Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Microsoft RPC DCOM....

  1. #1
    Member
    Join Date
    Sep 2007
    Posts
    58

    Default Microsoft RPC DCOM....

    playing around with Metasploit I've come to realize that the Microsoft RPC DCOM-->Win32_reverse doesn't work on a patch winxp sp2 machine....has any body tryied any good exploit from Metasploite specially RPC on a sp2 machine?

    thanks in advance...

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Quote Originally Posted by mia_tech View Post
    playing around with Metasploit I've come to realize that the Microsoft RPC DCOM-->Win32_reverse doesn't work on a patch winxp sp2 machine....has any body tryied any good exploit from Metasploite specially RPC on a sp2 machine?

    thanks in advance...
    I belive that sp2 fixed the rpc vunerability. in anycase it was fixed a long time ago. the security focus web site lists all vunerabilities with the date of disclosure and whether it has been patched or not.

  3. #3
    Member
    Join Date
    Sep 2007
    Posts
    58

    Default

    Quote Originally Posted by purehate View Post
    I belive that sp2 fixed the rpc vunerability. in anycase it was fixed a long time ago. the security focus web site lists all vunerabilities with the date of disclosure and whether it has been patched or not.
    after checking for a given vulnerability with securityfocus...I have a question some of the exploits come as a perl other as C and other as .zip file how would you go about running a perl or C exploit aginst a vulnerable machine?

    thanks in advance...

  4. #4
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by mia_tech View Post
    after checking for a given vulnerability with securityfocus...I have a question some of the exploits come as a perl other as C and other as .zip file how would you go about running a perl or C exploit aginst a vulnerable machine?

    thanks in advance...
    Purehate did a tutorial on that, you should be able to find it easily.

  5. #5
    Member
    Join Date
    Sep 2007
    Posts
    58

    Default

    Quote Originally Posted by balding_parrot View Post
    Purehate did a tutorial on that, you should be able to find it easily.
    after searchin the tuts area...found some on how to use metasploit, I know how to launch an attach using metasploit what I didn't find was how to get new exploit in .pl or .C to work with metasploit if possible....ofcourse without using the -u /update option in metasploit,, don't know if this is possible.

  6. #6
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by mia_tech View Post
    playing around with Metasploit I've come to realize that the Microsoft RPC DCOM-->Win32_reverse doesn't work on a patch winxp sp2 machine....has any body tryied any good exploit from Metasploite specially RPC on a sp2 machine?

    thanks in advance...
    Hmmmm you tried to use an exploit that is how many years old on a fully patched and up-to-date machine and you're suprised it didn't work?

    Try doing some recon first to establish what you should be testing before wasting your time.

    after searchin the tuts area...found some on how to use metasploit, I know how to launch an attach using metasploit what I didn't find was how to get new exploit in .pl or .C to work with metasploit if possible....ofcourse without using the -u /update option in metasploit,, don't know if this is possible.
    Just drop it in the appropriate directory.

    You can also specify the path to a specific exploit via the commandline, I don't remember the details off the top of my head but I know I've done it before. Try google'ing "metasploit commandline" or "meterpreter commandline" or something logical like that.

  7. #7
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    I swear this is the last time I'm going to type this out. If you are to inept to use the search fuction you have no business using a exploit that could potentially damage a machine.

    to compile a C exploit

    you must be in the directory for it to work

    cd /pentest/exploits/milw0rm/rports/445

    the c compiler included in bt is called gcc. so if our exploit is 336. I'm making this of the top of my head because I'm working on the road and I'm on my phone.any way...

    gcc -c 336.c

    next

    gcc 336.o -o 336

    this will end you up with a .exe file in the same directory. now WITHOUT leaving the directory simply type 336 and the exploit will run. now here is the important note. about half the milworm exploits will not run because they have errors in the file. I belive the coders do this so script kiddies have to do some real coding to work through the errors.so if you find a exploit that has error I will help you work through it in the hopes that if we post our errors and our progress it will help others.

  8. #8
    Member
    Join Date
    Sep 2007
    Posts
    58

    Default

    well Im doint this against vmware machines I have......and I'm doing it for learning proposes, I wanted to ask this method you just explain works the same with .pl files......and I notice that in the security focus website once you find an exploit the code would be generated for you at least that's what happened to me with a given perl exploit......I guess in that case you just copy and paste the .pl program to the metasploit directory and run the program from there.....
    please correct me if I'm wrong

    thanks in advance
    __________________________

  9. #9
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by mia_tech View Post
    well Im doint this against vmware machines I have......and I'm doing it for learning proposes, I wanted to ask this method you just explain works the same with .pl files......and I notice that in the security focus website once you find an exploit the code would be generated for you at least that's what happened to me with a given perl exploit......I guess in that case you just copy and paste the .pl program to the metasploit directory and run the program from there.....
    please correct me if I'm wrong

    thanks in advance
    __________________________
    Like I said earlier

    Quote Originally Posted by balding_parrot View Post
    Purehate did a tutorial on that, you should be able to find it easily.
    All of that info is in there.

  10. #10
    Member
    Join Date
    Sep 2007
    Posts
    58

    Default

    also I notice that most of the exploits in the /pentest/framework3 or 2 have the .rb extension I'm assuming is for ruby....once I have selected a source code for a new exploit and compile should I drop it on the framework3 directory? and where b/c in that directory there are two files that seem to have exploits in them the /exploits and the /modules directory they both contain .rb files or it doesn't matter......
    any input appreciated

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •