I belive that sp2 fixed the rpc vunerability. in anycase it was fixed a long time ago. the security focus web site lists all vunerabilities with the date of disclosure and whether it has been patched or not.Originally Posted by mia_tech
Microsoft RPC DCOM....
playing around with Metasploit I've come to realize that the Microsoft RPC DCOM-->Win32_reverse doesn't work on a patch winxp sp2 machine....has any body tryied any good exploit from Metasploite specially RPC on a sp2 machine?
thanks in advance...
I belive that sp2 fixed the rpc vunerability. in anycase it was fixed a long time ago. the security focus web site lists all vunerabilities with the date of disclosure and whether it has been patched or not.
after checking for a given vulnerability with securityfocus...I have a question some of the exploits come as a perl other as C and other as .zip file how would you go about running a perl or C exploit aginst a vulnerable machine?
thanks in advance...
Purehate did a tutorial on that, you should be able to find it easily.
after searchin the tuts area...found some on how to use metasploit, I know how to launch an attach using metasploit what I didn't find was how to get new exploit in .pl or .C to work with metasploit if possible....ofcourse without using the -u /update option in metasploit,, don't know if this is possible.
Hmmmm you tried to use an exploit that is how many years old on a fully patched and up-to-date machine and you're suprised it didn't work?
Try doing some recon first to establish what you should be testing before wasting your time.
Just drop it in the appropriate directory.after searchin the tuts area...found some on how to use metasploit, I know how to launch an attach using metasploit what I didn't find was how to get new exploit in .pl or .C to work with metasploit if possible....ofcourse without using the -u /update option in metasploit,, don't know if this is possible.
You can also specify the path to a specific exploit via the commandline, I don't remember the details off the top of my head but I know I've done it before. Try google'ing "metasploit commandline" or "meterpreter commandline" or something logical like that.
I swear this is the last time I'm going to type this out. If you are to inept to use the search fuction you have no business using a exploit that could potentially damage a machine.
to compile a C exploit
you must be in the directory for it to work
cd /pentest/exploits/milw0rm/rports/445
the c compiler included in bt is called gcc. so if our exploit is 336. I'm making this of the top of my head because I'm working on the road and I'm on my phone.any way...
gcc -c 336.c
next
gcc 336.o -o 336
this will end you up with a .exe file in the same directory. now WITHOUT leaving the directory simply type 336 and the exploit will run. now here is the important note. about half the milworm exploits will not run because they have errors in the file. I belive the coders do this so script kiddies have to do some real coding to work through the errors.so if you find a exploit that has error I will help you work through it in the hopes that if we post our errors and our progress it will help others.
well Im doint this against vmware machines I have......and I'm doing it for learning proposes, I wanted to ask this method you just explain works the same with .pl files......and I notice that in the security focus website once you find an exploit the code would be generated for you at least that's what happened to me with a given perl exploit......I guess in that case you just copy and paste the .pl program to the metasploit directory and run the program from there.....
please correct me if I'm wrong
thanks in advance
__________________________
Like I said earlier
All of that info is in there.
also I notice that most of the exploits in the /pentest/framework3 or 2 have the .rb extension I'm assuming is for ruby....once I have selected a source code for a new exploit and compile should I drop it on the framework3 directory? and where b/c in that directory there are two files that seem to have exploits in them the /exploits and the /modules directory they both contain .rb files or it doesn't matter......
any input appreciated
Posting Permissions