Metasploit: Sending exploits to different networks.

**drowningsucks** · 11-27-2009, 03:36 AM

Hey guys,

This is my first time posting I believe. I'm a senior in highschool on my way to take network security at UAT in Tempe, AZ. I've been trying to get to know metasploit and it was a little daunting at first.

The situation is this: I have successfully exploited some of my own Win2K machines with the MS03-26 vulnerability. I have a friends permission to test on his system. I have been trying the browser_autopwn and other internet explorer exploits to no avail. I have them connect to my public IP address and my server recognizes it but always hangs on the Sending (exploit name). Then I tried it on my own computer just to check if it was an issue with his end and it still won't work.

**thorin** · 11-27-2009, 03:36 PM

Are the browsers you're attempting to exploit affected by the vulnerability in question or have they been patched?

**drowningsucks** · 11-27-2009, 04:45 PM

I have tried it on multiple versions of IE including five six and seven but it is a possibility. Does anyone have the full version name for an IE that is vulnerable to say the COM CreateObject Code Execution so I can download it and give it a go?

**Archangel-Amael** · 11-27-2009, 04:54 PM

Originally Posted by drowningsucks

I have tried it on multiple versions of IE including five six and seven but it is a possibility. Does anyone have the full version name for an IE that is vulnerable to say the COM CreateObject Code Execution so I can download it and give it a go?

Why not use a different exploit/ vulnerability with one of your older browsers?

It would also be a good time to start learning how those exploits/vulnerabilities work.

**drowningsucks** · 11-27-2009, 04:57 PM

Originally Posted by archangel.amael

Why not use a different exploit/ vulnerability with one of your older browsers?

It would also be a good time to start learning how those exploits/vulnerabilities work.

Shouldn't autopwn nab my older IE 6 browser then?

Is it necessary to have both LHOST and SRVHOST set to the same private IP when both are listed?

**spawn** · 11-27-2009, 08:22 PM

Originally Posted by drowningsucks

Shouldn't autopwn nab my older IE 6 browser then?

Is it necessary to have both LHOST and SRVHOST set to the same private IP when both are listed?

no, SRVHOST can be default but LHOST you must set it

start by installing a different versions of windows in a virtual machine
without updates and test it with metasploit.

**BigMac** · 12-16-2009, 07:09 AM

Originally Posted by spawn

no, SRVHOST can be default but LHOST you must set it

start by installing a different versions of windows in a virtual machine
without updates and test it with metasploit.

with a fresh install of windows 2000 (no updates) you can get like 10 exploits to work... you can test fast-track to make things easer... ( learn how to use nmap via command line)

nmap -PN -p 135,139,445
try that nmap scan with fast track on a windows 2000 box

BackTrack Linux - Penetration Testing Distribution

Thread: Metasploit: Sending exploits to different networks.

Thread Tools

Search Thread

Display

Metasploit: Sending exploits to different networks.

Posting Permissions