From: Stephane Auger (sauger@pre2post.com)
Date: Mon Jul 18 2005 - 09:32:42 EDT
What does win32_reverse and win32_bind do, anyway?
-----Original Message-----
From: H D Moore [mailto:sflist@digitaloffense.net]
Sent: July 17, 2005 11:35 PM
To: pen-test@securityfocus.com
Subject: Re: Pen Test help
On Sunday 17 July 2005 14:32, Juda Barnes wrote:
> Anyway the machine have 53/tcp open port so if I will have the
> right exploit I will be able to bind to 53 the shell
That won't work. To bind on top of another service under Windows you
have
to specify the local address in the bind() call. The metasploit
win32_bind payloads do not do this, so it will end up binding a shell to
some random TCP port instead.
Your best bet is to put your attacking system outside of a firewall and
use the win32_reverse payloads instead (25, 80, 443, etc).
> msf iis50_webdav_ntdll(win32_exec) > check
> [*] Server does not appear to be vulnerable
> Well I tried most of the framework exploits none of them work.
Are you sure that the system is vulnerable to anything? The metasploit
check seems to disagree with the Nessus scan results, are you using an
older version of Nessus?
-HD
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:35 EDT