Re: Access vulnerabilities

["Antonio H." <d4s.kegeln () gmail com>]

2011/1/19 Julião Barbin <juliobarbin () hotmail com>:
> Good evening friends,
> I ran nessus on my server database and found three vulnerabilities
> high
> - MySQL <3:23:59 / 4.0.21 Multiple Vulnerabilities CVE-2004-0835,
> CVE-2004-0837
> - Samba NDR MS-RPC Request Heap-Based Buffer Overflow Remote
> CVE-2007-2446
> PostgreSQL-Unpassworded Default Account - CVE-1999-0508
> , So before you correct them, I would do a penetration test ... when I enter
> the site http://www.metasploit.com/framework/search to look for
> vulnerabilities CVE BID or above, shows only have to type commands like:
>
> msf> use auxiliary / dos / samba / lsa_addprivs_heap
> msf auxiliary (lsa_addprivs_heap)> set rhost [TARGET IP]
> msf auxiliary (lsa_addprivs_heap)> run
>
> then I execute the run command, shows that:
>
> msf auxiliary (snmp_login)> run
>
> [*] Scanned hosts 1 of 1 (100% complete)
> [*] Auxiliary module execution completed
>
> and then? how do I access the vulnerabilities?
> thanks
>
> Julio C. Barbin
>
>
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework

Hello, you might want to read this:

http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training

Regarding your question, you're using an auxiliary module, not an
actual exploit, you can see a short description of each module with
the 'info' command, like this:

msf > info auxiliary/dos/samba/lsa_addprivs_heap

Greetings


PS: This is my first time posting to the metasploit mail list, so
hello all :D (is my first time posting to a mail list too, so excuse
me if i just did something stupid)
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework