O'Reilly logo

Network Security Assessment, 2nd Edition by Chris McNab

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix C. Exploit Framework Modules

The Metasploit Framework (MSF), CORE IMPACT, and Immunity CANVAS, along with the GLEG and Argeniss exploit packs, support a large number of issues (remote and locally exploitable vulnerabilities, along with DoS conditions). Along with exploit modules, these frameworks also contain auxiliary modules to perform brute-force password grinding and other attacks. I have assembled the current listings of exploit modules supported within these frameworks and add-on packs in this appendix.

MSF

Table C-1 lists exploit modules within MSF at the time of this writing.

Table C-1. MSF exploit modules

Name

Description

Reference

3cdaemon_ftp_user

3Com 3CDaemon 2.0 FTP username overflow

CVE-2005-0277

aim_goaway

AOL Instant Messenger goaway overflow

CVE-2004-0636

aim_triton_cseq

AIM Triton 1.0.4 CSeq overflow

CVE-2006-3524

altn_webadmin

Alt-N WebAdmin username overflow

CVE-2003-0471

ani_loadimage_chunksize

Windows ANI LoadAniIcon( ) chunk size overflow

CVE-2007-0038

apache_chunked

Apache Win32 Chunked-Encoding overflow

CVE-2002-0392

apache_modjk_overflow

Apache mod_jk 1.2.20 overflow

CVE-2007-0774

apple_itunes_playlist

Apple ITunes 4.7 playlist overflow

CVE-2005-0043

apple_quicktime_rtsp

Apple QuickTime 7.1.3 RTSP URI overflow

CVE-2007-0015

awstats_configdir_exec

AWStats configdir remote command execution

CVE-2005-0116

badblue_ext_overflow

BadBlue 2.5 EXT.dll overflow

CVE-2005-0595

bakbone_netvault_heap

BakBone NetVault heap overflow ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required