Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service

[Ron <ron () skullsecurity net>]

On Sat, 29 May 2010 04:24:22 +0200 Dražen Popović
<drazen.popovic () fer hr> wrote:
> Yes, two actually. One is more complicated than the other but they
> both target the same vulnerability.
>
> modules/exploit/windows/smb/ms06_025_rras.rb
>
> Regards,
> Dražen.
Does Metasploit require authentication?

If not, can the Metasploit module be adapted, with the correct shellcode, to serving as a scanner? My understanding is 
that Nessus, when it is unable to check for a patch stably, will run an actual exploit that sets a certain variable 
that it can access to a key value, then checks that value. 

If that's something that's do-able, and you just need the proper shellcode, let me know -- I like writing shellcode. :)

We should maybe consider something like that for MS08-067, too -- our current check sucks because it still breaks 
stuff. 

-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86

Attachment: _bin
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/