Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: db_autopwn problem and suggestions

From: HD Moore <hdm () metasploit com>
Date: Tue, 17 Nov 2009 21:09:21 -0600
On Wed, 2009-11-18 at 02:31 +0000, Genesys SecTI wrote:

msf > db_import_nmap_xml /root/17150.xml (it takes about 30 sec)
msf > db_autopwn -p -e -m ms08_067 (In Win, freezes here. In
BackTrack, take about 1 1/2 hour to start.


The cross-referencing is known to be slow for SQLite3, table joins
involve seeking back and forth on opposite ends of the file for each
row.


Tried with 100 hosts, using db_nmap 1.2.3.4 -p 445, it finish well,
but again in db_autopwn need to wait about 8 minutes to start. 
It is normal? There is some way to reduce this time? I tried
postgresql and sqlite3, the result is same.


Postgres is usually an order of magnitude faster at cross-referencing
than SQLite3, it will be the recommended database for large jobs and it
sounds like we need to investigate this a bit more. The db_autopwn code
in 3.3 is much more thorough due to the autofilter* checks we added (139
and 445 for SMB bugs, etc). I added ticket #554 to track this.



2 - The db_driver mysql is not working to me. Have a message to use
gem install mysql, who installed the gem, but the option db_driver
mysql doesnt appears. Mysql is working fine. Using BackTrack. Could be
a distro problem?


It looks like there are biggest issues with mysql support than we
thought - I reproduced it opened ticket #535.


3 - There is not a issue, almost a suggestion. The option -r in
db_autopwn, to connect by reverse shell assumes the local ip from the
network, but sometimes is interesting to use another. e.g. want to use
in other pc with multi/handler payload, or use my internet IP
(65.66.67.68) instead of the local ip (10.0.0.1). Tried to use the
LHOST variable but it makes not difference. 


We plan to add support for this, as well as a single shared listener per
OS/ARCH sometime during 3.4 development.


4 - In db_autopwn, doesnt have support to smb2_negotiate_func_index
exploit? Tried in the -m option with a lot of variations in the name,
and is not working. 


It is specifically disabled due to reliability issues:

# Not reliable enough for automation yet
def autofilter
        false
end

If you remove this function from the code it will run, but likely BSoD
many of the targets. Thanks for the feedback!

-HD

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: