Balasan: Re: [framework] apache vuln code and etc. (need help)

[hdm at metasploit.com (H D Moore)]

On Friday 24 June 2005 05:53, Sugiowono Tjhin wrote:
> 1. I already tried metasploit apache exploit and exploit code from
> milw0rm, but could not work. Any other tools ? btw, is the apache
> exploit code can be used for apache windows and linux ? The Nessus
> scanner found CVE-2002-0392 hole.

Please provide the full Apache banner and operating system version. A 
number of people have reported issues with the apache_chunked_win32 
exploit module, but I have not been able to reproduce them here. As the 
"info" command and the name of the module implies, it is designed to 
exploit the bug on the Windows platform only.

> 2. I am pentest a SMTP server, when I telnet it and try to use command
> DATA, it required auth, so i want to try using null session, but dont
> know how, any one can help me ?

It really depends on the SMTP server. If this is a Microsoft SMTP service, 
there are a couple flaws that can be used to bypass authentication. 
Jerome already pointed one of these out.

> 3. Nessus also found CVE-2002-0071 about IIS hole (.HTR ISAPI), so I
> used metasploit code IIS_HTR ...., but also it didnt work. any idea how
> to proof this hole.

This is a different vulnerability. CVE-2002-0071 refers to a heap 
overflow, the iis40_htr exploit is for CVE-1999-0874, a stack overflow. 
Please check the "info iis40_htr" output or the msfweb interface 
References link for more information.

-HD