2 replies to this topic

[Raven997]

Hello, this is my first time posting on here so i will give a bit of background for my question

i run a win7 box that i havn't updated so when i ran a nessus scan from my ubuntu netbook i saw ms11-030 critical exploit. before i patched this i wanted to try out metasploit to see if i could pop my own box and get in a bit of experience with metasploit in. however i found no module, and no info from google on anyone who has tried this. from what i have in my head i would have to find a similar module and rewrite it to do my biding whoever that is way past my scope. it needs to be some type of llmnr packet on port 5355 and do something. i am just lost?!?! any info from you smart guys would be greatly appreciated

[unix101]

Do you know what exactly the exploit is? Since I do not know the extent of your knowledge, I will not go into details that might be "doubling up", what you already know. You need to find out how the exploit works if it is memory leak, etc. I think the best way to get experience and in a safe manner is to look up Hack Games, or war games. There are many servers out there that give you access to it in a legal way, to have an environment to test. Pulltheplug.com, hackthissite, etc.

I first got interested into computing technologies and code security, when I was about 9. I read many books, and would ask all over the place for help, but no one would. I felt people keep the knowledge they know, to them selves, to feel that since of power over someone who doesn't. For this being my starting point, I will offer you this. If you want someone to work with and get experience, let me know.


=======================================

Back to the main topic:

Do you know what the exploits flaw is you are trying to compromise? Then maybe I can help you out.

Unix101 - a.k.a. cid

[Raven997]

eh, its alright. i finally found a post over at rapid7 here

it seem too hard to make an unreliable exploit.

hey but thanks for being the only person to respond