O'Reilly logo

Metasploit by Mati Aharoni, Devon Kearns, Jim O'Gorman, David Kennedy

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Creating a New Module

Suppose you’re working on a penetration test and you encounter a system running SQL Server 2008 and Microsoft Server 2008 R2. Because Microsoft removed debug.exe on Windows 7 x64 and Windows Server 2008, these systems won’t allow you to convert executables in a traditional way as defined in Chapter 11. That means you need to create a new module that will allow you to attack a Microsoft Server 2008 and SQL Server 2008 instance successfully.

We’ll make certain assumptions for purposes of this scenario. First, you’ve already guessed that the SQL Server password is blank, and you have gained access to the xp_cmdshell stored procedure. You need to deliver a Meterpreter payload onto the system, but all ports other than 1433 are ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required