IIS6.0 Vulnerability

hacking
windows

#1

Hi folks

After shadowbroker leaked NSA tools, I started to work around them and tried to find out what exactly the tools doing and fix vulnerable systems.

I’ve tested most of the exploits that are in FUZZBUNCH and others that could found in leaked data.

Now, it is around 3 days that I am on EXPLODINGCAN and working on it. I got what it is, but, HERE COMES PROBLEM

Let me explain what i did:

Run FUZZBUNCH -> set target host [external host] -> set local [ddns address that routes traffic to us] -> set redirection to NO -> Use explodingcan -> execute

After I did this, the module was executed and it gave me the below messages:

webdav is enabled

.

.

.

exploit complete

explodingcan succeeded


Connection to target established

waiting for next stage

Then I used command " session " and there was the ready session that was connected to target.

After some search, I found MSF module that can be used instead of EXPLODINGCAN in this LINK.
In the readme file has been shown that after executing module, the MSF should send stage to target, but when I hit ENTER, nothing appears, just below things

[*] Started reverse TCP handler on 0.0.0.0:44446
[*] Exploit completed, but no session was created.

My questions:

  1. If connection established in FUZZBUNCH, Why the shell does not exist?
  2. How can I get the shell from the session that its status is ready, in FUZZBUNCH?
    [ As we know when we have the session in MSF we can get the shell from that with command " sessions -i “session_number” ].
  3. The EXPLODINGCAN module asks for " HOSTSTRING ".
    What is exactly that?
    The IP address of Google is “216.58.206.14”, so if Google is our target, the hoststring should be google.com?
  4. In the FUZZBUNCH - EXPLODINGCAN, what is next stage after exploitation?

(Command-Line Ninja) #2

(Command-Line Ninja) #3

Your post is extremely unclear, and badly formatted. It is nothing personal, although many will view this as spam.

Please correct your grammar (to your best ability), format code as best you can. You will find that the better you do these things, the better people will receive you. Try and put effort into your posts, this forum is a quality forum with quality content.

Think to yourself before you post, would you be happy with this being an example of your best effort or attempt at writing?

Looking forward to seeing your revision!


#4

thank you for your attention and i will be grateful if you help me in this
help to make my post better and clear

thanks


(Command-Line Ninja) #5

Try https://www.grammarly.com/

This will help you tons. A few pointers, also. Capital letters at the beginning of sentences, Full stops at the end of sentences. Single exclamation marks, or question marks. “???” is not necessary. One will suffice.


#6

Thanks man

If you can, Please check that again


(Command-Line Ninja) #7

(system) #9

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.