Metasploit mailing list archives

db_autopwn & NeXpose

From: John Sawyer <jsawyer () ufl edu>
Date: Wed, 2 Dec 2009 16:28:32 -0500

Great work on the new updates. I took the NeXpose plugin for a testdrive today and everything seems to be working as expected except thatdb_autopwn is not mapping the CVE-2006-3439 vulnerability to theexploit for MS06-040. I have a VM with Windows XP SP2 that isdefinitely vulnerable. I confirmed it is vulnerable by exploiting it.

Is there something I'm missing or is there a CVE name mismatch whenPWN_XREF does the lookup?


-jhs


msf > db_hosts
[*] Time: 2009-12-02 13:15:54 -0500 Host: 172.16.1.163 Status: alive OS:

msf > db_services

[*] Time: 2009-12-02 13:15:54 -0500 Service: host=172.16.1.163port=123 proto=udp state=up name=NTP[*] Time: 2009-12-02 13:15:54 -0500 Service: host=172.16.1.163port=137 proto=udp state=up name=CIFS Name Service[*] Time: 2009-12-02 13:15:54 -0500 Service: host=172.16.1.163port=139 proto=tcp state=up name=CIFS[*] Time: 2009-12-02 13:15:54 -0500 Service: host=172.16.1.163port=135 proto=tcp state=up name=DCE Endpoint Resolution[*] Time: 2009-12-02 13:15:54 -0500 Service: host=172.16.1.163port=445 proto=tcp state=up name=CIFS


msf > db_vulns

[*] Time: 2009-12-02 13:15:54 -0500 Vuln: host=172.16.1.163name=NEXPOSE-dcerpc-ms-netapi-netpathcanonicalize-dosrefs=CVE-2006-3439,NEXPOSE-dcerpc-ms-netapi-netpathcanonicalize-dos[*] Time: 2009-12-02 13:15:54 -0500 Vuln: host=172.16.1.163name=NEXPOSE-windows-hotfix-ms06-035refs=CVE-2006-1314,CVE-2006-1315,SECUNIA-21007,NEXPOSE-windows-hotfix-ms06-035[*] Time: 2009-12-02 13:15:54 -0500 Vuln: host=172.16.1.163name=NEXPOSE-cifs-nt-0001 refs=CVE-1999-0519,BID-494,URL-http://www.hsc.fr/ressources/presentations/null_sessions/,NEXPOSE-cifs-nt-0001[*] Time: 2009-12-02 13:15:54 -0500 Vuln: host=172.16.1.163name=NEXPOSE-generic-icmp-timestamp refs=CVE-1999-0524,NEXPOSE-generic-icmp-timestamp[*] Time: 2009-12-02 13:15:54 -0500 Vuln: host=172.16.1.163 port=139proto=tcp name=NEXPOSE-windows-hotfix-ms09-001refs=CVE-2008-4114,CVE-2008-4835,CVE-2008-4834,SECUNIA-31883,URL-http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm,URL-http://www.zerodayinitiative.com/advisories/ZDI-09-001/,URL-http://www.zerodayinitiative.com/advisories/ZDI-09-002/,NEXPOSE-windows-hotfix-ms09-001[*] Time: 2009-12-02 13:15:54 -0500 Vuln: host=172.16.1.163 port=445proto=tcp name=NEXPOSE-windows-hotfix-ms09-001refs=CVE-2008-4114,CVE-2008-4835,CVE-2008-4834,SECUNIA-31883,URL-http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm,URL-http://www.zerodayinitiative.com/advisories/ZDI-09-001/,URL-http://www.zerodayinitiative.com/advisories/ZDI-09-002/,NEXPOSE-windows-hotfix-ms09-001


msf > db_autopwn -t -x
[*] Analysis completed in 3.5367386341095 seconds (4 vulns / 1761 refs)
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

db_autopwn & NeXpose John Sawyer (Dec 02)
- Re: db_autopwn & NeXpose HD Moore (Dec 02)
- Re: db_autopwn & NeXpose HD Moore (Dec 02)
  - Re: db_autopwn & NeXpose John Sawyer (Dec 03)