- Metasploitable V2 Linux 서버 구축
Metasploitable V2 Linux 에 대한 정보 ( 다운로드 ) : https://community.rapid7.com/docs/DOC-1875
로그인 ID/PASS : msfadmin / msfadmin
( 주의 ) eth0 반드시 NAT로 변경
IP: 192.168.17.134/24
default router : 192.168.17.2
DNS Server : 192.168.10.2 / 168.126.63.1
$ sudo vi /etc/network/interfaces
|
auto eth0 iface eth0 inet static address 192.168.10.134 netmask 255.255.255.0 gateway 192.168.10.2 |
|
$ sudo ifdown eth0
$ sudo ifup eth0
$ ifconfig eth0
- 메타스플로잇 프레임워크 관련 디렉토리 및 파일 정보 확인
( Kali Linux )
# cd /usr/share/metasploit-framework/
# ls
|
Gemfile config metasploit-framework.gemspec msfdb msfvenom tools Gemfile.lock data modules msfrpc plugins vendor Rakefile db msfconsole msfrpcd ruby app lib msfd msfupdate scripts |
|
[참고] 디렉토리 구조(Metasploit Filesystem)
-----------------------------------------------------------
data: editable files used by Metasploit
documnentation: provides documentation for the framework
external: source code and third-party libraries
lib: the 'meat' of the framework code base
modules: the actual MSF modules
plugins: plugins that can be loaded at run-time
scripts: Meterpreter and other scripts
tools: various useful command-line utilities
-----------------------------------------------------------
# cd modules
# ls
|
auxiliary encoders exploits nops payloads post |
|
[참고] 각 모듈에 대한 설명
----------------------------------------------------------------------------
Exploits Defined as modules that use payloads
Auxiliary An exploit without a payload is an Auxiliary module
Payloads Payloads consist of code that runs remotely
Encoders Encoders ensure that payloads make it to their destination
Nops Nops keep the payload sizes consistent.
----------------------------------------------------------------------------
# cd auxiliary
# ls
|
admin bnat crawler dos gather pdf server spoof voip analyze client docx fuzzers parser scanner sniffer sqli vsploit |
|
- msfconsole 간단한 사용법
# msfconsole -h
|
Usage: msfconsole [options] Common options -E, --environment ENVIRONMENT The Rails environment. Will use RAIL_ENV environment variable if that is set. Defaults to production if neither option not RAILS_ENV environment variable is set. Database options -M, --migration-path DIRECTORY Specify a directory containing additional DB migrations -n, --no-database Disable database support -y, --yaml PATH Specify a YAML file containing database settings Framework options -c FILE Load the specified configuration file -v, --version Show version Module options --defer-module-loads Defer module loading unless explicitly asked. -m, --module-path DIRECTORY An additional module path Console options: -a, --ask Ask before exiting Metasploit or accept 'exit -y' -H, --history-file FILE Save command history to the specified file -L, --real-readline Use the system Readline library instead of RbReadline -o, --output FILE Output to the specified file -p, --plugin PLUGIN Load a plugin on startup -q, --quiet Do not print the banner on startup -r, --resource FILE Execute the specified resource file (- for stdin) -x, --execute-command COMMAND Execute the specified string as console commands (use ; for multiples) -h, --help Show this message |
|
# msfconsole
|
IIIIII dTb.dTb _.---._ II 4' v 'B .'"".'/|\`.""'. II 6. .P : .' / | \ `. : II 'T;. .;P' '.' / | \ `.' II 'T; ;P' `. / | \ .' IIIIII 'YvP' `-.__|__.-' I love shells --egypt Tired of typing 'set RHOSTS'? Click & pwn with Metasploit Pro Learn more on http://rapid7.com/metasploit =[ metasploit v4.14.10-dev ] + -- --=[ 1639 exploits - 944 auxiliary - 289 post ] + -- --=[ 472 payloads - 40 encoders - 9 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ] msf > quit |
|
# msfconsole
|
######## # ################# # ###################### # ######################### # ############################ ############################## ############################### ############################### ############################## # ######## # ## ### #### ## ### ### #### ### #### ########## #### ####################### #### #################### #### ################## #### ############ ## ######## ### ######### ##### ############ ###### ######## ######### ##### ######## ### ######### ###### ############ ####################### # # ### # # ## ######################## ## ## ## ## http://metasploit.com Easy phishing: Set up email templates, landing pages and listeners in Metasploit Pro -- learn more on http://rapid7.com/metasploit =[ metasploit v4.14.10-dev ] + -- --=[ 1639 exploits - 944 auxiliary - 289 post ] + -- --=[ 472 payloads - 40 encoders - 9 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ] msf > help Core Commands ============= Command Description ------- ----------- ? Help menu banner Display an awesome metasploit banner cd Change the current working directory color Toggle color connect Communicate with a host exit Exit the console get Gets the value of a context-specific variable getg Gets the value of a global variable grep Grep the output of another command help Help menu history Show command history irb Drop into irb scripting mode load Load a framework plugin quit Exit the console route Route traffic through a session save Saves the active datastores sessions Dump session listings and display information about sessions set Sets a context-specific variable to a value setg Sets a global variable to a value sleep Do nothing for the specified number of seconds spool Write console output into a file as well the screen threads View and manipulate background threads unload Unload a framework plugin unset Unsets one or more context-specific variables unsetg Unsets one or more global variables version Show the framework and console library version numbers Module Commands =============== Command Description ------- ----------- advanced Displays advanced options for one or more modules back Move back from the current context edit Edit the current module with the preferred editor info Displays information about one or more modules loadpath Searches for and loads modules from a path options Displays global options or for one or more modules popm Pops the latest module off the stack and makes it active previous Sets the previously loaded module as the current module pushm Pushes the active or list of modules onto the module stack reload_all Reloads all modules from all defined module paths search Searches module names and descriptions show Displays modules of a given type, or all modules use Selects a module by name Job Commands ============ Command Description ------- ----------- handler Start a payload handler as job jobs Displays and manages jobs kill Kill a job rename_job Rename a job Resource Script Commands ======================== Command Description ------- ----------- makerc Save commands entered since start to a file resource Run the commands stored in a file Database Backend Commands ========================= Command Description ------- ----------- db_connect Connect to an existing database db_disconnect Disconnect from the current database instance db_export Export a file containing the contents of the database db_import Import a scan result file (filetype will be auto-detected) db_nmap Executes nmap and records the output automatically db_rebuild_cache Rebuilds the database-stored module cache db_status Show the current database status hosts List all hosts in the database loot List all loot in the database notes List all notes in the database services List all services in the database vulns List all vulnerabilities in the database workspace Switch between database workspaces Credentials Backend Commands ============================ Command Description ------- ----------- creds List all credentials in the database msf > |
|
'Security > 정보 수집' 카테고리의 다른 글
| 메타스플로잇을 사용하여 사전 파일을 이용한 MySQL 원격 로그인 시도 (0) | 2017.11.09 |
|---|---|
| zenmap을 통해 포트스캔된 정보를 metasploit에서 읽어 들이기 (0) | 2017.11.09 |
| 메타스폴로잇 (Metasploit) (0) | 2017.11.09 |
| 스캐닝 ( SCAN ) (0) | 2017.11.03 |
| 말테고 ( maltego ) (0) | 2017.11.03 |
