Running exploits

[peter_atanasovski at agilent.com (Peter Atanasovski)]

Hi,

H D Moore wrote:

> Hi,
>
> A handful of the exploits not only connect, but also require some form of 
> response before they send the request that will trigger the 
> vulnerability. Exploits like this (such as MSRPC, LSASS, etc) will 
> require a responsive network service to really test, otherwise you will 
> only see the initial negotiation requests. The UDP-based exploits do not 
> require a connection (and most do not require a response). Take a look at 
> the MSSQL Resolution Overflow and the ISS PAM Overflow exploit modules. 
> Just curious, but are you trying to demonstrate the effectiveness of the 
> firewall or learn more about the actual exploits?

Actually both. I first saw MSF being used just recently at RSA Conf 2005 by 
various vendors to generate exploits through their IPS devices, to demonstrate 
how effective they were at blocking exploits. Many firewalls also have this kind 
of attack recognition built-in, so I wanted to try using MSF as a test stimulus 
for the firewall (or any device which is designed to look for attacks).

> -HD
>
> On Thursday 03 March 2005 13:57, Peter Atanasovski wrote:
>
> > It seems that as a minimum, each exploit must at least create a
> > connection to a targeted service, and then the exploit will be
> > transmitted.