Necesito informacion acerca de que exploit podria utilizar para acceder a una maquina victima con SO Windows Server 2003, estoy utilizando metasploit en Backtrack final...por favor , es urgente...ok
08-06-2010, 15:22
Necesito informacion acerca de que exploit podria utilizar para acceder a una maquina victima con SO Windows Server 2003, estoy utilizando metasploit en Backtrack final...por favor , es urgente...ok
He buscado y he lanzado exploits pero no me han funcionado...no se que hacer.
Digo yo que primero deberás realizar un scan a ver que vulnerabilidades tiene la maquina....
De todas maneras si has tirado exploits al azar date por jodido.....
tiene vulnerabilidad en el puerto 80 y en el tcp general, aplique exploit de dnd, uno de los que siempre usamos pero nada, he buscado segun las vulnerabilidades pero nada,,agradezco me ayuden por favor
oot@bt:~# nmap -O -sV -v 192.168.1.5
Starting Nmap 5.00 ( http://nmap.org ) at 2010-06-08 20:36 EDT
NSE: Loaded 3 scripts for scanning.
Initiating ARP Ping Scan at 20:36
Scanning 192.168.1.5 [1 port]
Completed ARP Ping Scan at 20:36, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 20:36
Completed Parallel DNS resolution of 1 host. at 20:36, 0.18s elapsed
Initiating SYN Stealth Scan at 20:36
Scanning 192.168.1.5 [1000 ports]
Discovered open port 139/tcp on 192.168.1.5
Discovered open port 445/tcp on 192.168.1.5
Discovered open port 25/tcp on 192.168.1.5
Discovered open port 135/tcp on 192.168.1.5
Discovered open port 21/tcp on 192.168.1.5
Discovered open port 3306/tcp on 192.168.1.5
Discovered open port 53/tcp on 192.168.1.5
Discovered open port 1025/tcp on 192.168.1.5
Discovered open port 80/tcp on 192.168.1.5
Discovered open port 110/tcp on 192.168.1.5
Discovered open port 1046/tcp on 192.168.1.5
Discovered open port 1077/tcp on 192.168.1.5
Discovered open port 1033/tcp on 192.168.1.5
Discovered open port 8099/tcp on 192.168.1.5
Discovered open port 1053/tcp on 192.168.1.5
Discovered open port 7999/tcp on 192.168.1.5
Discovered open port 1059/tcp on 192.168.1.5
Discovered open port 2522/tcp on 192.168.1.5
Discovered open port 1056/tcp on 192.168.1.5
Completed SYN Stealth Scan at 20:36, 1.69s elapsed (1000 total ports)
Initiating Service scan at 20:36
Scanning 19 services on 192.168.1.5
Completed Service scan at 20:37, 63.76s elapsed (19 services on 1 host)
Initiating OS detection (try #1) against 192.168.1.5
NSE: Script scanning 192.168.1.5.
NSE: Starting runlevel 1 scan
Initiating NSE at 20:37
Completed NSE at 20:37, 1.12s elapsed
NSE: Script Scanning completed.
Host 192.168.1.5 is up (0.0022s latency).
Interesting ports on 192.168.1.5:
Not shown: 981 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
25/tcp open smtp Microsoft ESMTP 6.0.3790.1830
53/tcp open domain Microsoft DNS
80/tcp open http Microsoft IIS webserver 6.0
110/tcp open pop3 Microsoft Windows 2003 POP3 Service 1.0
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
1033/tcp open netinfo?
1046/tcp open msrpc Microsoft Windows RPC
1053/tcp open msrpc Microsoft Windows RPC
1056/tcp open msrpc Microsoft Windows RPC
1059/tcp open msrpc Microsoft Windows RPC
1077/tcp open msrpc Microsoft Windows RPC
2522/tcp open unknown
3306/tcp open mysql MySQL (unauthorized)
7999/tcp open unknown
8099/tcp open http Microsoft IIS webserver 6.0
MAC Address: 00:03:FF:00:5D:98 (Microsoft)
Device type: general purpose
Running: Microsoft Windows 2003
OS details: Microsoft Windows Server 2003 SP1 or SP2
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: Host: W2003-SRV02; OSs: Windows, Windows 2000
Read data files from: /usr/share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 69.48 seconds
Raw packets sent: 1024 (45.768KB) | Rcvd: 1019 (41.416KB)
Según los resultados que has pegado, estás en red local. Yo trataría de suplantar algún servicio/servidor. Si envenenas por ejemplo sus DNS, puedes hacer que te dé credenciales o no sé, acercarte a lo que sea que busques.
Salu2
Marcadores