64
Chapter 5
setg and unsetg
The
setg
and
unsetg
commands are used to set or unset a parameter globally
within
msfconsole
. Using these commands can save you from having to re-enter
the same information repeatedly, particularly in the case of frequently used
options that rarely change, such as
LHOST
.
save
Having configured global options with the
setg
command, use the
save
com-
mand to save your current settings so they will be available next time you run
the console. You can enter the
save
command at any time in Metasploit to
save your current place.
msf exploit(ms08_067_netapi) >
save
Saved configuration to: /root/.msf3/config
msf exploit(ms08_067_netapi) >
The location in which the configuration is stored,
/root/.msf3/config
, is
shown on the screen. If for some reason you need to start over, move or delete
this file to revert to the default settings.
Exploiting Your First Machine
With some of the basics behind us and an understanding of how to set vari-
ables within
msfconsole
, let’s exploit our first machine. To do so, fire up your
Windows XP Service Pack 2 and Ubuntu 9.04 virtual machines. We’ll use
Metasploit from within Back|Track.
If you used the vulnerability scanners discussed in Chapter 4 against your
virtual Windows XP SP2 machine, you will have encountered the vulnerabil-
ity we’ll exploit in this chapter: the MS08-067 exploit. We’ll begin by finding
this vulnerability on our own.
As your skills as a penetration tester improve, the discovery of certain
open ports will trigger ideas about how you might exploit a particular service.
One of the best ways to conduct this check is by using
nmap
’s script options
within Metasploit as shown here:
root@bt:/root#
cd /opt/framework3/msf3/
root@bt:/opt/framework3/msf3#
msfconsole
. . . SNIP . . .
msf >
nmap -sT -A --script=smb-check-vulns -P0 192.168.33.130
[*] exec: nmap -sT -A --script=smb-check-vulns -P0 192.168.33.130
Starting Nmap 5.20 ( http://nmap.org ) at 2011-03-15 19:46 EDT
Warning: Traceroute does not support idle or connect scan, disabling...
NSE: Script Scanning completed.
Nmap scan report for 192.168.33.130
Host is up (0.00050s latency).
Not shown: 991 closed ports