Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Metasploit

  1. #1
    Member Mortifix's Avatar
    Join Date
    Nov 2006
    Posts
    113

    Default Metasploit

    Ok so I did my first exploit today with metasploit and I was amazed it actually worked. So basically I search SP2 under exploits and it brought me to a nice exploit called Internet Explorer createTextRange() Code Execution. This was the only one that I really understood so I decided to run with it. I tried this on myself, but there was a few things I was wondering.

    1.) I used Win32 vncinject reverse tcp. With that payload does the VNC server have to be running on the target machine?

    2.) When I ran the exploit...this is what it looked like.

    =[ msf v3.0 + -- --=[ 176 exploits - 104 payloads + -- --=[ 17 encoders - 5 nops =[ 30 aux[*] Started reverse handler[*] Using URL: http://10.0.0.3:8080/F8qVMixN9l7qf[*] Server started.[*] Exploit running as background job.
    msf exploit(ms06_013_createtextrange) >

    Do I have to get the victem to go to http://10.0.0.3:8080/F8qVMixN9l7qf before the exploit will start working? Because when I did go to that, thats when it started working.

    Also, about the payload...that is determined by what services they have running and ports they have open which are found by (linux users) Nmap correct?

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    1) No the target machine is "infected " with a .dll file or sometimes a .exe in order to excecute the vnc payload however if you want to use a vnc exploit then your target machine must be running the vulnerable service.

    2)Yes. You executed the payload correctly if you gained a C:/ command line on the attack box. Not all exploit shellcode executes in this way some payloads have a direct connection. Normally only one or two payloads will work on a given machine.

    On a lighter note sounds like your doing a little learning for your self which is what i like to hear.

  3. #3
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Also, The only payload that I have gotten to work in metasploit is Reverse Shell. I haven't fiddled with it extensively though. Once you have a reverse shell, tftp a VNC server to it. Just look up "how to install vnc remotely" in google or something. Also, I know purehate had some tricks with VNC, He might not tell you, but it's something I wanted to know. Purehate PM me!
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

  4. #4
    dementia_reign
    Guest

    Default

    has anyone ever rooted a box using metasploit honestly?

  5. #5
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by dementia_reign View Post
    has anyone ever rooted a box using metasploit honestly?
    what EXACTLY do you mean by "rooted"?? That word has so many different meanings depending on how you implied to use it.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  6. #6
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Quote Originally Posted by -=Xploitz=- View Post
    what EXACTLY do you mean by "rooted"?? That word has so many different meanings depending on how you implied to use it.
    I rooted for a box once. I said "Cmon baby BOOT! BOOT! Please! I just upgraded your ram! Boot!"

    And it did. So yes, I guess I did root a box once.
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

  7. #7
    EnculeurDePoules
    Guest

    Default

    Quote Originally Posted by Mortifix View Post
    Ok so I did my first exploit today with metasploit and I was amazed it actually worked. So basically I search SP2 under exploits and it brought me to a nice exploit called Internet Explorer createTextRange() Code Execution. This was the only one that I really understood so I decided to run with it. I tried this on myself, but there was a few things I was wondering.

    1.) I used Win32 vncinject reverse tcp. With that payload does the VNC server have to be running on the target machine?

    2.) When I ran the exploit...this is what it looked like.

    =[ msf v3.0 + -- --=[ 176 exploits - 104 payloads + -- --=[ 17 encoders - 5 nops =[ 30 aux[*] Started reverse handler[*] Using URL: http://10.0.0.3:8080/F8qVMixN9l7qf[*] Server started.[*] Exploit running as background job.
    msf exploit(ms06_013_createtextrange) >

    Do I have to get the victem to go to http://10.0.0.3:8080/F8qVMixN9l7qf before the exploit will start working? Because when I did go to that, thats when it started working.

    Also, about the payload...that is determined by what services they have running and ports they have open which are found by (linux users) Nmap correct?
    I never found an exploit working for windows xp sp2 machines (version 5.1)...
    there is a few but never worked!
    weird!

  8. #8
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    What is metasploit? Well metasploit is a framework for developing exploit code with a whole lot of pre coded and really useful payloads. It is coded in ruby and is a perfect development environment in which to learn to turn a vunerability into a exploit and pair it with a working payload or shellcode.

    What is metasploit not? Well it is not a point and click pwn a box software for any joe blow on the planet to download and bring down entire net works before they can even complete a basic stealth scan with nmap.

    Think about it people you have to put some research and effort into this stuff other wise any idiot with a copy of backtrack could be a security analyst. The exploits that come with metasploit are more of a proof of concept and a way to take apart and learn your own.

  9. #9
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    So you're saying I can't hack-da-planet from with an acoustic coupler on a payphone with metasploit?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  10. #10
    Very good friend of the forum drgr33n's Avatar
    Join Date
    Jan 2010
    Location
    Dark side of the moon ...
    Posts
    699

    Default

    I wrote a tut a while back on how to use a few tools including metasploit to you could use to exploit a sp2 box

    http://forum.remote-exploit.org/showthread.php?t=9121

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •