Metasploit mailing list archives
Running exploits
From: peter_atanasovski at agilent.com (Peter Atanasovski)
Date: Thu, 03 Mar 2005 12:28:09 -0800
Hi, H D Moore wrote:
Hi, A handful of the exploits not only connect, but also require some form of response before they send the request that will trigger the vulnerability. Exploits like this (such as MSRPC, LSASS, etc) will require a responsive network service to really test, otherwise you will only see the initial negotiation requests. The UDP-based exploits do not require a connection (and most do not require a response). Take a look at the MSSQL Resolution Overflow and the ISS PAM Overflow exploit modules. Just curious, but are you trying to demonstrate the effectiveness of the firewall or learn more about the actual exploits?
Actually both. I first saw MSF being used just recently at RSA Conf 2005 by various vendors to generate exploits through their IPS devices, to demonstrate how effective they were at blocking exploits. Many firewalls also have this kind of attack recognition built-in, so I wanted to try using MSF as a test stimulus for the firewall (or any device which is designed to look for attacks).
-HD On Thursday 03 March 2005 13:57, Peter Atanasovski wrote:It seems that as a minimum, each exploit must at least create a connection to a targeted service, and then the exploit will be transmitted.
Current thread:
- Running exploits Peter Atanasovski (Mar 03)
- Running exploits H D Moore (Mar 03)
- Running exploits Peter Atanasovski (Mar 03)
- Running exploits H D Moore (Mar 03)