Re: Pen Test help

From: H D Moore (sflist@digitaloffense.net)
Date: Sun Jul 17 2005 - 23:35:03 EDT

• Next message: Can't dig that daddy: "Re: Keystroke logging with strace (no setup required)"
• Previous message: plug: "Re: list of address that you don't want to scan"
• In reply to: Juda Barnes: "RE: Pen Test help"
• Next in thread: Stephane Auger: "RE: Pen Test help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Sunday 17 July 2005 14:32, Juda Barnes wrote:
> Anyway the machine have 53/tcp open port so if I will have the
> right exploit I will be able to bind to 53 the shell

That won't work. To bind on top of another service under Windows you have
to specify the local address in the bind() call. The metasploit
win32_bind payloads do not do this, so it will end up binding a shell to
some random TCP port instead.

Your best bet is to put your attacking system outside of a firewall and
use the win32_reverse payloads instead (25, 80, 443, etc).

> msf iis50_webdav_ntdll(win32_exec) > check
> [*] Server does not appear to be vulnerable
> Well I tried most of the framework exploits none of them work.
Are you sure that the system is vulnerable to anything? The metasploit
check seems to disagree with the Nessus scan results, are you using an
older version of Nessus?

-HD

• Next message: Can't dig that daddy: "Re: Keystroke logging with strace (no setup required)"
• Previous message: plug: "Re: list of address that you don't want to scan"
• In reply to: Juda Barnes: "RE: Pen Test help"
• Next in thread: Stephane Auger: "RE: Pen Test help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:35 EDT