Browse Exploit & Auxiliary Modules
The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.
Search for modules
Microsoft Host Integration Server 2006 Command Execution Vulnerability
This module exploits a command-injection vulnerability in Microsoft Host Integration Server 2006.
Rank
- Normal
Authors
- MC < mc [at] metasploit.com >
References
- MSB-MS08-059
- CVE-2008-3466
- OSVDB-49068
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745
Development
Similar Modules
- auxiliary/admin/mssql/mssql_enum
- auxiliary/admin/mssql/mssql_exec
- auxiliary/admin/mssql/mssql_idf
- auxiliary/admin/mssql/mssql_sql
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/admin/ms/ms08_059_his2006
msf auxiliary(ms08_059_his2006) > set RHOST [TARGET IP]
msf auxiliary(ms08_059_his2006) > run
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/admin/ms/ms08_059_his2006
msf auxiliary(ms08_059_his2006) > set RHOST [TARGET IP]
msf auxiliary(ms08_059_his2006) > run
Module Options
| ARGS | The arguments to the command (default: /c echo metasploit > metasploit.txt) |
| COMMAND | The command to execute (default: cmd.exe) |
| RHOST | The target address |
| RPORT | The target port (default: 0) |
| CHOST | The local client address |
| CPORT | The local client port |
| ConnectTimeout | Maximum number of seconds to establish a TCP connection |
| DCERPC::ReadTimeout | The number of seconds to wait for DCERPC responses |
| Proxies | Use a proxy chain |
| SSL | Negotiate SSL for outgoing connections |
| SSLVersion | Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |
| DCERPC::fake_bind_multi | Use multi-context bind calls |
| DCERPC::fake_bind_multi_append | Set the number of UUIDs to append the target |
| DCERPC::fake_bind_multi_prepend | Set the number of UUIDs to prepend before the target |
| DCERPC::max_frag_size | Set the DCERPC packet fragmentation size |
| DCERPC::smb_pipeio | Use a different delivery method for accessing named pipes (accepted: rw, trans) |
| TCP::max_send_size | Maxiumum tcp segment size. (0 = disable) |
| TCP::send_delay | Delays inserted before every send. (0 = disable) |