Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: db_autopwn & NeXpose

From: HD Moore <hdm () metasploit com>
Date: Wed, 02 Dec 2009 17:31:24 -0600
Hi John,

I identified the problem - the issue is that db_autopwn doesn't launch
modules when there is no corresponding service. We assumed that the
patch checks in NeXpose would attach the references to ports 139/445,
but that wasn't the case. I have this fixed, but am fixing up a few
other enhancements before committing it to the tree. Thanks for the
report and the writeup on DarkReading!

-HD


On Wed, 2009-12-02 at 16:28 -0500, John Sawyer wrote:

Great work on the new updates. I took the NeXpose plugin for a test  
drive today and everything seems to be working as expected except that  
db_autopwn is not mapping the CVE-2006-3439 vulnerability to the  
exploit for MS06-040. I have a VM with Windows XP SP2 that is  
definitely vulnerable. I confirmed it is vulnerable by exploiting it.

Is there something I'm missing or is there a CVE name mismatch when  
PWN_XREF does the lookup?








_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: