Metasploit mailing list archives

Re: Fwd: Search exploits for a particular port number

From: Joshua TAYLOR <joshuaaaron () gmail com>
Date: Fri, 16 Sep 2011 13:36:49 -0400

I don't know about past versions (I'm a new user myself), but for
getting this into the framework, a quick and dirty patch like the
following in the "search_filter(search_string)" function in
msf/core/module.rb would get you the ability to search by ports.

Index: module.rb
===================================================================
--- module.rb   (revision 13728)
+++ module.rb   (working copy)
@@ -667,6 +667,9 @@
                                                                terms = terms + self.targets.map{|x| x.name}
                                                        end
                                                        match = [t,w] if terms.any? { |x| x =~ r }
+                                               when 'rport'
+                                                       opt = self.options['RPORT']
+                                                       match = [t,w] if opt and opt.default.to_s =~ r
                                                when 'name'
                                                        match = [t,w] if self.name =~ r
                                                when 'path'

This doesn't include updating the "search -h" output, of course, and a
better solution would be to provide a way for naming an option and ask
about the default value. Nonetheless, this will let you search for
ports that contain certain sequence of digits.  E.g.,

msf > search type:exploit rport:22

Matching Modules
================

   Name                                       Disclosure Date  Rank
   Description
   ----                                       ---------------  ----
   -----------
   exploit/linux/misc/hplip_hpssd_exec        2007-10-04
excellent  hplip hpssd.py From Address Arbitrary Command Execution
   exploit/unix/webapp/qtss_parse_xml_exec    2003-02-24
excellent  QuickTime Streaming Server parse_xml.cgi Remote Execution
   exploit/windows/games/mohaa_getinfo        2004-07-17       great
   Medal Of Honor Allied Assault getinfo Stack Buffer Overflow
   exploit/windows/misc/nettransport          2010-01-02       normal
   NetTransport Download Manager 2.90.510 Buffer Overflow
   exploit/windows/scada/citect_scada_odbc    2008-06-11       normal
   CitectSCADA/CitectFacilities ODBC Buffer Overflow
   exploit/windows/ssh/freeftpd_key_exchange  2006-05-12       average
   FreeFTPd 1.0.10 Key Exchange Algorithm String Buffer Overflow
   exploit/windows/ssh/freesshd_key_exchange  2006-05-12       average
   FreeSSHd 1.0.9 Key Exchange Algorithm String Buffer Overflow


Hope this helps (it's not a complete solution, but it might work for
your needs),
//JT


On Fri, Sep 16, 2011 at 11:41 AM, srg <srgqwerty () gmail com> wrote:

Any ideas?
Best regards
Begin forwarded message:

From: srg <srgqwerty () gmail com>
Subject: Search exploits for a particular port number
Date: September 6, 2011 8:22:44 PM GMT+02:00
To: framework () spool metasploit com

Hello:

Recently I upgraded MSF.
Now I am running  Framework: 4.0.1-dev.13502 Console  : 4.0.1-dev.13581

Does anybody know if in 4.0.1 there are changes in the msfconsole SEARCH
command?
I think that in previous versions I was able to use the SEARCH command to
find exploits that are applicable to a particular port number, or look for
exploit ranks "i.e. EXCELLENT, GOOD, NORMALand so on".

Now, apparently, it is not possible to make those kind of searches:
msf > help search
Usage: search [keywords]

Keywords:
 name      :  Modules with a matching descriptive name
 path      :  Modules with a matching path or reference name
 platform  :  Modules affecting this platform
 type      :  Modules of a specific type (exploit, auxiliary, or post)
 app       :  Modules that are client or server attacks
 author    :  Modules written by this author
 cve       :  Modules with a matching CVE ID
 bid       :  Modules with a matching Bugtraq ID
 osvdb     :  Modules with a matching OSVDB ID

In the other hand… does anybody knows if there is a msfconsole command to
have an exploit list that includes for each exploit the creation date?

Thanks a lot and best regards

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework




-- 
Joshua Taylor, http://www.cs.rpi.edu/~tayloj/
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Search exploits for a particular port number srg (Sep 06)
- Fwd: Search exploits for a particular port number srg (Sep 16)
  - Re: Fwd: Search exploits for a particular port number Joshua TAYLOR (Sep 16)
    - Re: Search exploits for a particular port number srg (Sep 16)