FW: Pen Test help

From: Juda Barnes (securityfocus@mymail.pent900.com)
Date: Mon Jul 18 2005 - 16:29:54 EDT

• Next message: Stephane Auger: "RE: Pen Test help"
• Previous message: Scott Fuhriman: "RE: Rooting out false positives"
• Maybe in reply to: Juda Barnes: "Pen Test help"
• Next in thread: Stephane Auger: "RE: Pen Test help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Win32_reverse will use the exploit and then will bind
command.com reverse to attacker ip address or
                any other specific ip address (the server will
establish the connection to the attacker)

Win32_bind will use the exploit and then will bind FREE
LOCAL port on the server therefor the attacker
                                        have to establish connection to the
server,

        
                                * in case the server is firewalled to that
specific port than even if the bind was sucessful you will
                                   not be able to get shell because the
firewall will drop the packages

HD as I forgot to mention the 53/tcp port is unused therefor if the
exploit were work than I was able to get into the machine

Anyway it looks nessus results and false because I am unable to use that
exploit

Any other ideas ???

thanks

-----Original Message-----
From: Stephane Auger [mailto:sauger@pre2post.com]
Sent: Monday, July 18, 2005 3:33 PM
To: pen-test@securityfocus.com
Subject: RE: Pen Test help

What does win32_reverse and win32_bind do, anyway?

-----Original Message-----
From: H D Moore [mailto:sflist@digitaloffense.net]
Sent: July 17, 2005 11:35 PM
To: pen-test@securityfocus.com
Subject: Re: Pen Test help

On Sunday 17 July 2005 14:32, Juda Barnes wrote:
> Anyway the machine have 53/tcp open port so if I will have the
> right exploit I will be able to bind to 53 the shell

That won't work. To bind on top of another service under Windows you have to
specify the local address in the bind() call. The metasploit win32_bind
payloads do not do this, so it will end up binding a shell to

some random TCP port instead.

Your best bet is to put your attacking system outside of a firewall and use
the win32_reverse payloads instead (25, 80, 443, etc).

> msf iis50_webdav_ntdll(win32_exec) > check [*] Server does not appear
> to be vulnerable Well I tried most of the framework exploits none of
> them work.
Are you sure that the system is vulnerable to anything? The metasploit check
seems to disagree with the Nessus scan results, are you using an older
version of Nessus?

-HD

• Next message: Stephane Auger: "RE: Pen Test help"
• Previous message: Scott Fuhriman: "RE: Rooting out false positives"
• Maybe in reply to: Juda Barnes: "Pen Test help"
• Next in thread: Stephane Auger: "RE: Pen Test help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:36 EDT