The Joy of Exploitation
59
Auxiliary
=========
Name Disclosure Date Rank Description
---- --------------- ---- -----------
admin/mssql/mssql_enum normal Microsoft SQL Server Configuration
Enumerator
admin/mssql/mssql_exec normal Microsoft SQL Server xp_cmdshell
Command Execution
admin/mssql/mssql_idf normal Microsoft SQL Server - Interesting
Data Finder
admin/mssql/mssql_sql normal Microsoft SQL Server Generic Query
scanner/mssql/mssql_login normal MSSQL Login Utility
scanner/mssql/mssql_ping normal MSSQL Ping Utility
Exploits
. . . SNIP . . .
msf >
Or, to find the MS08-067 exploit specifically (an exploit related to the
notorious Conficker worm that exploited a weakness within the Remote
Procedure Call [RPC] service), you would enter this command:
msf >
search ms08_067
[*] Searching loaded modules for pattern 'ms08_067'...
Exploits
========
Name Rank Description
---- ---- -----------
windows/smb/ms08_067_netapi
great Microsoft Server Service Relative Path Stack Corruption
Then, having found an exploit (
windows/smb/ms08_067_netapi
), you could
load the found module with the
use
command, like so:
msf >
use windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) >
Notice that when we issue the
use windows/smb/ms08_067_netapi
command,
the
msf
prompt changes as follows:
msf exploit(ms08_067_netapi) >
This indicates that we have selected the
ms08_067_netapi
module and
that commands issued at this prompt will be performed under that exploit.