This article was written by Tan Kean Siong during his gsoc2010 project - improving dionaeas smb stack - I just fixed some typos and formatted it - Markus
The Metasploit Framework is one of the most popular open source penetration testing framework with the world's largest database of public, tested exploits. Metasploit was created in 2003 using the Perl scripting language, lateron the framework was rewritten in the Ruby programming language.
The usage of the framework is user-friendly and the exploitation can be done by the workflow of:
choosing the exploit
configuring the payload
execute the exploit.
This modularity, allowing all combinations of any exploit with any payload is the major advantage of the Framework. It facilitates the tasks of attackers, exploit writers, and payload writers, thus it emerge as the de facto vulnerability development framework in these days.
During the exploitation process, it is often required to know the exact version of the target’s operating system. Often exploits need to be customized to adapt to the particular OS environment, therefore knowing the remote operating system increase success rate of the attack.
Metasploit has includes comprehensive OS fingerprinting support for the Microsoft Windows operating system.
Metasploit can retrieve:
the version of the operating system
version of the service pack
and the installed network services.
Dionaea need to support these fingerprinting method, as malware may adapt this remote version fingerprinting in the future.
Current dionaea trunk is metasploitable.
Getting this working was pretty nasty:
metasploit tries to authenticate using GSS-API
requires ASN1 and embedds SPNEGO
While messing with the protocol, I found 2 bugs in smb client implementations, nothing fancy, but I really appreciate buggy implementations of this protocol, therefore …