Metasploit mailing list archives
Metasploit pen testing questions
From: mmiller at hick.org (mmiller at hick.org)
Date: Wed, 10 Nov 2004 17:35:38 -0600
On Wed, Nov 10, 2004 at 10:38:46PM +0000, Regence 21 wrote:
On Linux I can't find any exploits that work. I tried the two Samba and the Squid exploits and I am running the correct versions from an old Red Hat release, but I never see a reverse shell connection work like it does on Win2k. I'd appreciate any pointers on Linux exploits that work with Metasploit.
Regarding the squid exploit, is the ntlm_auth handler enabled? I don't recall what the default was in older redhat installs, but in order for the exploit to be successful the ntlm_auth extended authentication handler must be enabled. You can verify that the ntlm_auth handler is enabled by a number of ways. Firstly, you can look in the task list and see if you see any ntlm_auth processes running as children of squid. Secondly, you can look in the squid.conf for a line similar to this: auth_param ntlm program /usr/local/squid/libexec/ntlm_auth -d company/blah As for the Samba exploits, can you describe what version of Samba is installed on the machine and what behavior you experience when running the exploits against it (does the samba process crash? etc)?
Also, I couldn't find a good reference to what all the payloads do, especially the new and/or non-obvious ones.
Which ones are you curious about?
Current thread:
- Metasploit pen testing questions Regence 21 (Nov 10)
- Metasploit pen testing questions Sam Gorton (Nov 10)
- Metasploit pen testing questions mmiller at hick.org (Nov 10)
- Metasploit pen testing questions H D Moore (Nov 12)
- <Possible follow-ups>
- Metasploit pen testing questions Israel Torres (Nov 10)
- Metasploit pen testing questions Regence 21 (Nov 10)
- Metasploit pen testing questions Phyo Arkar Lwin (Nov 16)
- Metasploit pen testing questions Guy Incognito (Nov 16)
- Metasploit pen testing questions Phyo Arkar Lwin (Nov 16)
- Metasploit pen testing questions Guy Incognito (Nov 16)