168.1.113:37841 -> 192.168.1.115:18922
msf > sessions -i 1
[*] Starting interaction with 1...
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>
Now that you see how easy db_autopwn makes exploiting unpatched systems, you
might be wondering why we called it a gimmick earlier. One free Windows 2000 command
shell with just a few keystrokes is nice, but both of the XP machines had various
unpatched vulnerabilities that Metasploit should have been able to exploit. Because no
OS detection is built into db_autopwn, the exploits were not properly configured for XP
and thus did not work. In our Metasploit introduction, remember that the SMB-based
exploit we introduced required a pipe name to be changed when attacking XP. Db_
autopwn is not smart enough (yet) to configure exploits on the fly for the appropriate
target type, so you??™ll miss opportunities if you rely on it. Or worse, you??™ll crash systems
because the wrong offset was used in the exploit. Even though it is not perfect, db_
autopwn is a fun new toy to play with and lowers the learning curve for administrators
who want to test whether their systems are vulnerable.
Reference
Metasploit blog post introducing db_autopwn http://blog.
Pages:
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272