The current release has approximately 180 exploits, and this list continues to grow.Table 1.2 lists the exploits and the targeted systems.
Table 1.2Exploits Included in the MSF
Name Description
hpux/lpd/cleanup_exec HP-UX LPD Command Execution
irix/lpd/tagprinter_exec Irix LPD tagprinter Command Execution linux/games/ut2004_secure Unreal Tournament 2004 “secure” Overflow
(Linux)
linux/ids/snortbopre Snort Back Orifice Pre-Preprocessor Remote Exploit
multi/ftp/wuftpd_site_exec Wu-FTPD SITE EXEC format string exploit osx/afp/loginext AppleFileServer LoginExt PathName Overflow osx/arkeia/type77 Arkeia Backup Client Type 77 Overflow (Mac
OSX)
osx/ftp/webstar_ftp_user WebSTAR FTP Server USER Overflow osx/samba/trans2open Samba trans2open Overflow (Mac OS X) solaris/dtspcd/heap_noir Solaris dtspcd Heap Overflow
solaris/lpd/cascade_delete Solaris LPD Arbitrary File Delete solaris/lpd/sendmail_exec Solaris LPD Command Execution
solaris/samba/trans2open Samba trans2open Overflow (Solaris SPARC) solaris/sunrpc/solaris_ Solaris sadmind Command Execution
sadmind_exec
solaris/telnet/ttyprompt Solaris in.telnetd TTYPROMPT Buffer Overflow test/multi/aggressive Internal Aggressive Test Exploit
unix/http/php_vbulletin_ vBulletin misc.php Template Name Arbitrary
template Code Execution
unix/http/php_xmlrpc_eval PHP XML-RPC Arbitrary Code Execution unix/misc/distcc_exec DistCC Daemon Command Execution
windows/arkeia/type77 Arkeia Backup Client Type 77 Overflow (Win32) windows/backupexec/ Veritas Backup Exec Name Service Overflow name_service
windows/backupexec/ Veritas Backup Exec Windows Remote Agent
remote_agent Overflow
windows/brightstor/ CA BrightStor Discovery Service TCP Overflow discovery_tcp
windows/brightstor/ CA BrightStor Discovery Service Overflow discovery_udp
windows/brightstor/sql_agent CA BrightStor Agent for Microsoft SQL Overflow
Continued
Table 1.2 continuedExploits Included in the MSF
Name Description
windows/brightstor/universal_ CA BrightStor Universal Agent Overflow agent
windows/browser/aim_goaway AOL Instant Messenger goaway Overflow windows/browser/ms03_020_ MS03-020 Internet Explorer Object Type ie_objecttype
windows/browser/ms06_001_ Windows XP/2003/Vista Metafile Escape() wmf_setabortproc SetAbortProc Code Execution
windows/browser/winamp_ Winamp Playlist UNC Path Computer Name
playlist_unc Overflow
windows/dcerpc/ms03_ Microsoft RPC DCOM MSO3-026 026_dcom
windows/dcerpc/ms05_017_ Microsoft Message Queueing Service MSO5-017 msmq
windows/ftp/3cdaemon_ 3Com 3CDaemon 2.0 FTP Username Overflow ftp_user
windows/ftp/freeftpd_user freeFTPd 1.0 Username Overflow
windows/ftp/globalscapeftp_ GlobalSCAPE Secure FTP Server Input Overflow input
windows/ftp/netterm_ NetTerm NetFTPD USER Buffer Overflow netftpd_user
windows/ftp/oracle9i_xdb_ftp_ Oracle 9i XDB FTP PASS Overflow (win32) pass
windows/ftp/oracle9i_xdb_ftp_ Oracle 9i XDB FTP UNLOCK Overflow (win32) unlock
windows/ftp/servu_mdtm Serv-U FTPD MDTM Overflow
windows/ftp/slimftpd_list_ SlimFTPd LIST Concatenation Overflow concat
windows/ftp/warftpd_165_user War-FTPD 1.65 Username Overflow windows/ftp/wsftp_server_ WS-FTP Server 5.03 MKD Overflow 503_mkd
windows/games/ut2004_secure Unreal Tournament 2004 “secure” Overflow (Win32)
windows/http/altn_webadmin Alt-N WebAdmin USER Buffer Overflow windows/http/edirectory_ eDirectory 8.7.3 iMonitor Remote Stack
