Penetration Testing mailing list archives
FW: Pen Test help
From: "Juda Barnes" <securityfocus () mymail pent900 com>
Date: Mon, 18 Jul 2005 22:29:54 +0200
Win32_reverse will use the exploit and then will bind command.com reverse to attacker ip address or any other specific ip address (the server will establish the connection to the attacker) Win32_bind will use the exploit and then will bind FREE LOCAL port on the server therefor the attacker have to establish connection to the server, * in case the server is firewalled to that specific port than even if the bind was sucessful you will not be able to get shell because the firewall will drop the packages HD as I forgot to mention the 53/tcp port is unused therefor if the exploit were work than I was able to get into the machine Anyway it looks nessus results and false because I am unable to use that exploit Any other ideas ??? thanks -----Original Message----- From: Stephane Auger [mailto:sauger () pre2post com] Sent: Monday, July 18, 2005 3:33 PM To: pen-test () securityfocus com Subject: RE: Pen Test help What does win32_reverse and win32_bind do, anyway? -----Original Message----- From: H D Moore [mailto:sflist () digitaloffense net] Sent: July 17, 2005 11:35 PM To: pen-test () securityfocus com Subject: Re: Pen Test help On Sunday 17 July 2005 14:32, Juda Barnes wrote:
Anyway the machine have 53/tcp open port so if I will have the right exploit I will be able to bind to 53 the shell
That won't work. To bind on top of another service under Windows you have to specify the local address in the bind() call. The metasploit win32_bind payloads do not do this, so it will end up binding a shell to some random TCP port instead. Your best bet is to put your attacking system outside of a firewall and use the win32_reverse payloads instead (25, 80, 443, etc).
msf iis50_webdav_ntdll(win32_exec) > check [*] Server does not appear to be vulnerable Well I tried most of the framework exploits none of them work.
Are you sure that the system is vulnerable to anything? The metasploit check seems to disagree with the Nessus scan results, are you using an older version of Nessus? -HD
Current thread:
- Pen Test help Juda Barnes (Jul 14)
- <Possible follow-ups>
- RE: Pen Test help er t (Jul 15)
- RE: Pen Test help Juda Barnes (Jul 16)
- Re: Pen Test help H D Moore (Jul 16)
- RE: Pen Test help Juda Barnes (Jul 17)
- Re: Pen Test help H D Moore (Jul 18)
- RE: Pen Test help Juda Barnes (Jul 16)
- Re: Pen Test help H D Moore (Jul 18)