Metasploit mailing list archives
(no subject)
From: w3bd3vil at gmail.com (webDEViL)
Date: Fri, 23 Jan 2009 12:50:57 +0530
db_autopwn is probably the closest thing to vulnerability scanning, isnt it? Although it would be limited to the exploits found in Metasploit. On Fri, Jan 23, 2009 at 12:01 PM, kalgecin at gmail.com <kalgecin at gmail.com>wrote:
If there's a way to see all the exploits available on the framework, it's possible to create a script to run nmap with version detection, list the versions and compare them to the exploits to see if one is available On 1/23/09, Nelson <komseh at gmail.com> wrote:I'm pretty sure "vulnerability scanning" is outside of the scope of whatmsfis meant for. Although recently I had to perform a remote internal pentest in a very limited amount of time on a machine with RH8 / kernel 2.4.18 and whatever glibc is included with that piece. I download two tools including dependencies: msf-trunk and nmap-4.76. I was able to use these tools to covertly discover an ftp server allowing anonymous access, an mssql server with sa password=sa, and one XP system vulnerable to 08-067 with domain access. I used the msf auxiliary\anonymous FTP scanner to connect to one live IP every 10 seconds. If I was a real attacker this place would have been screwed just on the anonymous FTP considering that all of their customer account info was stored there. After that I used the msf auxiliary\mssql login scanner in the same way, except after failing with the blank password I modified the script to try for sa/sa. After this I went and downloaded sqlat and freetds so I could create an account to upload meterpreter.(does anyone else know of a tool to do this from linux?) After discovering all of the XP systems on the network I just started running the 08-067 exploit against them since this exploit is fairly safe against XP. I eventually found one vulnerable system that was a remote PC for a vendor and also happened to be joined to the domain. In and out with a heap of sensitive information and permanent network access in less than 1.5 hours. I was also able to bypass their IDS by limiting connections frequency and using obfuscation options during exploitation. In essence, msf can definitely be used for some light vulnerability discovery. I didn't have to touch nmap or a vuln scanner during this pentest. You probably want Core Impact :) On Thu, Jan 22, 2009 at 10:17 PM, kalgecin at gmail.com <kalgecin at gmail.com wrote:Just meant to ask if the framework has a vulnerability scanner or if it's going to implement one. It would be nice if you could scan a host and see that you have an exploit for it _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework_______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework_______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090123/36fa0c33/attachment.htm>
Current thread:
- (no subject) kalgecin at gmail.com (Jan 22)
- (no subject) Nelson (Jan 22)
- (no subject) kalgecin at gmail.com (Jan 22)
- (no subject) webDEViL (Jan 22)
- (no subject) H D Moore (Jan 22)
- (no subject) kalgecin at gmail.com (Jan 23)
- (no subject) H D Moore (Jan 23)
- (no subject) kalgecin at gmail.com (Jan 22)
- (no subject) Nelson (Jan 22)
- <Possible follow-ups>
- (no subject) Irfan Akbar (Mar 13)