imonitor Overflow
windows/http/icecast_header Icecast (<= 2.0.1) Header Overwrite (win32)
Continued
Table 1.2 continuedExploits Included in the MSF
Name Description
windows/http/maxdb_webdbm MaxDB WebDBM GET Buffer Overflow _get_overflow
windows/http/minishare_get_ Minishare 1.4.1 Buffer Overflow overflow
windows/http/shoutcast_format SHOUTcast DNAS/win32 1.9.4 File Request Format String Overflow
windows/http/trackercam_ TrackerCam PHP Argument Buffer Overflow phparg_overflow
windows/iis/ms01_023_printer IIS 5.0 Printer Buffer Overflow windows/iis/ms02_018_htr IIS 4.0 .HTR Buffer Overflow windows/iis/ms03_007_ntdll_ IIS 5.0 WebDAV ntdll.dll Overflow webdav
windows/imap/imail_delete IMail IMAP4D Delete Overflow
windows/imap/mailenable_ MailEnable IMAPD (1.54) STATUS Request Buffer
status Overflow
windows/imap/mailenable_ MailEnable IMAPD W3C Logging Buffer
w3c_select Overflow
windows/imap/mdaemon_ Mdaemon 8.0.3 IMAPD CRAM-MD5
cram_md5 Authentication Overflow
windows/imap/mercury_rename Mercury/32 v4.01a IMAP RENAME Buffer Overflow
windows/isapi/fp30reg_chunked IIS FrontPage fp30reg.dll Chunked Overflow windows/isapi/nsiislog_post IIS nsiislog.dll ISAPI POST Overflow
windows/isapi/rsa_webagent_ IIS RSA WebAgent Redirect Overflow redirect
windows/isapi/w3who_query IIS w3who.dll ISAPI Overflow windows/ldap/imail_thc IMail LDAP Service Buffer Overflow windows/license/sentinel_ SentinelLM UDP Buffer Overflow lm7_udp
windows/mssql/ms02_039_ MSSQL 2000/MSDE Resolution Overflow slammer
windows/mssql/ms02_056_hello MSSQL 2000/MSDE Hello Buffer Overflow windows/novell/zenworks_ ZENworks 6.5 Desktop/Server Management desktop_agent Remote Stack Overflow
windows/proxy/bluecoat_ Blue Coat Systems WinProxy Host Header
winproxy_host Buffer Overflow
Continued
Table 1.2 continuedExploits Included in the MSF
Name Description
windows/smb/ms04_007_killbill Microsoft ASN.1 Library Bitstring Heap Overflow windows/smb/ms04_011_lsass Microsoft LSASS MSO4-011 Overflow
windows/smb/ms04_031_netdde Microsoft Network Dynamic Data Exchange Server MS04-031
windows/smb/ms05_039_pnp Microsoft PnP MS05-039 Overflow windows/ssl/ms04_011_pct Microsoft SSL PCT MS04-011 Overflow
windows/unicenter/cam_ CA CAM log_security() Stack Overflow (Win32) log_security
windows/wins/ms04_045_wins Microsoft WINS MS04-045 Code Execution
Encoders
The current list of available encoders is shown in Table 1.3.
Table 1.3Encoders Available in the MSF
Name Description
cmd/generic_sh Generic Shell Variable Substitution Command Encoder generic/none The “none” Encoder
ppc/longxor PPC LongXOR Encoder ppc/longxor_tag PPC LongXOR Encoder sparc/longxor_tag SPARC DWORD XOR Encoder
x86/alpha_mixed Alpha2 Alphanumeric Mixedcase Encoder x86/alpha_upper Alpha2 Alphanumeric Uppercase Encoder x86/avoid_utf8_tolower Avoid UTF8/tolower
x86/call4_dword_xor Call+4 Dword XOR Encoder
x86/countdown Single-byte XOR Countdown Encoder
x86/fnstenv_mov Variable-length Fnstenv/mov Dword XOR Encoder x86/jmp_call_additive Polymorphic Jump/Call XOR Additive Feedback
Encoder
x86/nonalpha Non-Alpha Encoder x86/nonupper Non-Upper Encoder
x86/shikata_ga_nai Polymorphic XOR Additive Feedback Encoder x86/unicode_mixed Alpha2 Alphanumeric Unicode Mixedcase Encoder
Continued
Table 1.3 continuedEncoders Available in the MSF
Name Description
x86/unicode_upper Alpha2 Alphanumeric Unicode Uppercase Encoder