Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: db_autopwn problem and suggestions

From: "kalgecin () gmail com" <kalgecin () gmail com>
Date: Wed, 18 Nov 2009 06:56:12 +0300
i have a suggestion,
in my lab i have one windows vista and two linux boxes.
when i scan them and do autopwn. but to my disappointment, it tries to
exploit iis on the linux boxes. this really takes a long time and is
useless. so my request is to add os support to the autopwn

On 11/18/09, HD Moore <hdm () metasploit com> wrote:

On Wed, 2009-11-18 at 02:31 +0000, Genesys SecTI wrote:

msf > db_import_nmap_xml /root/17150.xml (it takes about 30 sec)
msf > db_autopwn -p -e -m ms08_067 (In Win, freezes here. In
BackTrack, take about 1 1/2 hour to start.


The cross-referencing is known to be slow for SQLite3, table joins
involve seeking back and forth on opposite ends of the file for each
row.


Tried with 100 hosts, using db_nmap 1.2.3.4 -p 445, it finish well,
but again in db_autopwn need to wait about 8 minutes to start.
It is normal? There is some way to reduce this time? I tried
postgresql and sqlite3, the result is same.


Postgres is usually an order of magnitude faster at cross-referencing
than SQLite3, it will be the recommended database for large jobs and it
sounds like we need to investigate this a bit more. The db_autopwn code
in 3.3 is much more thorough due to the autofilter* checks we added (139
and 445 for SMB bugs, etc). I added ticket #554 to track this.



2 - The db_driver mysql is not working to me. Have a message to use
gem install mysql, who installed the gem, but the option db_driver
mysql doesnt appears. Mysql is working fine. Using BackTrack. Could be
a distro problem?


It looks like there are biggest issues with mysql support than we
thought - I reproduced it opened ticket #535.


3 - There is not a issue, almost a suggestion. The option -r in
db_autopwn, to connect by reverse shell assumes the local ip from the
network, but sometimes is interesting to use another. e.g. want to use
in other pc with multi/handler payload, or use my internet IP
(65.66.67.68) instead of the local ip (10.0.0.1). Tried to use the
LHOST variable but it makes not difference.


We plan to add support for this, as well as a single shared listener per
OS/ARCH sometime during 3.4 development.


4 - In db_autopwn, doesnt have support to smb2_negotiate_func_index
exploit? Tried in the -m option with a lot of variations in the name,
and is not working.


It is specifically disabled due to reliability issues:

# Not reliable enough for automation yet
def autofilter
      false
end

If you remove this function from the code it will run, but likely BSoD
many of the targets. Thanks for the feedback!

-HD

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework



-- 
Sent from Gmail for mobile | mobile.google.com

Kalgecin
http://kalgecin.110mb.com
http://kalgecin.110mb.com/forums
http://kalgecin.blogspot.com
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: