Nmap Development mailing list archives
Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal)
From: Ron <ron () skullsecurity net>
Date: Wed, 10 Feb 2010 17:50:08 -0600
On Wed, 10 Feb 2010 14:41:12 -0800 rilian4 rilian4 <rilian4 () gmail com> wrote:
Interesting read. I went on to read your psexec blog entries while I was there. That led me to check out the various included lua config files for smb-psexec. In your experimental.lua file, I found a note saying you couldn't get fport to run for you through the script. I decided to play w/ it. I uncommented everything and changed upload to false. I manually put fport in the system path on my target box and ran smb-psexec w/ admin creds and your experminental config and it proceeded to dump copious amount of output just as one would expect. Is it possible that your upload of fport.exe is not making it into a folder that is listed in the path variable?
Thanks for the comments!
By the way, nicely done on smb-psexec. There are oh so many ways this could be useful. Consider, for example, uploading psinfo.exe from sysinternals and running psinfo w/ argument: -h. That shows all installed hotfixes on the box. argument -s would show all installed software on the box. -d would show disk volume info, etc. Thanks for writing this!
Hmm, if psexec can get that information, I can probably get it remotely a better way, too. Interesting idea! :)
Aaron On Wed, Feb 10, 2010 at 12:57 PM, Ron <ron () skullsecurity net> wrote:Blog about it: http://www.skullsecurity.org/blog/?p=441-- Ron Bowes...http://www.skullsecurity.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- Ron Bowes http://www.skullsecurity.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal), (continued)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) Ron (Feb 10)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) David Fifield (Feb 12)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) Ron (Feb 12)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) Fyodor (Feb 15)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) Ron (Feb 15)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) David Fifield (Feb 15)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) Richard Miles (Feb 17)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) Richard Miles (Mar 04)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) David Fifield (Feb 12)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) Ron (Feb 10)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) rilian4 rilian4 (Feb 10)
- Re: [NSE] detector/exploit for CVE-2009-3733 (VMWare Path Traversal) Ron (Feb 10)