploit trans2root.pl, which I am pretty sure that this exploit is based on, and that was successful. It worked in a matter of seconds. It appears that you wrote this exploit or at least helped adapt it for the metasploit framework. I was wondering if you had any suggestions or insight into the problem.

Thanks, Adam