Penetration notes-2013-07-13 on the SMB version of the scan

Source: Internet
Author: User

SMB2 overflow, in fact, in the Metasploit inside there are two scanners can be used, the effect is similar, just a more detailed judgment, a mere rough judgment.

Welcome to the Metasploit Web console! _ _ _ | | (_)_ ____ ____| |_ ____ ___ ____ | | ___ _| |_ | \ / _ ) _)/ _ |/___) _ \| |/ _ \| | _) | | | ( (/ /| |_( ( | |___ | | | | | |_| | | |__ |_|_|_|\____)\___)_|| _(___/| || _/|_|\___/|_|\___) |_| =[Metasploit V3.4.2-dev [core:3.4 api:1.0] +----=[566 exploits-283 auxiliary +----=[payloads-27 encoders- 8 Nops =[svn r9834 updated 329 days ago (2010.07.14) warning:this copy of the Metasploit Framework is last updated 329 Days ago. We recommend the framework at least every. For information in updating your copy of Metasploit, please see:http://www.metasploit.com/redmine/projects/framework/ wiki/updating >> Search SMB [*] searching loaded modules for pattern ' SMB ' ...  Auxiliary ========= Name Rank Description-------------------admin/oracle/ora_ntlm_stealer normal Oracle SMB Relay Code Execution Admin/smb/samba_symlink_traversal Normal samba symlink Directory traversal DOS/WINDOWS/SMB/MS05_047_PNP Normal Microsoft Plug and Play Service Registry Overflow dos/windows/smb/ms06_035_mailslot normal Microsoft SRV. SYS mailslot Write corruption Dos/windows/smb/ms06_063_trans normal Microsoft SRV. SYS Pipe Transaction No Null dos/windows/smb/ms09_001_write normal Microsoft SRV. SYS writeandx Invalid dataoffset dos/windows/smb/ms09_050_smb2_negotiate_pidhigh normal Microsoft SRV2. SYS SMB Negotiate ProcessID Function Table dereference dos/windows/smb/ms09_050_smb2_session_logoff Normal Microsoft SRV2. SYS SMB2 Logoff Remote Kernel NULL Pointer dereference dos/windows/smb/ms10_006_negotiate_response_loop Normal Microsoft Windows 7/server R2 SMB Client Infinite Loop dos/windows/smb/rras_vls_null_deref normal Microsoft RRAS Interfaceadj Ustvlspointers NULL dereference dos/windows/smb/vista_negotiate_stop normal Microsoft vista SP0 SMB Negotiate Protocol do S fuzzers/smb/smb2_negotiate_corrupt normal SMB Negotiate SMB2 dialect corruption fuzzers/smb/smb_create_pipe normal SMB Create Pipe REquest fuzzer fuzzers/smb/smb_create_pipe_corrupt Normal SMB Create pipe Request corruption fuzzers/smb/smb_negotiate_ Corrupt normal SMB Negotiate dialect corruption fuzzers/smb/smb_ntlm1_login_corrupt normal SMB NTLMv1 login Request Corrup tion fuzzers/smb/smb_tree_connect normal smb tree connect Request fuzzer fuzzers/smb/smb_tree_connect_corrupt normal SMB Tree Connect Request corruption scanner/smb/pipe_auditor normal SMB Session pipe auditor Scanner/smb/pipe_dcerpc_auditor Normal SMB Session Pipe DCERPC Auditor scanner/smb/smb2 normal SMB 2.0 Protocol Detection scanner/smb/smb_enumshares Norma  L SMB Share Enumeration scanner/smb/smb_enumusers normal SMB User enumeration (SAM enumusers) Scanner/smb/smb_login Normal SMB Login Check Scanner scanner/smb/smb_lookupsid normal SMB Local User enumeration (LOOKUPSID) scanner/smb/smb_version n Ormal SMB Version Detection server/capture/smb normal authentication capture:smb exploits ======== Name Rank Description -------------------netware/Smb/lsass_cifs average Novell NetWare lsass cifs.  NLM Driver Stack Buffer Overflow WINDOWS/BROWSER/JAVA_WS_ARGINJECT_ALTJVM excellent Sun java Web Start Plugin Command Line Argument injection WINDOWS/BROWSER/MS10_022_IE_VBSCRIPT_WINHLP32 Great Internet Explorer Winhlp32.exe MsgBox Code Execution windows/fileformat/ursoft_w32dasm Good ursoft w32dasm disassembler Function Buffer Overflow windows/ Fileformat/vlc_smb_uri Great VideoLAN Client (VLC) Win32 smb://URI Buffer Overflow windows/smb/ms03_049_netapi Good Micro Soft Workstation Service netaddalternatecomputername Overflow windows/smb/ms04_007_killbill low Microsoft ASN.1 Library bitstring Heap Overflow windows/smb/ms04_011_lsass good Microsoft lsass Service dsrolerupgradedownlevelserver Overflow Windows/smb/ms04_031_netdde good Microsoft NetDDE Service Overflow windows/smb/ms05_039_pnp Good Microsoft Plug and Play S Ervice Overflow windows/smb/ms06_025_rasmans_reg Good Microsoft RRAS Service RASMAN Registry Overflow windows/smb/ms06_ 025_rras average Microsoft RRAS service Overflow WINDOWS/SMB/MS06_040_NETAPI great Microsoft Server Service Netpwpathcanoni Calize Overflow windows/smb/ms06_066_nwapi Good Microsoft Services ms06-066 nwapi32.dll