Metasploit mailing list archives

Exploit MSSQL HELO vuln

From: hdm at metasploit.com (H D Moore)
Date: Wed, 5 Apr 2006 02:19:10 -0500

Interesting, it looks like the payload is unable to execute 'cmd.exe', so 
the payload connects, but immediately exits. Can you try using the 
"win32_adduser" payload and see if a new user has been created? It also 
calls "cmd.exe", so it could be a permission issue or some piece of 
third-party software blocking the execution.

-HD

On Tuesday 04 April 2006 22:11, Josh L. Perrymon wrote:

msf mssql2000_preauthentication(win32_bind) > exploit
[*] Starting Bind Handler.
[*] Saying hello to Microsoft SQL Server 2000 / MSDE 2000  (0x42b68aba
/ 0x42d01e50)
[*] Got connection from 127.0.0.1:2109 <-> 127.0.0.1:33334

[*] Exiting Bind Handler.

msf mssql2000_preauthentication(win32_bind) >

--------------------------

Does this mean the remote machine has a connection to my local machine?
When I try telnetting to 127.0.0.1:33334 it has a blinking cursor then
drops the connection????

I haven't used the bind_shell payload before becuase I usually have the
ability to put myself outside the firewall when attampting exploits.

Thanks for the help...

JP

Current thread:

Exploit MSSQL HELO vuln Josh L. Perrymon (Apr 04)
- Exploit MSSQL HELO vuln H D Moore (Apr 05)