Metasploit mailing list archives
ie_unsafe_scripting.rb exploit module
From: hdm at metasploit.com (H D Moore)
Date: Wed, 17 Dec 2008 13:39:06 -0600
On Wednesday 17 December 2008, natron wrote:
So you have to know the server name. ?What are our options? 1) Just scan localhost for default apps running on default ports and ignore external servers. ?(Think workstation management apps, virus scan consoles, stuff like that.)
I agree that localhost should be included in every test, regardless of how we do this next part.
2) Discover through unknown external methods (like identifying their naming scheme through some webserver information disclosure, then generating a list of permutations... or a compromised DNS server) and have the mod import a file.
Makes sense, lets punt this to the user and let them specify a file containing a list of hosts to try.
3) Pre-populate a list of guessed naming schemes.
I think we should include a default file with common server names.
How do you propose we do 3)? ?That doesn't sound easy or very successful. ?In most environments I see, the naming schemes are all over the map.
A few naming schemes seem really common and its something to start with at least. To get the ball rolling, I would suggest using a few base names and then permuting them based on common naming conventions: server<suffix> webserver<suffix> mailserver<suffix> client<suffix> user<suffix> printer<suffix> backup<suffix> mail<suffix> web<suffix> www<suffix> intranet hr<suffix> With the suffix being something like: 0-9, 00-99, A-Z, AA-ZZ, -old, -new, etc So the question becomes, at what number of permutations does that list become infeasible? -HD
Current thread:
- ie_unsafe_scripting.rb exploit module natron (Dec 16)
- ie_unsafe_scripting.rb exploit module H D Moore (Dec 16)
- ie_unsafe_scripting.rb exploit module natron (Dec 17)
- ie_unsafe_scripting.rb exploit module H D Moore (Dec 17)
- ie_unsafe_scripting.rb exploit module Joshua Smith (Dec 23)
- ie_unsafe_scripting.rb exploit module natron (Dec 17)
- ie_unsafe_scripting.rb exploit module H D Moore (Dec 16)