Lazy overflow kits: Metasploit-vulnerability warning-the black bar safety net

ID MYHACK58:6220054335
Type myhack58
Reporter 佚名
Modified 2005-11-06T00:00:00


A few days ago in the QQ on Q the friends said, found a really cool overflow kit, but how do I ask him he wouldn't tell me, and finally sent him a set of clothes only to tell me a kit name. Download back after use but this overflow kit is really cool, dare not exclusive, treat yourself to use the experience to write down and share with all of you, by the lie point network fees to continue access to the Internet.

This tool package the Linux/Unix version and Windows version, considering most people are using Windows System, here I take Windows version of Metasploit to use the method explain, as for the Linux/Unix method of using and the Windows were much the same, there is not extra explanation.

Download the Metasploit installer after double-click the installation, the fool of the installation process, there is not much to say. After the installation is complete you can see the installation directory with many more files, mainly: Msfconsole. bat and Msfweb. bat. The first one is this kit the console, and the second is the program of the graphical interface under the program, the following I will and everyone together to enjoy their charm!.

The command line using the Metasploit

After running the first thing you see is the Metasploit Welcome screen, we enter a“?” Get Online Help as shown in Figure 1: The


Figure 1

You can see there are a lot of commands, here I will some of the most important do is simple to explain:

The“? ”is: Get help. “cd”:change the current working directory. “exit”:to exit. “help”:to get help. “info”:displays the current program information. “quit”:the launch of the program. “reload”:loaded Exploit and payloads of. “save”:Save the current settings “setg”:set an environment variable. “show”:display the available Exploit and payloads of. “use”:the use of a Virus the. “version”:display the program version.

Although there are so many commands, but commonly used of which is the“show”and“info”and“use”only, they are exactly how to use it?

This program integrates many of the Exploit, so we have to first know about the program exactly who spill kit, type“show Exploits”to see what the available Exploit program first as shown in Figure 2: The


Figure 2

The left display is an overflow of the program name, the right is the corresponding profile. You can see the Metasploit with overflow packages or many, fully meet our daily invasion of need, later we will no longer have to store overflow program folder to find half a day corresponding to the program!

Know what overflow program, but how to use? Generally, when we get an overflow of the program after first reading overflow the program's Help file to see Using the method in the Metasploit how to view we need to overflow the program using the method? This is used by Info command. The command role is the display overflow package of detailed information, for example, we want to see“iis50_webday_ntdll”overflow kit using the method, in the command line enter:“info Exploit iis50_webday_ntdll”get after as shown in Figure 3 Echo of:


Figure 3

Butterfly: in Figure 3 We note that the beginning of the section and the Available Options in the content, the start of the content may tell us that this overflow procedure is for what system, and the Available Options in the content is our next step to be used.

It should be noted that in the input command of the Backdoor is to the program indicate that we want to see is to Exploit the information, of course, can be viewed and Payload information, but the Payload is what? In fact, plainly Payload is what we usually say the ShellCode is. In Metasploit, overflow of the ShellCode is not like we usually used to the overflow of tools like Metasploit allow ourselves to choose your favorite of the ShellCode, thus greatly improve the overflow of the flexible line.

At the command line enter the“show payloads”after you can see the available ShellCode list as shown in Figure 4: The


Figure 4

Similarly, the left is the ShellCode's name, on the right is the corresponding profile. We then use the Info command to look at the ShellCode specific information, such as we the one calling the Winexec ShellCode of comparative interest, in the command line input: Info payload winexec, as shown in Figure 5.


Figure 5

In this dialog box, note that the same is at the beginning of the information and Available Options. In the Available Options, we can see that there are Required and Optional words, the Required representatives will be selected mean Optional The representative is optional and may not be preferred. The following specific use, we need to use this option.

Butterfly: here it should be noted that, in the BSD at the beginning is for a BSD system The ShellCode to the Linx at the beginning is for Linux ShellCode to CMD and WIN at the beginning is for Windows System. Because of different systems for different ShellCode requirements are not the same, the one here be sure to select the appropriate ShellCode before it can be successfully overflow.

To see so many basic command Description, The following our actual overflow once to look at the effect! In the actual overflow, we have to use the USE command. Here we are still in the“iis50_webdav_ntdll”overflow kit, for example. At the command line enter“use iis50_webdav_ntdll”will switch to“iis50_webdav_ntdll”directory. Enter the Show options, check the overflow kit requires you to specify the input content. As shown in Figure 6:


Figure 6

You can see there are two Required items, here's the Required is a and Figure 3 the same. Below we set these necessary options in the command line sequentially input: set RHOST set RPORT 8 0 As shown in Figure 7:


Figure 7

In Metasploit, the ShellCode is to be specified, how specified? Very simple, turn the Input Input: set payload winexec set CMD net user hacker 1 2 3 /add & net localgroup administrators hacker /add As shown in Figure 8.


Figure 8

The first command is specified we need to use what kind of ShellCode, but the 2nd command is what does that mean? We now go back and look at Figure 5. Found? Oh, remember I mentioned the essential option? Look at the Available Options in the CMD required and the following description. Yes, here's the 2nd command is meant is to set the required options CMD, in fact, set the CMD of the content that we want to execute the command. As for what to order then look at everyone's needs!

Well the most basic setup we've done, and finally specify the target hostoperating systemyou can attack, enter: the show targets You can look to alternativeoperating systemtype a representative name. Then enter: set target 0 Selectedoperating system. OK, we confirm it, enter: Set Can be seen as shown in Figure 9 echo: a


Figure 9

Check and correct rear can start to overflow, input: Trojan The program prompts the spill began, but this time I test how the spill are unsuccessful, because the other system earlier up thisvulnerability, here also it is not the figure sticking out of shame, forgive me.

Graphical interface using Metasploit

Metasploit graphical interface using the method and the command line is not too big difference, but is a mode of operation different.: to the the Metasploit installation directory found under the Msfweb. bat file double click to run, after a while the program prompts the execution is successful, as shown in Figure 1 0 shows:


Figure 1 0

Then open IE, in the address bar inputhttp:// wait a bit after seeing Figure 1 1 shown in the IE window:


Figure 1 1

When you want to use the spill kit click on the left mouse button into the basic settings window, we still iis50_webdav_ntdll, for example, as shown in Figure 1 2 shows:


Figure 1 2

Click the“select payload”option into Payload selection interface, as shown in Figure 1 3 shows:


Figure 1 3

Select the appropriate Payload after entering the basic information settings interface, as shown in Figure 1 4 shows:


Figure 1 4

Here's the settings and the command line is described in basically the same, I will not do the extra explanation. Are set good, you can point the Vulnerability Check check to see if the target system has no correspondingvulnerability, or Launch the Virus to attack!

From the above operation can be seen in Metasploit using the method is very simple, but function is also very powerful, for we daily infiltration is a very practical tool. Of course, maybe you are not satisfied with the software that comes with these overflow tool, you can completely own to this tool to add any you think useful to you in the overflow kit. I believe that with everyone's efforts, this Toolkit can be more perfect!