Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #4458, more informative errors for ms04_011 #4814

Merged
merged 1 commit into from Feb 23, 2015
Merged

Fix #4458, more informative errors for ms04_011 #4814

merged 1 commit into from Feb 23, 2015

Conversation

wchen-r7
Copy link
Contributor

Fix #4458

This patch allows the MS04-11 exploit to be more informative about which part of the attack has failed.

Testing

To be honest, the exploit is really old and I don't even have a box for testing anymore. But what you can do to make sure you exercise all the exploit is:

  • Set up a fake server: ruby -run -e httpd . -p 8181
  • Start msfconsole
  • use exploit/windows/ssl/ms04_011_pct
  • set rport 8181
  • set rhost [IP]
  • run
  • In the Ruby server, you should see some malicious data from the exploit. The malicious data portion is sent pretty much at the end of the exploit method, so this is a good indication you've exercised the code.

@wvu wvu self-assigned this Feb 21, 2015
@wvu wvu merged commit 441c301 into rapid7:master Feb 23, 2015
wvu added a commit that referenced this pull request Feb 23, 2015
@wvu
Land #4814, ms04_011_pct improved error messages
933c4a0
@wvu
Copy link
Contributor

wvu commented Feb 23, 2015

w00t!

@wchen-r7 wchen-r7 deleted the fix_4458 branch August 22, 2016 16:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@wvu wvu

Labels
bug module
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

EOFerror in ms04_011_pct.rb
2 participants
@wchen-r7 @wvu