Nmap Development mailing list archives

Re: [NSE] metasploit-info


From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Sat, 7 Jul 2012 21:16:54 +0200

Thanks for the comments.
Oh, and this script wasn't intended as a critique of rpc service's security.
It's just using it the way it's intended.

It just goes along nicely with last weeks brute force script.

Thanks,
Aleksandar

On Sat, Jul 7, 2012 at 8:18 PM, HD Moore <hdm () digitaloffense net> wrote:
Linux/Windows is all we officially support for the commercial install, but
msfrpcd will run on iPads, BSD, OS X, etc.

Theoretically we can disable command passthrough on shells (Defang), but it
would be fairly pointless:
1) Modules can take file:/paths for String option names
2) Modules can be loaded through an API call (for a user able to put code in
the local fs)
3) Console output can be spooled to any writeable file
4) RPC access == root is an easy security concept

-HD

-----Original Message-----
From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org]
On Behalf Of Aleksandar Nikolic
Sent: Saturday, July 07, 2012 10:25 AM
To: Nmap Dev
Subject: [NSE] metasploit-info

Hi all,

here's a post auth info gathering script that uses metasploit rpc service.
It requires valid username and password of course. What it does is:
1) Login to get auth token
2) Get metasploit version to deduce if we are on linux or windows (if
you can supply me with other version info I'd gladly add it).
3) Create new console
4) Execute the command (systeminfo on windows, uname -a and id on linux)
5) Read the result
6) Optionally, execute user supplied command
7) Close the console

If anybody want's to test it, it's attached.

Please share your comments and ideas.

Aleksandar

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Current thread: