Jump to content

Rogueit

Active Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by Rogueit

  1. So I downloaded the ssl-heartbleed script for nmap 6.4 and also put the tls.lua in the appropriate directory. However when I scan a server that qualsys tells me is vulnerable to heartbleed I only get the following nmap -p 443 --script=ssl-heartbleed Server1 Starting Nmap 6.40 ( http://nmap.org ) at 2014-04-24 16:33 Eastern Daylight Time Nmap scan report for Server1 (192.168.1.130) Host is up (0.037s latency). rDNS record for 192.168.1.130: Server1 PORT STATE SERVICE 443/tcp open https I can see where it tells me port 443 is open but how does this tell me it is vulnerable?
  2. Yeah I set that up and loaded Silverlight 5.0.61118 on a windows 7 x86 box, then set the Metasploit option to 0 (attack the x86 box) and executed "exploit". I then went to the link Metasploit said it was listening on, but I only got an error on the Metasploit server about the client method every time I tried it. So I thought I was doing something wrong. I was curious if anyone had posted a video or had successfully exploited a box with the .rb file loaded into Metasploit. Thank for the reply Rogue
  3. Does anyone know of a video showing the exploitation of a box using the sliverlight exploit CVE-2013-0074 and CVE-2013-3896? I am concerned that we have a bunch of machines with silverlight versions that fit the profile but without being able to show the danger, it will be hard to convince the department to force upgrade the boxes.
×
×
  • Create New...