Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal)

From: rilian4 rilian4 <rilian4 () gmail com>
Date: Wed, 10 Feb 2010 14:41:12 -0800
Interesting read. I went on to read your psexec blog entries while I was
there. That led me to check out the various included lua config files for
smb-psexec. In your experimental.lua file, I found a note saying you
couldn't get fport to run for you through the script. I decided to play w/
it. I uncommented everything and changed upload to false. I manually put
fport in the system path on my target box and ran smb-psexec w/ admin creds
and your experminental config and it proceeded to dump copious amount of
output just as one would expect. Is it possible that your upload of
fport.exe is not making it into a folder that is listed in the path
variable?

By the way, nicely done on smb-psexec. There are oh so many ways this could
be useful. Consider, for example, uploading psinfo.exe from sysinternals and
running psinfo w/ argument: -h. That shows all installed hotfixes on the
box. argument -s would show all installed software on the box. -d would show
disk volume info, etc. Thanks for writing this!

Aaron


On Wed, Feb 10, 2010 at 12:57 PM, Ron <ron () skullsecurity net> wrote:


Blog about it: http://www.skullsecurity.org/blog/?p=441--
Ron Bowes


...


http://www.skullsecurity.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: