Metasploit mailing list archives

Autopwn question

From: mmiller at hick.org (mmiller at hick.org)
Date: Thu, 4 Jan 2007 00:35:04 -0800

We added support a while back to the 'sessions' command for just this
reason.  Just specify the '-v' (verbose) parameter along with sessions
-l as shown below:

msff exploit(aggressive) > exploit -z
[*] Started reverse handler
[*] Sending 211 byte payload...
[*] Sending stage (474 bytes)
[*] Command shell session 1 opened (10.33.7.2:4444 -> 10.33.7.5:4731)
[*] Session 1 created in the background.
msf exploit(aggressive) > sessions -l -v

Active sessions
===============

  Id  Description    Tunnel                                Via
  --  -----------    ------                                ---
  1   Command shell  10.33.7.2:4444 -> 10.33.7.5:4731      test/aggressive


On Thu, Jan 04, 2007 at 08:04:00AM +0100, L.vd.Eijk at mindef.nl wrote:

Hi list  !
First off all, a good 2007
Regarding the autopwn script. Testing in my lab was great fun with this
nifty little script. The blog entry from HD with the "how-to" was
crystal clear. But how can i find out by wich exploit some off my
servers were hit ?
I first run the db_nmap to fill my database with no -p option and
straight after that the autopwn -p -t -e on the targets. Some off the
targets got 2 to 3 bind shells on them. Sweet off course but with what
exploits ?

Cheers, L

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht 
abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De 
Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan 
het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message 
was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risk inherent in the electronic transmission of messages.

Current thread:

Autopwn question L.vd.Eijk at mindef.nl (Jan 03)
- Autopwn question mmiller at hick.org (Jan 04)
  - Autopwn question [+generating Reports] Dennis Günnewig (Feb 07)
    - Autopwn question [+generating Reports] mmiller at hick.org (Feb 07)
    - Autopwn question [+generating Reports] H D Moore (Feb 08)
    - Autopwn question [+generating Reports] Dennis Günnewig (Feb 08)