background image

64

Chapter 5

setg and unsetg

The 

setg

 and 

unsetg

 commands are used to set or unset a parameter globally 

within 

msfconsole

. Using these commands can save you from having to re-enter 

the same information repeatedly, particularly in the case of frequently used 
options that rarely change, such as 

LHOST

.

save

Having configured global options with the 

setg

 command, use the 

save

 com-

mand to save your current settings so they will be available next time you run 
the console. You can enter the 

save

 command at any time in Metasploit to 

save your current place.

msf exploit(ms08_067_netapi) > 

save

Saved configuration to: /root/.msf3/config
msf exploit(ms08_067_netapi) >

The location in which the configuration is stored, 

/root/.msf3/config

, is 

shown on the screen. If for some reason you need to start over, move or delete 
this file to revert to the default settings.

Exploiting Your First Machine

With some of the basics behind us and an understanding of how to set vari-
ables within 

msfconsole

, let’s exploit our first machine. To do so, fire up your 

Windows XP Service Pack 2 and Ubuntu 9.04 virtual machines. We’ll use 
Metasploit from within Back|Track. 

If you used the vulnerability scanners discussed in Chapter 4 against your 

virtual Windows XP SP2 machine, you will have encountered the vulnerabil-
ity we’ll exploit in this chapter: the MS08-067 exploit. We’ll begin by finding 
this vulnerability on our own. 

As your skills as a penetration tester improve, the discovery of certain 

open ports will trigger ideas about how you might exploit a particular service. 
One of the best ways to conduct this check is by using 

nmap

’s script options 

within Metasploit as shown here:

root@bt:/root# 

cd /opt/framework3/msf3/

root@bt:/opt/framework3/msf3# 

msfconsole

. . . SNIP . . .

msf > 

nmap -sT -A --script=smb-check-vulns -P0 192.168.33.130 

[*] exec: nmap -sT -A --script=smb-check-vulns -P0 192.168.33.130

Starting Nmap 5.20 ( http://nmap.org ) at 2011-03-15 19:46 EDT
Warning: Traceroute does not support idle or connect scan, disabling...
NSE: Script Scanning completed.
Nmap scan report for 192.168.33.130
Host is up (0.00050s latency).
Not shown: 991 closed ports