Re: Search exploits for a particular port number

[srg <srgqwerty () gmail com>]

Hi Joshua:

Thank you very much, I will give it a try and I will update you with the results :-)

Regards



On Sep 16, 2011, at 7:36 PM, Joshua TAYLOR wrote:

> I don't know about past versions (I'm a new user myself), but for
> getting this into the framework, a quick and dirty patch like the
> following in the "search_filter(search_string)" function in
> msf/core/module.rb would get you the ability to search by ports.
>
> Index: module.rb
> ===================================================================
> --- module.rb (revision 13728)
> +++ module.rb (working copy)
> @@ -667,6 +667,9 @@
>                                                               terms = terms + self.targets.map{|x| x.name}
>                                                       end
>                                                       match = [t,w] if terms.any? { |x| x =~ r }
> +                                             when 'rport'
> +                                                     opt = self.options['RPORT']
> +                                                     match = [t,w] if opt and opt.default.to_s =~ r
>                                               when 'name'
>                                                       match = [t,w] if self.name =~ r
>                                               when 'path'
>
> This doesn't include updating the "search -h" output, of course, and a
> better solution would be to provide a way for naming an option and ask
> about the default value. Nonetheless, this will let you search for
> ports that contain certain sequence of digits.  E.g.,
>
> msf > search type:exploit rport:22
>
> Matching Modules
> ================
>
>   Name                                       Disclosure Date  Rank
>   Description
>   ----                                       ---------------  ----
>   -----------
>   exploit/linux/misc/hplip_hpssd_exec        2007-10-04
> excellent  hplip hpssd.py From Address Arbitrary Command Execution
>   exploit/unix/webapp/qtss_parse_xml_exec    2003-02-24
> excellent  QuickTime Streaming Server parse_xml.cgi Remote Execution
>   exploit/windows/games/mohaa_getinfo        2004-07-17       great
>   Medal Of Honor Allied Assault getinfo Stack Buffer Overflow
>   exploit/windows/misc/nettransport          2010-01-02       normal
>   NetTransport Download Manager 2.90.510 Buffer Overflow
>   exploit/windows/scada/citect_scada_odbc    2008-06-11       normal
>   CitectSCADA/CitectFacilities ODBC Buffer Overflow
>   exploit/windows/ssh/freeftpd_key_exchange  2006-05-12       average
>   FreeFTPd 1.0.10 Key Exchange Algorithm String Buffer Overflow
>   exploit/windows/ssh/freesshd_key_exchange  2006-05-12       average
>   FreeSSHd 1.0.9 Key Exchange Algorithm String Buffer Overflow
>
>
> Hope this helps (it's not a complete solution, but it might work for
> your needs),
> //JT
>
>
> On Fri, Sep 16, 2011 at 11:41 AM, srg <srgqwerty () gmail com> wrote:
> > Any ideas?
> > Best regards
> > Begin forwarded message:
> >
> > From: srg <srgqwerty () gmail com>
> > Subject: Search exploits for a particular port number
> > Date: September 6, 2011 8:22:44 PM GMT+02:00
> > To: framework () spool metasploit com
> >
> > Hello:
> >
> > Recently I upgraded MSF.
> > Now I am running  Framework: 4.0.1-dev.13502 Console  : 4.0.1-dev.13581
> >
> > Does anybody know if in 4.0.1 there are changes in the msfconsole SEARCH
> > command?
> > I think that in previous versions I was able to use the SEARCH command to
> > find exploits that are applicable to a particular port number, or look for
> > exploit ranks "i.e. EXCELLENT, GOOD, NORMALand so on".
> >
> > Now, apparently, it is not possible to make those kind of searches:
> > msf > help search
> > Usage: search [keywords]
> >
> > Keywords:
> >  name      :  Modules with a matching descriptive name
> >  path      :  Modules with a matching path or reference name
> >  platform  :  Modules affecting this platform
> >  type      :  Modules of a specific type (exploit, auxiliary, or post)
> >  app       :  Modules that are client or server attacks
> >  author    :  Modules written by this author
> >  cve       :  Modules with a matching CVE ID
> >  bid       :  Modules with a matching Bugtraq ID
> >  osvdb     :  Modules with a matching OSVDB ID
> >
> > In the other hand… does anybody knows if there is a msfconsole command to
> > have an exploit list that includes for each exploit the creation date?
> >
> > Thanks a lot and best regards
> >
> > _______________________________________________
> > https://mail.metasploit.com/mailman/listinfo/framework
>
>
>
> -- 
> Joshua Taylor, http://www.cs.rpi.edu/~tayloj/

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework