Re: usefulness of this tool

[neil-on-metasploit at restricted.dyndns.org (Neil)]

Great! I will. 

Also, I don't want to become like a script kiddie. I have read some people's
post in this mailing list that talks about reading registers, stacks. I also
want to be like them. I know this requires knowledge in assembly. But I
would like to know how you guys find what area in the stack to put the
exploit? Is gdb the tool for this? And I had been asking myself how one is
able to create an exploit. Do you have to know how the target application
works? Just some generals questions. :) 

Awesome tool by the way. Keep it up HD. ;) 

H D Moore writes: 

> On Friday 17 September 2004 01:52, Neil wrote:
> > Another one. We have an MSSQL 2000 that is not patched too. I want to
> > test it. Which mSsql 2000 exploit should I use there? Oh btw, the
> > reason I am saying is because, I saw the new exploit codes after
> > executing msfupdate.
>
> Both of the MSSQL exploits apply to SQL Server 2000 or MSDE prior to SP3. 
> The resolution overflow uses the UDP protocol, whereas the "hello" bug 
> uses TCP. I prefer to use the resolution bug, because of the broadcast 
> and spoofability features of UDP. 
>
> Regarding your question about the output; if the exploit works, you should 
> see a command shell, if it doesn't, the handler will simply exit and 
> return back to the prompt. If the exploit you selected is not working and 
> you are 100% sure that the system is vulnerable, try the 'check' command. 
> If this command does not produce anything useful, send an email to this 
> mailing list with the details of the target system and the output of  
> "show options" from the msfconsole shell (immediately after the exploit 
> failed).  
>
> -HD