Metasploit mailing list archives

Re: usefulness of this tool

From: lists at syn-recon.net (lists at syn-recon.net)
Date: Fri, 17 Sep 2004 12:16:24 -0500

You might wanna check out The Art Of Exploitation from nostarch press 
(http://nostarch.com/).  It does a good job of explaining (with code 
examples) the basics and concepts of the different exploit types (stack 
based overflows, how to inject your shell code, returning into glibc 
etc).  You might wanna skim through it first though, its abit 
dissapointing if your looking for more advanced stuff.

Florian

Neil wrote:

Great! I will.
Also, I don't want to become like a script kiddie. I have read some 
people's
post in this mailing list that talks about reading registers, stacks. I 
also
want to be like them. I know this requires knowledge in assembly. But I
would like to know how you guys find what area in the stack to put the
exploit? Is gdb the tool for this? And I had been asking myself how one is
able to create an exploit. Do you have to know how the target application
works? Just some generals questions. :)
Awesome tool by the way. Keep it up HD. ;)
H D Moore writes:

On Friday 17 September 2004 01:52, Neil wrote:

Another one. We have an MSSQL 2000 that is not patched too. I want to
test it. Which mSsql 2000 exploit should I use there? Oh btw, the
reason I am saying is because, I saw the new exploit codes after
executing msfupdate.



Both of the MSSQL exploits apply to SQL Server 2000 or MSDE prior to 
SP3. The resolution overflow uses the UDP protocol, whereas the 
"hello" bug uses TCP. I prefer to use the resolution bug, because of 
the broadcast and spoofability features of UDP.
Regarding your question about the output; if the exploit works, you 
should see a command shell, if it doesn't, the handler will simply 
exit and return back to the prompt. If the exploit you selected is not 
working and you are 100% sure that the system is vulnerable, try the 
'check' command. If this command does not produce anything useful, 
send an email to this mailing list with the details of the target 
system and the output of  "show options" from the msfconsole shell 
(immediately after the exploit failed). 
-HD

Current thread:

usefulness of this tool Neil (Sep 16)
- <Possible follow-ups>
- usefulness of this tool jerome.athias at caramail.com (Sep 16)
  - Re: usefulness of this tool Neil (Sep 16)
    - Re: usefulness of this tool H D Moore (Sep 17)
    - Re: usefulness of this tool Neil (Sep 17)
    - Re: usefulness of this tool netmask (Sep 17)
    - Re: usefulness of this tool Neil (Sep 17)
    - Re: usefulness of this tool lists at syn-recon.net (Sep 17)
    - Re: usefulness of this tool Neil (Sep 17)
- Re: usefulness of this tool jerome.athias at caramail.com (Sep 17)
- usefulness of this tool Jose Alejandro Sanchez Ortega (Sep 17)
  - Re: usefulness of this tool Neil (Sep 17)