windows/smb/ms06_066_nwwks Good Microsoft Services ms06-066 nwwks.dll windows/smb/ms06_070_wkssvc normal Microsoft Workstation Service Netpmanageipcconnect Overflow windows/smb/ms08_067_netapi Great Microsoft Server Service Relative Path Stack corruption w Indows/smb/ms09_050_smb2_negotiate_func_index Good Microsoft SRV2. SYS SMB Negotiate ProcessID Function Table dereference windows/smb/msdns_zonename great Microsoft DNS RPC Service EXTRACTQ Uotedchar () Overflow (SMB) windows/smb/netidentity_xtierrpcpipe great Novell netidentity Agent xtierrpcpipe Named Pipe Bu Ffer Overflow. Windows/smb/psexec excellent Microsoft Windows authenticated User Code execution Windows/smb/smb_relay Excellent Microsoft Windows SMB Relay Code execution Windows/smb/timbuktu_plughntcommand_bof Great Timbuktu <= 8.6.6plughntcommand Named Pipe Buffer Overflow>> Use AUXILIARY/SCANNER/SMB/SMB2 >> info NAME:SMB 2.0 Protocol Detection version:9550 license:metasploit F Ramework License (BSD) Rank:normal provided BY:HDM<HDM@metasploit. com>Basic options:name Current Setting Required Description--------------------------------------RHOSTS yes the tar Get address range or CIDR identifier Rport 445 yes the target Port THREADS 1 yes the number of concurrent THREADS descript Ion:detect systems that support the SMB 2.0 protocol >> set RHOSTS 172.16.1.0/24 RHOSTS = 172.16.1.0/24 >> ; Set THREADS THREADS = >> Info NAME:SMB 2.0 Protocol Detection version:9550 license:metasploit Framewo RK License (BSD) Rank:normal provided BY:HDM<HDM@metasploit. com> Basic options:name Current Setting Required Description--------------------------------------RHOSTS 172.16.1.0/24 y ES the target address range or CIDR identifier Rport 445 yes the target port THREADS yes the number of concurrent thre Ads Description:detect systems that support the SMB 2.0 protocol >> Run [*] 172.16.1.102 supports SMB 2 [dialect 25 5.2] and have been online for hours [*] 172.16.1.107 supports SMB 2 [dialect 255.2] and have been online for 2 hours [*] 172.16.1.110 supports SMB 2 [dialect 255.2] and have been online for 6 hours [*] Scanned 042 of the (016% complete) [ *] Scanned 055 of the 040 hosts (021% complete) [*] Scanned 084 of the (032% complete) [*] Scanned 104 of the "the" of the "the" % complete) [*] Scanned (050% complete) [*] Scanned 155 of the (060% complete) [*] Scanned 184 of 2 071% Complete [*] scanned 205 of the "080% complete" [*] scanned 235 of the (091% complete) [*] Sca nned (100% complete) [*] Auxiliary module execution completed >> back >> use auxiliary/scanner/smb/smb_version &GT;&G T  Info name:smb Version Detection version:9827 license:metasploit Framework License (BSD) Rank:normal provided BY:HDM<HDM@metasploit. com>Basic options:name Current Setting Required Description--------------------------------------RHOSTS yes the tar Get address range or CIDR identifier THREADS 1 yes the number of concurrent THREADS Description:display version Informati On about each system >> set RHOSTS 172.16.1.0/24 RHOSTS = 172.16.1.0/24 >> set THREADS THREADS = 1 XX >> info name:smb Version Detection version:9827 license:metasploit Framework License (BSD) rank:normal provid Ed BY:HDM<HDM@metasploit. com> Basic options:name Current Setting Required Description--------------------------------------RHOSTS 172.16.1.0/24 y ES the target address range or CIDR identifier THREADS yes the number of concurrent THREADS Description:display Versi On information about each system >> run [*] scanned 026 of the "010% complete" [*] scanned 061 of the (0 23% complete) [*] Scanned 087 of the "033% complete" [*] 172.16.1.107 is running Windows 7 Ultimate (Build 7600) (LA Nguage:unknown) (NAME:PC) (Domain:workgroup) [*] 172.16.1.110 is running Windows 7 Ultimate (Build 7600) (Language:unkno WN) (NAME:YANG*-PC) (Domain:workgroup) [*] 172.16.1.102 is running Windows 7 Ultimate (Build 7600) (Language:unknown) (NA me:wang*) (DOMAIN:YANGYANGWO) [*] 172.16.1.111 is running Windows XP Service Pack 3 (language:chinese-traditional) (Nam e:www-95a235b5556) (Domain:workgroup) [*] Scanned (043% complete) [*] Scanned 133 of the (051% comp lete) [*] scanned 168 of 065% (complete) [*] Scanned 181 of the "070% complete" [*] scanned 208 of the (081% complete) [*] S Canned 232 of the (090% complete) [*] Scanned (100%) [*] Auxiliary module Execution comple Ted

Penetration notes-2013-07-13 on the SMB version of the scan

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.