Metasploit mailing list archives

Queries on CABRIGHTSTOR exploit


From: mmiller at hick.org (mmiller at hick.org)
Date: Wed, 26 Oct 2005 21:52:32 -0500

On Wed, Oct 26, 2005 at 06:06:05PM +0530, 3 shool wrote:
The first server was running a vulnerable version of CA licencing server and
I was able to get a remote shell using relevant exploit in metasploit.

The second server is vulnerable to CA brightstor universal agent, as
reported by Nessus and verified once again by another scam. The framework
has a relevant exploit named "cabrightstor_uniagent" to exploit this
vulnerability. The remote OS is WIndows 2000 and the service is listening on
default 6050 port. I ran the exploit with magic target and all available
payloads, one by one, but this one is not able to exploit the remote
service. I feel I might have done somthing wrong hence I tried all
possibilities a couple of time but no luck!

Here is what I gave:

LHOST: my local machine IP 192.168.1.3 <http://192.168.1.3>
RHOST: vulnerable servers IP
TARGET: 0
PAYLOAD: win32, win32_reverse_ord, win32_reverse_ord_vncinject
CMD: dir

Just a guess, but is the vulnerable machine somewhere else on the
internet or is on the local LAN?  In other words, can the vulnerable
machine communicate with 192.168.1.3?  I'd guess that's what your
problem is.  You might be better of using the bind payloads if you're
unsure, although you will be subject to any inbound filtering the target
machine has.  It's also possible that the address being used by the
exploit may not be working correctly on the target machine.  You'd need
to do some analysis to determine this.



Current thread: