Penetration Testing mailing list archives

FW: Pen Test help

From: "Juda Barnes" <securityfocus () mymail pent900 com>
Date: Mon, 18 Jul 2005 22:29:54 +0200

Win32_reverse    will use the exploit           and  then will   bind
command.com        reverse to attacker ip address or
                any other specific ip address        (the server will
establish the connection to the attacker)


Win32_bind     will use the exploit              and then will  bind  FREE
LOCAL port on the server     therefor the attacker
                                        have to establish connection to the
server,        

        
                                * in case the server is firewalled to that
specific port than      even if the bind was sucessful  you will
                                   not be able to get shell because the
firewall will drop the packages


HD   as I forgot to mention   the 53/tcp port   is unused therefor if the
exploit were work than I was able to get into the machine


Anyway it looks nessus results and false    because I am unable to use that
exploit

Any other ideas ???

thanks   

-----Original Message-----
From: Stephane Auger [mailto:sauger () pre2post com] 
Sent: Monday, July 18, 2005 3:33 PM
To: pen-test () securityfocus com
Subject: RE: Pen Test help

What does win32_reverse and win32_bind do, anyway?


-----Original Message-----
From: H D Moore [mailto:sflist () digitaloffense net]
Sent: July 17, 2005 11:35 PM
To: pen-test () securityfocus com
Subject: Re: Pen Test help

On Sunday 17 July 2005 14:32, Juda Barnes wrote:

 Anyway   the machine have 53/tcp  open port   so if I will have the
right exploit I will be able to bind to 53 the shell


That won't work. To bind on top of another service under Windows you have to
specify the local address in the bind() call. The metasploit win32_bind
payloads do not do this, so it will end up binding a shell to

some random TCP port instead.

Your best bet is to put your attacking system outside of a firewall and use
the win32_reverse payloads instead (25, 80, 443, etc).

msf iis50_webdav_ntdll(win32_exec) > check [*] Server does not appear 
to be vulnerable Well I tried most of the framework exploits none of 
them work.

Are you sure that the system is vulnerable to anything? The metasploit check
seems to disagree with the Nessus scan results, are you using an older
version of Nessus?

-HD

Current thread:

Pen Test help Juda Barnes (Jul 14)
- <Possible follow-ups>
- RE: Pen Test help er t (Jul 15)
  - RE: Pen Test help Juda Barnes (Jul 16)
    - Re: Pen Test help H D Moore (Jul 16)
    - RE: Pen Test help Juda Barnes (Jul 17)
    - Re: Pen Test help H D Moore (Jul 18)
- RE: Pen Test help Stephane Auger (Jul 18)
  - Re: Pen Test help H D Moore (Jul 18)
- FW: Pen Test help Juda Barnes (Jul 18)
- RE: Pen Test help Stephane Auger (Jul 18)
- RE: Pen Test help Roberts, Scott (Jul 18)