Metasploit pen testing questions

[hdm at metasploit.com (H D Moore)]

On Wednesday 10 November 2004 16:38, Regence 21 wrote:
> On Win2k I can get a reverse shell easily and execute commands, but if
> I try and start the Windows command line ftp client won't work (the
> command line just sits there after I enter ftp). Am I missing
> something? Without ftp, what is the easiest way to upload a file to a
> Win2k target host?

Keep in mind that you can also use the win32_(bind|reverse)_upexec 
payloads to automatically upload and execute a file over the socket. This 
feature is getting replaced by mmiller's Meterpreter in the 2.3 release 
(which is still crunching along). The best way to use this payload is via 
a self-extracting archive that launches a backdoor after extraction. In 
most cases, just executing cmd.exe after the extraction completes will 
leave you in a functional shell with all of your tools ready to go.

> On Linux I can't find any exploits that work. I tried the two Samba and
> the Squid exploits and I am running the correct versions from an old
> Red Hat release, but I never see a reverse shell connection work like
> it does on Win2k.

Have you used msfupdate to obtain the latest version of samba_trans2open? 
Vlad902 fixed that to work with binaries compiled with newer versions of 
gcc. If you are already running the latest version, could you send us a 
copy (off-list, to msfdev[at]metasploit.com) of the "smbd" executable? 
Thanks!

-HD