Anyone know of a program (and v. number) with known vulnerabilities?

[unlazyfree]

I want to load a vulnerable program on my desktop, and run metasploit on my laptop against it. I gotta learn what to look for in a successful exploit somehow, and this would also be some nice legal practice for metasploit.

whatever program that's vulnerable you know about, or maybe something that has trialware is fine.

Any help is appreciated

[.lonewolf]

I want to load a vulnerable program on my desktop, and run metasploit on my laptop against it. I gotta learn what to look for in a successful exploit somehow, and this would also be some nice legal practice for metasploit.

whatever program that's vulnerable you know about, or maybe something that has trialware is fine.

Any help is appreciated

I don't know, maybe internet explorer, outlook or some msshit. depending on what you mean by vulnerable.

[unlazyfree]

I don't know, maybe internet explorer, outlook or some msshit. depending on what you mean by vulnerable.

basically when I run autopwn against my desktop, I want it to create a command shell. Or of you know of a specific program or whatever that'll spawn a vnc viewer or something (I've never had the opportunuty to play around with the vnc exploits) I wouldn't mind knowing

[Andy90]

I don't know, maybe internet explorer, outlook or some msshit. depending on what you mean by vulnerable.

That mean that SMIME is vulnerable? (or you referring to no encryption?) Been trying to get info for this for a presentation thing at work but found nothing

[duwey96]

I believe Metasploit tells you what programs/versions each vulnerability has been tested on to ensure it is working. So you could just read the description of the vulnerability and use the program/version they tell you on your computer.

for example: see the description below
"Description: This module exploits a buffer overflow in RealVNC 3.3.7"

Code:

Name: RealVNC 3.3.7 Client Buffer Overflow 
Version: 3818 
Targeting: win32, winxp, win2000, win2003 / x86 
Privileges: No 
Author: y0 [at] w00t-shell.net 
Disclosed: Jan 29 2001 
Targets: 
0 - Windows 2000 SP4 English 
1 - Windows XP SP2 English 
2 - Windows 2003 SP1 English 
 
Options: 
VNCPORT - The local VNC listener port 
VNCSERVER - The local VNC listener host 
 
Payload Info: 
Room for 500 bytes of payload 
Restricted bytes: 0x00  
 
Description: This module exploits a buffer overflow in RealVNC 3.3.7 (vncviewer.exe).

OR: "This issue is known to affect AOL Instant Messenger 5.5. "

Code:

Exploit Module: aim_goaway
 
Name: AOL Instant Messenger goaway Overflow 
Version: 3818 
Targeting: win32, win2000, winxp, win2003 / x86 
Privileges: No 
Authors: 
skape <mmiller [at] hick.org> 
thief <thief [at] uninformed.org> 
 
Disclosed: Aug 9 2004 
Targets: 
0 - Automatic 
1 - Windows XP SP0 
 
Options: 
HTTPHOST - The local HTTP listener host 
HTTPPORT - The local HTTP listener port 
 
Payload Info: 
Room for 1014 bytes of payload 
Restricted bytes: 0x00 0x09 0x0a 0x0d 0x20 0x22 0x25 0x26 0x27 0x2b 0x2f 0x3a 0x3c 0x3e 0x3f 0x40  
 
Description: This module exploits a flaw in the handling of AOL Instant Messenger's 'goaway' URI handler. An attacker can execute arbitrary code by supplying a overly sized buffer as the 'message' parameter. This issue is known to affect AOL Instant Messenger 5.5. 
References:   
http://www.osvdb.org/8398 
http://www.milw0rm.com/metasploit/3 
http://www.idefense.com/application/poi/display?id=121&type=vulnerabilities

[unlazyfree]

I'll be damned. I never thought to look at the exploit code itself



Although, I do have another question, is every exploit that's on milw0rm's site downloaded to my computer when I update? The reason I ask is because I found an exploit I could use on milw0rm's site, however when I look for it (or something even close to it) when I show exploits on metasploit, I don't see it.
I also downloaded the exploit seperately and I'm pretty sure I placed it in the correct folder, does something need to be done to the individual files?

[KMDave]

I'll be damned. I never thought to look at the exploit code itself



Although, I do have another question, is every exploit that's on milw0rm's site downloaded to my computer when I update? The reason I ask is because I found an exploit I could use on milw0rm's site, however when I look for it (or something even close to it) when I show exploits on metasploit, I don't see it.
I also downloaded the exploit seperately and I'm pretty sure I placed it in the correct folder, does something need to be done to the individual files?

Milw0rm doesn't have Metasploit exploit modules.

On what I read from your both posts, I would suggest you to learn the basics and understandings behind all that. There is much more involved than throwing the autopwn feature of Metasploit against a machine and wait if something happens.

[cyberconsole]

basically when I run autopwn against my desktop, I want it to create a command shell. Or of you know of a specific program or whatever that'll spawn a vnc viewer or something (I've never had the opportunuty to play around with the vnc exploits) I wouldn't mind knowing

Get vmware. load up on vm with bt the other with xp sp0 with no patches or updates. Have fun.