Metasploit mailing list archives

Metasploit pen testing questions

From: ITorres at litronic.com (Israel Torres)
Date: Wed, 10 Nov 2004 14:49:27 -0800

use tftp in conjunction with a free tftp server(TFTPD32), windows boxes by default come with tftp.
TFTPD32's home page is http://tftpd32.jounin.net.

Israel Torres

tftp


Transfers files to and from a remote computer running the TFTP service.

TFTP [-i] host [GET | PUT] source [destination]

  -i              Specifies binary image transfer mode (also called
                  octet). In binary image mode the file is moved
                  literally, byte by byte. Use this mode when
                  transferring binary files.
  host            Specifies the local or remote host.
  GET             Transfers the file destination on the remote host to
                  the file source on the local host.
  PUT             Transfers the file source on the local host to
                  the file destination on the remote host.
  source          Specifies the file to transfer.
  destination     Specifies where to transfer the file.



-----Original Message-----
From: Regence 21 [mailto:regence21 at hotmail.com]
Sent: Wednesday, November 10, 2004 2:39 PM
To: framework at metasploit.com
Subject: [framework] Metasploit pen testing questions


I am using the latest Metasploit to do some pen testing on a test network - 
thanks for such a great tool!

Generally it works great but I have some simple questions that I can't find 
answers to.

On Win2k I can get a reverse shell easily and execute commands, but if I try 
and start the Windows command line ftp client won't work (the command line 
just sits there after I enter ftp). Am I missing something? Without ftp, 
what is the easiest way to upload a file to a Win2k target host?

On Linux I can't find any exploits that work. I tried the two Samba and the 
Squid exploits and I am running the correct versions from an old Red Hat 
release, but I never see a reverse shell connection work like it does on 
Win2k.

I'd appreciate any pointers on Linux exploits that work with Metasploit.

Also, I couldn't find a good reference to what all the payloads do, 
especially the new and/or non-obvious ones.

Thanks,

Brian

Current thread:

Metasploit pen testing questions Regence 21 (Nov 10)
- Metasploit pen testing questions Sam Gorton (Nov 10)
- Metasploit pen testing questions mmiller at hick.org (Nov 10)
- Metasploit pen testing questions H D Moore (Nov 12)
- <Possible follow-ups>
- Metasploit pen testing questions Israel Torres (Nov 10)
- Metasploit pen testing questions Regence 21 (Nov 10)
- Metasploit pen testing questions Phyo Arkar Lwin (Nov 16)
  - Metasploit pen testing questions Guy Incognito (Nov 16)
    - Metasploit pen testing questions Phyo Arkar Lwin (Nov 16)