Metasploit mailing list archives
Re: Access vulnerabilities
From: "Antonio H." <d4s.kegeln () gmail com>
Date: Wed, 19 Jan 2011 14:43:59 -0600
2011/1/19 Julião Barbin <juliobarbin () hotmail com>:
Good evening friends, I ran nessus on my server database and found three vulnerabilities high - MySQL <3:23:59 / 4.0.21 Multiple Vulnerabilities CVE-2004-0835, CVE-2004-0837 - Samba NDR MS-RPC Request Heap-Based Buffer Overflow Remote CVE-2007-2446 PostgreSQL-Unpassworded Default Account - CVE-1999-0508 , So before you correct them, I would do a penetration test ... when I enter the site http://www.metasploit.com/framework/search to look for vulnerabilities CVE BID or above, shows only have to type commands like: msf> use auxiliary / dos / samba / lsa_addprivs_heap msf auxiliary (lsa_addprivs_heap)> set rhost [TARGET IP] msf auxiliary (lsa_addprivs_heap)> run then I execute the run command, shows that: msf auxiliary (snmp_login)> run [*] Scanned hosts 1 of 1 (100% complete) [*] Auxiliary module execution completed and then? how do I access the vulnerabilities? thanks Julio C. Barbin _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Hello, you might want to read this: http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training Regarding your question, you're using an auxiliary module, not an actual exploit, you can see a short description of each module with the 'info' command, like this: msf > info auxiliary/dos/samba/lsa_addprivs_heap Greetings PS: This is my first time posting to the metasploit mail list, so hello all :D (is my first time posting to a mail list too, so excuse me if i just did something stupid) _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- doubts on the procedures of controls Julião Barbin (Jan 18)
- Access vulnerabilities Julião Barbin (Jan 19)
- Re: Access vulnerabilities Antonio H. (Jan 19)
- Access vulnerabilities Julião Barbin (Jan 19)