While running Fast Track in the "interactive" mode against an unpatched Win2K server, I can see where it has opened up a Meterpreter session and it continues on with other exploits. Is there a way to find out which "exploit" was used to gain that session?
Here is a clip of what I see on the screen.
(40/208 [0 sessions]): Launching exploit/windows/http/apache_modjk_overflow against 10.0.1.42:80...[*] Meterpreter session 1 opened (10.0.1.36:39953 -> 10.0.1.42:28682)
(57/208 [1 sessions]): Launching exploit/windows/smb/ms03_049_netapi against 10.0.1.42:139...[*] Job limit reached, waiting on modules to finish...[*] Meterpreter session 2 opened (10.0.1.36:36443 -> 10.0.1.42:27518)
Thanks for the insight
To answer my own question: Let it finish running and it will give the sessions and the exploits that were used. I was being a little impatient so as to move on to the next step. I lso thought there might have been an issue with the application. My bad.
Last edited by Marcinko; 01-31-2010 at 07:08 AM.