Metasploit mailing list archives

Access vulnerabilities

From: Julião Barbin <juliobarbin () hotmail com>
Date: Wed, 19 Jan 2011 16:12:04 -0200


Good evening
 friends,

 I 
ran nessus on my server database and
 found
 three
 vulnerabilities

 high

 -
 MySQL
 <3:23:59 / 4.0.21 Multiple Vulnerabilities
 CVE-2004-0835, CVE-2004-0837

 -
 Samba
 NDR
 MS-RPC Request
 Heap-Based
 Buffer
 Overflow
 Remote

 CVE-2007-2446

 PostgreSQL-Unpassworded
 Default
 Account
 -
 CVE-1999-0508

 , 
So before you correct them, I would
 do
 a
 penetration
 test ... when I enter the site
 http://www.metasploit.com/framework/search
 to
 look for vulnerabilities CVE BID
 or
 above, shows 
only have to type commands like:

 msf>
 use
 auxiliary
 / 
dos / samba / lsa_addprivs_heap

 msf
 auxiliary
 (lsa_addprivs_heap)> set rhost [TARGET
 IP]

 msf
 auxiliary
 (lsa_addprivs_heap)> run

 then
 I 
execute the run command, shows that:


 msf
 auxiliary
 (snmp_login)> run

 [*] Scanned
 hosts
 1 
of 1 (100% complete)

 [*] Auxiliary module execution
 completed


 and
 then? how do I
 access
 the
 vulnerabilities?

 thanks

Julio C. Barbin

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

doubts on the procedures of controls Julião Barbin (Jan 18)
- Access vulnerabilities Julião Barbin (Jan 19)
  - Re: Access vulnerabilities Antonio H. (Jan 19)