Metasploit mailing list archives
Re: usefulness of this tool
From: hdm at metasploit.com (H D Moore)
Date: Fri, 17 Sep 2004 02:30:58 -0500
On Friday 17 September 2004 01:52, Neil wrote:
Another one. We have an MSSQL 2000 that is not patched too. I want to test it. Which mSsql 2000 exploit should I use there? Oh btw, the reason I am saying is because, I saw the new exploit codes after executing msfupdate.
Both of the MSSQL exploits apply to SQL Server 2000 or MSDE prior to SP3. The resolution overflow uses the UDP protocol, whereas the "hello" bug uses TCP. I prefer to use the resolution bug, because of the broadcast and spoofability features of UDP. Regarding your question about the output; if the exploit works, you should see a command shell, if it doesn't, the handler will simply exit and return back to the prompt. If the exploit you selected is not working and you are 100% sure that the system is vulnerable, try the 'check' command. If this command does not produce anything useful, send an email to this mailing list with the details of the target system and the output of "show options" from the msfconsole shell (immediately after the exploit failed). -HD
Current thread:
- usefulness of this tool Neil (Sep 16)
- <Possible follow-ups>
- usefulness of this tool jerome.athias at caramail.com (Sep 16)
- Re: usefulness of this tool Neil (Sep 16)
- Re: usefulness of this tool H D Moore (Sep 17)
- Re: usefulness of this tool Neil (Sep 17)
- Re: usefulness of this tool netmask (Sep 17)
- Re: usefulness of this tool Neil (Sep 17)
- Re: usefulness of this tool lists at syn-recon.net (Sep 17)
- Re: usefulness of this tool Neil (Sep 16)
- Re: usefulness of this tool Neil (Sep 17)
- Re: usefulness of this tool Neil (Sep 17)