[framework] Re: what cause this error??

AgentSmith15 agentsmith15 at gmail.com
Fri May 12 09:30:42 CDT 2006 

Okay why are you mailing the metasploit mailing list. Because your
last email has nothing to do with Metasploit I doubt you will be
helped.

On 5/12/06, net spy <n4net_spy at yahoo.com> wrote:
> Hi
>
>    thank Rhys.Ive tried terminal service by using tsgrinder-2.03 which is
> realy a go0d tool but im facing some sort of porblem to bruteforce the
> password.i sucessfuly got the remote login screen but failed to get
> password.might caz of shot list of password file any other idea.since i
> tried dictionary attack to brutforce the password.i will be glade for ur
> kind response.
>
>   Regards
>     Net_Spy
>
>
> Rhys Kidd <rhyskidd at gmail.com> wrote:
>
>
> Net Spy,
>
> Metasploit isn't really designed to scan a system for vulnerabilities in its
> currently released versions. It might be best to look at a tool such as
> Nessus to do the scanning of open ports to see if vulnerabilities lie or
> grab the banners and compare to OSVDB or Secunia, and then go about using
> Metasploit to confirm a risk exists.
>
> Although, if you're really doing an authorised pen-test, I'd probably focus
> on RDP (TCP/3389) to see if you can bruteforce usernames/passwords first.
> IIS6.0 is comparatively secure these days to the old IIS versions.
>
> Maybe have a read up on web application attacks too.
>
> Please research the bugs before posting, not much reason to point-and-sploit
> LSASS overflows if the system is patched.
>
>
>  ________________________________
>
> From: net spy [mailto:n4net_spy at yahoo.com]
>  Sent: Monday, 8 May 2006 8:25 PM
>  To: framework at metasploit.com
>  Subject: Re: [framework] Re: what cause this error??
>
> HI
>
>   thankz for your kind response so far i can,,,, well ive found go0d open
> portz n services running on there here is the list below.information is
> windows 2003 ,IIS6.0,asp dot net,mysql,apache (win32)1.3.x.,config remote
> terminal,mail server,https.any idea to test this server using
> metasploit.your kind help would be helpful for me.
>
>  port are open
>
>  25
>  53
>  80
>  1433
>  2103
>  2105
>  2107
>  3306
>  3389
>  8080
>  8401
>  8402
>  9999
>
>
>  H D Moore <hdm at metasploit.com> wrote:
> Hello,
>
>  Session request failed just means that the exploit was not able to login
>  to the remote SMB service. Windows 2003 SP1 is not vulnerable to this
>  exploit anyways.
>
>  -HD
>
>  On Sunday 07 May 2006 04:41, net spy wrote:
>  > HI
>  >
>  > how are you all (member of metasploit list).Im having a problem
>  > using bind shell payload with lsass.exe overflow exploit.
>  >
>  > i use lsass exploit and set payload to win32_bind.and set the
>  > remote port to 1030 where the service is running on remote.and my
>  > local port set to default 4444.Im using windows 2003 with sp1.Im
>  > testing my friendz website.The error i got is Session request failed
>  > *SMBSERVER.exing bind handler.any help would be helpful for me it will
>  > improve my pentest experience.
>  >
>  > Regards
>  > Net_Spy
>  >
>  > Send instant messages to your online friends
>  > http://uk.messenger.yahoo.com
>
> Send instant messages to your online friends http://uk.messenger.yahoo.com
>
>
> Send instant messages to your online friends http://uk.messenger.yahoo.com

More information about the framework mailing list