Metasploit mailing list archives
Re: db_autopwn problem and suggestions
From: HD Moore <hdm () metasploit com>
Date: Tue, 17 Nov 2009 21:09:21 -0600
On Wed, 2009-11-18 at 02:31 +0000, Genesys SecTI wrote:
msf > db_import_nmap_xml /root/17150.xml (it takes about 30 sec) msf > db_autopwn -p -e -m ms08_067 (In Win, freezes here. In BackTrack, take about 1 1/2 hour to start.
The cross-referencing is known to be slow for SQLite3, table joins involve seeking back and forth on opposite ends of the file for each row.
Tried with 100 hosts, using db_nmap 1.2.3.4 -p 445, it finish well, but again in db_autopwn need to wait about 8 minutes to start. It is normal? There is some way to reduce this time? I tried postgresql and sqlite3, the result is same.
Postgres is usually an order of magnitude faster at cross-referencing than SQLite3, it will be the recommended database for large jobs and it sounds like we need to investigate this a bit more. The db_autopwn code in 3.3 is much more thorough due to the autofilter* checks we added (139 and 445 for SMB bugs, etc). I added ticket #554 to track this.
2 - The db_driver mysql is not working to me. Have a message to use gem install mysql, who installed the gem, but the option db_driver mysql doesnt appears. Mysql is working fine. Using BackTrack. Could be a distro problem?
It looks like there are biggest issues with mysql support than we thought - I reproduced it opened ticket #535.
3 - There is not a issue, almost a suggestion. The option -r in db_autopwn, to connect by reverse shell assumes the local ip from the network, but sometimes is interesting to use another. e.g. want to use in other pc with multi/handler payload, or use my internet IP (65.66.67.68) instead of the local ip (10.0.0.1). Tried to use the LHOST variable but it makes not difference.
We plan to add support for this, as well as a single shared listener per OS/ARCH sometime during 3.4 development.
4 - In db_autopwn, doesnt have support to smb2_negotiate_func_index exploit? Tried in the -m option with a lot of variations in the name, and is not working.
It is specifically disabled due to reliability issues: # Not reliable enough for automation yet def autofilter false end If you remove this function from the code it will run, but likely BSoD many of the targets. Thanks for the feedback! -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- db_autopwn problem and suggestions Genesys SecTI (Nov 17)
- Re: db_autopwn problem and suggestions HD Moore (Nov 17)
- Re: db_autopwn problem and suggestions kalgecin () gmail com (Nov 17)
- Re: db_autopwn problem and suggestions HD Moore (Nov 17)
- Re: db_autopwn problem and suggestions wullie millen (Nov 19)
- Re: db_autopwn problem and suggestions Rob Fuller (Nov 19)
- Re: db_autopwn problem and suggestions wullie millen (Nov 19)
- Re: db_autopwn problem and suggestions kalgecin () gmail com (Nov 17)
- Re: db_autopwn problem and suggestions HD Moore (Nov 17)