실습하기
실습을 위한 선수 작업
metasploitable V2 Linux 서버 구축 및 설정(취약성 테스트를 하기위해 우분투 리눅스를 취약하게 실습용으로 구성)
VMware Tools 설치에 대해서
**********************************************************************************************************************************
■ Metasploitable V2 Linux 서버 구축 및 설정
참고 정보 : https://community.rapid7.com/docs/DOC-1875/
Login :msfadmin/msfadmin
$ ifconfig
$ netstat -nr
$ cat /etc/resolv.conf
$ uname -a
$ cat /etc/lsb-release (# ls /etc/*release)
********************************************************************************************************************************
실습01
■ 메타스포잇 프레임워크 관련 디렉토리 및 파일 정보 확인
@Kali Linux
# cd /usr/share/metasploit-framework/ ; ls
# cd modules ; ls
|
auxiliary encoders exploits nops payloads post |
# cd auxiliary ; ls
|
admin bnat crawler dos gather pdf server spoof
voip analyze client docx fuzzers parser scanner
sqli vsploit |
********************************************************************************************************************************
실습02
■ msfconsole 사용법
# msfconsole -h
-v show version 버전 정보
# msfconsole -v
-q quit mode 상단 정보출력 없이 수행
# msfconsole -q
# msfconsole
msf >
exploits 디렉토리에 1517개의 코드가 있다. auxiliary에 875개, post에 257개 코드가 있다.
버전 정보가 중요(상위 버전일 수록 많은 코드가 있다.)
|
msf > help
Core Commands
=============
Command Description
------- -----------
? Help menu
advanced Displays advanced options for one or more modules
back Move back from the current context
banner Display an awesome metasploit banner
cd Change the current working directory
color Toggle color
connect Communicate with a host
edit Edit the current module with $VISUAL or $EDITOR
exit Exit the console
get Gets the value of a context-specific variable
getg Gets the value of a global variable
grep Grep the output of another command
help Help menu
info Displays information about one or more modules
irb Drop into irb scripting mode
jobs Displays and manages jobs
kill Kill a job
load Load a framework plugin
loadpath Searches for and loads modules from a path
makerc Save commands entered since start to a file
options Displays global options or for one or more modules
popm Pops the latest module off the stack and makes it active
previous Sets the previously loaded module as the current module
pushm Pushes the active or list of modules onto the module stack
quit Exit the console
reload_all Reloads all modules from all defined module paths
rename_job Rename a job
resource Run the commands stored in a file
route Route traffic through a session
save Saves the active datastores
search Searches module names and descriptions
sessions Dump session listings and display information about sessions
set Sets a context-specific variable to a value
setg Sets a global variable to a value
show Displays modules of a given type, or all modules
sleep Do nothing for the specified number of seconds
spool Write console output into a file as well the screen
threads View and manipulate background threads
unload Unload a framework plugin
unset Unsets one or more context-specific variables
unsetg Unsets one or more global variables
use Selects a module by name
version Show the framework and console library version numbers
Database Backend Commands
=========================
Command Description
------- -----------
creds List all credentials in the database
db_connect Connect to an existing database
db_disconnect Disconnect from the current database instance
db_export Export a file containing the contents of the database
db_import Import a scan result file (filetype will be auto-detected)
db_nmap Executes nmap and records the output automatically
db_rebuild_cache Rebuilds the database-stored module cache
db_status Show the current database status
hosts List all hosts in the database
loot List all loot in the database
notes List all notes in the database
services List all services in the database
vulns List all vulnerabilities in the database
workspace Switch between database workspaces
|
|
msf > help info
Usage: info <module name> [mod2 mod3 ...]
Optionally the flag '-j' will print the data in json format
Queries the supplied module or modules for information. If no module is given,
show info for the currently active module.
msf > help search
Usage: search [keywords]
Keywords:
app : Modules that are client or server attacks
author : Modules written by this author
bid : Modules with a matching Bugtraq ID
cve : Modules with a matching CVE ID
edb : Modules with a matching Exploit-DB ID
name : Modules with a matching descriptive name
osvdb : Modules with a matching OSVDB ID
platform : Modules affecting this platform
ref : Modules with a matching ref
type : Modules of a specific type (exploit, auxiliary, or post)
Examples:
search cve:2009 type:exploit app:client
msf > help show
[*] Valid parameters for the "show" command are: all, encoders, nops, exploits, payloads, auxiliary, plugins, info, options
[*] Addi |
msf > show auxiliary
auxiliary 875개가 모두 출력 된다.
msf > s[TAB][TAB]
명령어 자동완성기능 가능하다
msf > show a[TAB][TAB]
show all show auxiliary
***********
■ msfconsole core command 사용법
■ back 명령어
msf > help back
....
msf > show auxiliary
....
msf > use vsploit/pii/web_pii
msf auxiliary(web_pii) > back
msf >
간단한 search CMD
msf > search web_pii
msf > user auxiliary/vsploit/pii/web_pii
msf auxiliary(web_pii) > back
msf >
■ banner 명령어
msf > help banner
msf > banner
여러가지 임의 아스키 문자 그림이 나타남
■ check 명령어
msf > help check
[-] No such command (check -h는 없다)
msf > search ms08_067_netapi
.... window7을 공격할때 쓰는 코드
msf > use exploit/windows/sbm/ms08_067_netapi
msf exploit(ms08_067_netapi) > check
[-] Check failed: the following options failed to validate : RHOST
msf exploit(ms08_067_netapi) > show options
msf exploit(ms08_067_netapi) > set RHOST 192.168.10.134 <-- meta서버
msf exploit(ms08_067_netapi) > check
[*] 192.168.10.134:445 - The target is not exploitable.
msf exploit(ms08_067_netapi) > back
msf >
meta 서버는 리눅스 기 때문에 윈도우용 공격 코드는 되지 않는다.
check로 가능 여부를 점검할 수 있다.
