Results 1 to 8 of 8

Thread: Anyone know of a program (and v. number) with known vulnerabilities?

  1. #1
    Member
    Join Date
    Jul 2007
    Posts
    145

    Default Anyone know of a program (and v. number) with known vulnerabilities?

    I want to load a vulnerable program on my desktop, and run metasploit on my laptop against it. I gotta learn what to look for in a successful exploit somehow, and this would also be some nice legal practice for metasploit.

    whatever program that's vulnerable you know about, or maybe something that has trialware is fine.

    Any help is appreciated

  2. #2
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    Quote Originally Posted by unlazyfree View Post
    I want to load a vulnerable program on my desktop, and run metasploit on my laptop against it. I gotta learn what to look for in a successful exploit somehow, and this would also be some nice legal practice for metasploit.

    whatever program that's vulnerable you know about, or maybe something that has trialware is fine.

    Any help is appreciated
    I don't know, maybe internet explorer, outlook or some msshit. depending on what you mean by vulnerable.
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

  3. #3
    Member
    Join Date
    Jul 2007
    Posts
    145

    Default

    Quote Originally Posted by .lonewolf View Post
    I don't know, maybe internet explorer, outlook or some msshit. depending on what you mean by vulnerable.
    basically when I run autopwn against my desktop, I want it to create a command shell. Or of you know of a specific program or whatever that'll spawn a vnc viewer or something (I've never had the opportunuty to play around with the vnc exploits) I wouldn't mind knowing

  4. #4
    Member
    Join Date
    Nov 2007
    Posts
    220

    Default

    Quote Originally Posted by .lonewolf View Post
    I don't know, maybe internet explorer, outlook or some msshit. depending on what you mean by vulnerable.

    That mean that SMIME is vulnerable? (or you referring to no encryption?) Been trying to get info for this for a presentation thing at work but found nothing
    wtf?

  5. #5
    Junior Member duwey96's Avatar
    Join Date
    Nov 2007
    Posts
    41

    Default

    I believe Metasploit tells you what programs/versions each vulnerability has been tested on to ensure it is working. So you could just read the description of the vulnerability and use the program/version they tell you on your computer.

    for example: see the description below
    "Description: This module exploits a buffer overflow in RealVNC 3.3.7"

    Code:
    Name: RealVNC 3.3.7 Client Buffer Overflow 
    Version: 3818 
    Targeting: win32, winxp, win2000, win2003 / x86 
    Privileges: No 
    Author: y0 [at] w00t-shell.net 
    Disclosed: Jan 29 2001 
    Targets: 
    0 - Windows 2000 SP4 English 
    1 - Windows XP SP2 English 
    2 - Windows 2003 SP1 English 
     
    Options: 
    VNCPORT - The local VNC listener port 
    VNCSERVER - The local VNC listener host 
     
    Payload Info: 
    Room for 500 bytes of payload 
    Restricted bytes: 0x00  
     
    Description: This module exploits a buffer overflow in RealVNC 3.3.7 (vncviewer.exe).

    OR: "This issue is known to affect AOL Instant Messenger 5.5. "
    Code:
    Exploit Module: aim_goaway
     
    Name: AOL Instant Messenger goaway Overflow 
    Version: 3818 
    Targeting: win32, win2000, winxp, win2003 / x86 
    Privileges: No 
    Authors: 
    skape <mmiller [at] hick.org> 
    thief <thief [at] uninformed.org> 
     
    Disclosed: Aug 9 2004 
    Targets: 
    0 - Automatic 
    1 - Windows XP SP0 
     
    Options: 
    HTTPHOST - The local HTTP listener host 
    HTTPPORT - The local HTTP listener port 
     
    Payload Info: 
    Room for 1014 bytes of payload 
    Restricted bytes: 0x00 0x09 0x0a 0x0d 0x20 0x22 0x25 0x26 0x27 0x2b 0x2f 0x3a 0x3c 0x3e 0x3f 0x40  
     
    Description: This module exploits a flaw in the handling of AOL Instant Messenger's 'goaway' URI handler. An attacker can execute arbitrary code by supplying a overly sized buffer as the 'message' parameter. This issue is known to affect AOL Instant Messenger 5.5. 
    References:   
    http://www.osvdb.org/8398 
    http://www.milw0rm.com/metasploit/3 
    http://www.idefense.com/application/poi/display?id=121&type=vulnerabilities

  6. #6
    Member
    Join Date
    Jul 2007
    Posts
    145

    Default

    I'll be damned. I never thought to look at the exploit code itself



    Although, I do have another question, is every exploit that's on milw0rm's site downloaded to my computer when I update? The reason I ask is because I found an exploit I could use on milw0rm's site, however when I look for it (or something even close to it) when I show exploits on metasploit, I don't see it.
    I also downloaded the exploit seperately and I'm pretty sure I placed it in the correct folder, does something need to be done to the individual files?

  7. #7
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Quote Originally Posted by unlazyfree View Post
    I'll be damned. I never thought to look at the exploit code itself



    Although, I do have another question, is every exploit that's on milw0rm's site downloaded to my computer when I update? The reason I ask is because I found an exploit I could use on milw0rm's site, however when I look for it (or something even close to it) when I show exploits on metasploit, I don't see it.
    I also downloaded the exploit seperately and I'm pretty sure I placed it in the correct folder, does something need to be done to the individual files?
    Milw0rm doesn't have Metasploit exploit modules.

    On what I read from your both posts, I would suggest you to learn the basics and understandings behind all that. There is much more involved than throwing the autopwn feature of Metasploit against a machine and wait if something happens.
    Tiocfaidh ár lá

  8. #8
    Junior Member cyberconsole's Avatar
    Join Date
    Aug 2007
    Posts
    57

    Default

    Quote Originally Posted by unlazyfree View Post
    basically when I run autopwn against my desktop, I want it to create a command shell. Or of you know of a specific program or whatever that'll spawn a vnc viewer or something (I've never had the opportunuty to play around with the vnc exploits) I wouldn't mind knowing
    Get vmware. load up on vm with bt the other with xp sp0 with no patches or updates. Have fun.
    There's no fate but what we make for ourselves.

    -I already know I cant spel-

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •