Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service

From: Ron <ron () skullsecurity net>
Date: Mon, 31 May 2010 12:51:36 -0500
On Mon, 31 May 2010 19:30:04 +0200 Dražen Popović
<drazen.popovic () fer hr> wrote:

@Ron A very cool idea! =) Have you considered making a little NSE
exploiting framework? Nothing too fancy, just simple as connect-back
shellcodes and such.

I'd leave the "connect-back shellcode" and similar to Metasploit, especially because those are going to be unreliable 
thanks to Firewalls and such. 

I'd like to find a way to do this, maybe in a somewhat generic way, but that doesn't require an extra connection or 
anything like that. There has to be some variable in memory that we can predict and change in a reliable way, or maybe 
find/use the socket to send back a validation, or something else?

I don't know.. this is going to get complicated and dangerous. :)



Regards,
Dražen.

P.S. Vulnerable WinXP testing pending...

-- 
Laboratory for Systems and Signals
Department of Electronic Systems and Information Processing
Faculty of Electrical Engineering and Computing
University of Zagreb

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86

Attachment: _bin
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: