Metasploit mailing list archives
Re: db_autopwn & NeXpose
From: HD Moore <hdm () metasploit com>
Date: Wed, 02 Dec 2009 17:31:24 -0600
Hi John, I identified the problem - the issue is that db_autopwn doesn't launch modules when there is no corresponding service. We assumed that the patch checks in NeXpose would attach the references to ports 139/445, but that wasn't the case. I have this fixed, but am fixing up a few other enhancements before committing it to the tree. Thanks for the report and the writeup on DarkReading! -HD On Wed, 2009-12-02 at 16:28 -0500, John Sawyer wrote:
Great work on the new updates. I took the NeXpose plugin for a test drive today and everything seems to be working as expected except that db_autopwn is not mapping the CVE-2006-3439 vulnerability to the exploit for MS06-040. I have a VM with Windows XP SP2 that is definitely vulnerable. I confirmed it is vulnerable by exploiting it. Is there something I'm missing or is there a CVE name mismatch when PWN_XREF does the lookup?
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- db_autopwn & NeXpose John Sawyer (Dec 02)
- Re: db_autopwn & NeXpose HD Moore (Dec 02)
- Re: db_autopwn & NeXpose HD Moore (Dec 02)
- Re: db_autopwn & NeXpose John Sawyer (Dec 03)