I've been an infrequent yet admiring user of Metasploit for about four years, but I've never tried it on Windows. It strikes me as being something I "just shouldn't do," like running Nmap on Windows or (shudder) Snort on Windows. However, while preparing labs for my upcoming class, I thought I would give version 3.2 a try. It worked very well, at least for the simple test I ran.After installing the .exe and launching the new app, I saw this window:
I decided to try exploiting a vulnerable Samba server:
When I set the parameters I ran the exploit:
When I got my session I interacted with a root shell on the victim.
By identifying the process started on the victim (PID 2216) and running lsof, you can see the vulnerable service which Metasploit attacked.
Incidentally, my take on why having these sorts of tools available is In Defense of HD Moore, from three years ago.
Great work Metasploit team!
Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.
Tidak ada komentar:
Posting Komentar