Metasploit mailing list archives
(no subject)
From: komseh at gmail.com (Nelson)
Date: Thu, 22 Jan 2009 23:19:51 -0600
I'm pretty sure "vulnerability scanning" is outside of the scope of what msf is meant for. Although recently I had to perform a remote internal pentest in a very limited amount of time on a machine with RH8 / kernel 2.4.18 and whatever glibc is included with that piece. I download two tools including dependencies: msf-trunk and nmap-4.76. I was able to use these tools to covertly discover an ftp server allowing anonymous access, an mssql server with sa password=sa, and one XP system vulnerable to 08-067 with domain access. I used the msf auxiliary\anonymous FTP scanner to connect to one live IP every 10 seconds. If I was a real attacker this place would have been screwed just on the anonymous FTP considering that all of their customer account info was stored there. After that I used the msf auxiliary\mssql login scanner in the same way, except after failing with the blank password I modified the script to try for sa/sa. After this I went and downloaded sqlat and freetds so I could create an account to upload meterpreter.(does anyone else know of a tool to do this from linux?) After discovering all of the XP systems on the network I just started running the 08-067 exploit against them since this exploit is fairly safe against XP. I eventually found one vulnerable system that was a remote PC for a vendor and also happened to be joined to the domain. In and out with a heap of sensitive information and permanent network access in less than 1.5 hours. I was also able to bypass their IDS by limiting connections frequency and using obfuscation options during exploitation. In essence, msf can definitely be used for some light vulnerability discovery. I didn't have to touch nmap or a vuln scanner during this pentest. You probably want Core Impact :) On Thu, Jan 22, 2009 at 10:17 PM, kalgecin at gmail.com <kalgecin at gmail.com> wrote:
Just meant to ask if the framework has a vulnerability scanner or if it's going to implement one. It would be nice if you could scan a host and see that you have an exploit for it _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
Current thread:
- (no subject) kalgecin at gmail.com (Jan 22)
- (no subject) Nelson (Jan 22)
- (no subject) kalgecin at gmail.com (Jan 22)
- (no subject) webDEViL (Jan 22)
- (no subject) H D Moore (Jan 22)
- (no subject) kalgecin at gmail.com (Jan 23)
- (no subject) H D Moore (Jan 23)
- (no subject) kalgecin at gmail.com (Jan 22)
- (no subject) Nelson (Jan 22)
- <Possible follow-ups>
- (no subject) Irfan Akbar (Mar 13)