PARTS:
Part 7
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
Part 22
Part 23
Part 24
Part 25
Part 26
SEARCH
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Prev | Current Page 202 | Next

Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness

"Gray Hat Hacking, Second Edition"

Before blindly following instructions, let??™s explore which pipes are accessible
on this XP SP1 target machine and see why ROUTER didn??™t work. Metasploit version
3 added several auxiliary modules, one of which is a named pipe enumeration tool.
We??™ll use that to see if this ROUTER named pipe is exposed remotely.
msf exploit(ms06_025_rras) > show auxiliary
Name Description
---- -----------
admin/backupexec/dump Veritas Backup Exec Windows Remote
File Access
admin/backupexec/registry Veritas Backup Exec Server Registry
Access
dos/freebsd/nfsd/nfsd_mount FreeBSD Remote NFS RPC Request Denial
of Service
dos/solaris/lpd/cascade_delete Solaris LPD Arbitrary File Delete
dos/windows/nat/nat_helper Microsoft Windows NAT Helper Denial
of Service
dos/windows/smb/ms05_047_pnp Microsoft Plug and Play Service
Registry Overflow
dos/windows/smb/ms06_035_mailslot Microsoft SRV.SYS Mailslot Write
Corruption
dos/windows/smb/ms06_063_trans Microsoft SRV.SYS Pipe Transaction No
Null
dos/windows/smb/rras_vls_null_deref Microsoft RRAS
InterfaceAdjustVLSPointers NULL Dereference
dos/wireless/daringphucball Apple Airport 802.11 Probe Response
Kernel Memory Corruption
dos/wireless/fakeap Wireless Fake Access Point Beacon
Flood
dos/wireless/fuzz_beacon Wireless Beacon Frame Fuzzer
dos/wireless/fuzz_proberesp Wireless Probe Response Frame Fuzzer
dos/wireless/netgear_ma521_rates NetGear MA521 Wireless Driver Long
Rates Overflow
dos/wireless/netgear_wg311pci NetGear WG311v1 Wireless Driver Long
SSID Overflow
dos/wireless/probe_resp_null_ssid Multiple Wireless Vendor NULL SSID
Probe Response
dos/wireless/wifun Wireless Test Module
recon_passive Simple Recon Module Tester
scanner/discovery/sweep_udp UDP Service Sweeper
scanner/mssql/mssql_login MSSQL Login Utility
scanner/mssql/mssql_ping MSSQL Ping Utility
scanner/scanner_batch Simple Recon Module Tester
scanner/scanner_host Simple Recon Module Tester
scanner/scanner_range Simple Recon Module Tester
scanner/smb/pipe_auditor SMB Session Pipe Auditor
Gray Hat Hacking: The Ethical Hacker??™s Handbook
80
Chapter 4: Using Metasploit
81
PART II
scanner/smb/pipe_dcerpc_auditor SMB Session Pipe DCERPC Auditor
scanner/smb/version SMB Version Detection
test Simple Auxiliary Module Tester
test_pcap Simple Network Capture Tester
voip/sip_invite_spoof SIP Invite Spoof
Aha, there is the named pipe scanner, scanner/smb/pipe_auditor.


Pages:
190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214
The Art of Agile Development (page 38) Absalom's Hair (page 162) Absolute Surrender and Other Addresses (page 13)