background image

The Joy of Exploitation

59

Auxiliary
=========

   Name                       Disclosure Date  Rank    Description
   ----                       ---------------  ----    -----------
   admin/mssql/mssql_enum                      normal  Microsoft SQL Server Configuration

Enumerator

   admin/mssql/mssql_exec                      normal  Microsoft SQL Server xp_cmdshell

Command Execution

   admin/mssql/mssql_idf                       normal  Microsoft SQL Server - Interesting

Data Finder

   admin/mssql/mssql_sql                       normal  Microsoft SQL Server Generic Query
   scanner/mssql/mssql_login                   normal  MSSQL Login Utility
   scanner/mssql/mssql_ping                    normal  MSSQL Ping Utility
Exploits

. . . SNIP . . .

msf >

Or, to find the MS08-067 exploit specifically (an exploit related to the 

notorious Conficker worm that exploited a weakness within the Remote 
Procedure Call [RPC] service), you would enter this command:

msf > 

search ms08_067

[*] Searching loaded modules for pattern 'ms08_067'...

Exploits
========

   Name                         Rank   Description
   ----                         ----   -----------
   

windows/smb/ms08_067_netapi

  great  Microsoft Server Service Relative Path Stack Corruption

Then, having found an exploit (

windows/smb/ms08_067_netapi

), you could 

load the found module with the 

use

 command, like so:

msf > 

use windows/smb/ms08_067_netapi

msf exploit(ms08_067_netapi) >

Notice that when we issue the 

use windows/smb/ms08_067_netapi

 command, 

the 

msf 

prompt changes as follows:

msf exploit(ms08_067_netapi) >

This indicates that we have selected the 

ms08_067_netapi

 module and 

that commands issued at this prompt will be performed under that exploit.