Metasploit pen testing questions

[mmiller at hick.org (mmiller at hick.org)]

On Wed, Nov 10, 2004 at 10:38:46PM +0000, Regence 21 wrote:
> On Linux I can't find any exploits that work. I tried the two Samba and the 
> Squid exploits and I am running the correct versions from an old Red Hat 
> release, but I never see a reverse shell connection work like it does on 
> Win2k.
>
> I'd appreciate any pointers on Linux exploits that work with Metasploit.

Regarding the squid exploit, is the ntlm_auth handler enabled?  I don't
recall what the default was in older redhat installs, but in order for
the exploit to be successful the ntlm_auth extended authentication
handler must be enabled.  You can verify that the ntlm_auth handler is
enabled by a number of ways.  Firstly, you can look in the task list and
see if you see any ntlm_auth processes running as children of squid.
Secondly, you can look in the squid.conf for a line similar to this:

  auth_param ntlm program /usr/local/squid/libexec/ntlm_auth -d company/blah

As for the Samba exploits, can you describe what version of Samba is
installed on the machine and what behavior you experience when running
the exploits against it (does the samba process crash? etc)?

> Also, I couldn't find a good reference to what all the payloads do,                                                   
>                                        
> especially the new and/or non-obvious ones.

Which ones are you curious about?