Queries on CABRIGHTSTOR exploit

[3shool at gmail.com (3 shool)]

On Wed, Oct 26, 2005 at 06:06:05PM +0530, 3 shool wrote:
> The first server was running a vulnerable version of CA licencing server
and
> I was able to get a remote shell using relevant exploit in metasploit.
>
> The second server is vulnerable to CA brightstor universal agent, as
> reported by Nessus and verified once again by another scam. The framework
> has a relevant exploit named "cabrightstor_uniagent" to exploit this
> vulnerability. The remote OS is WIndows 2000 and the service is listening
on
> default 6050 port. I ran the exploit with magic target and all available
> payloads, one by one, but this one is not able to exploit the remote
> service. I feel I might have done somthing wrong hence I tried all
> possibilities a couple of time but no luck!
>
> Here is what I gave:
>
> LHOST: my local machine IP 192.168.1.3 <http://192.168.1.3/> <
http://192.168.1.3>
> RHOST: vulnerable servers IP
> TARGET: 0
> PAYLOAD: win32, win32_reverse_ord, win32_reverse_ord_vncinject
> CMD: dir
>
>
> Just a guess, but is the vulnerable machine somewhere else on the
> internet or is on the local LAN? In other words, can the vulnerable
> machine communicate with 192.168.1.3 <http://192.168.1.3>? I'd guess
> that's what your
> problem is. You might be better of using the bind payloads if you're
> unsure, although you will be subject to any inbound filtering the target
> machine has. It's also possible that the address being used by the
> exploit may not be working correctly on the target machine. You'd need
> to do some analysis to determine this.

The vulnerable machine is on internet. But I also tried the CMD execution
payload which I feel should work in this case. And there isn't a bind
payload for this module. Any idea how can I create one?

I would appreciate some more pointers from experts.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20051027/644cde6e/attachment.htm>