Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
untuk Kali Linux, setiap kali kita menjalankannya maka kita harus menghubungkan Metasploit
dengan Kali linux dengan mengetikan perintah ini:
service postgersql start
service metasploit start
dan perintah ini di dalam msfconsole:
msf > db_connect -y /opt/metasploit/apps/pro/ui/config/database.yml
kemudian cek apakah sudah terkoneksi atau belum dengan perintah:
msf > db_status
dengan hasil diatas berarti VNC di komputer target membutuh kan password.
Referensi mengenai VNC:
http://myexploit.wordpress.com/control-metasploit-vnc-scanner/
http://www.offensive-security.com/metasploit-unleashed/Scanner_VNC_Auxiliary_Modules
vncviewer 192.168.1.3
Ketika dijalankan maka akan tampil baris-baris berikut ini:
msf auxiliary(vnc_none_auth) > vncviewer 192.168.1.3
[*] exec: vncviewer 192.168.1.3
Connected to RFB server, using protocol version 3.3
Performing standard VNC authentication
Password:
Authentication successful
Desktop name "root's X desktop (metasploitable:0)"
VNC server default format:
32 bits per pixel.
Least significant byte first in each pixel.
True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
| 100021 1,3,4
33657/udp nlockmgr
| 100021 1,3,4
34166/tcp nlockmgr
| 100024 1
45513/udp status
|_ 100024 1
52659/tcp status
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
512/tcp open exec
netkit-rsh rexecd
513/tcp open login?
514/tcp open shell?
1099/tcp open rmiregistry GNU Classpath grmiregistry
|_rmi-dumpregistry: Registry listing failed (No return data received from server)
1524/tcp open shell
Metasploitable root shell
2049/tcp open nfs
2-4 (RPC #100003)
| rpcinfo:
| program version port/proto service
| 100000 2
111/tcp rpcbind
| 100000 2
111/udp rpcbind
| 100003 2,3,4
2049/tcp nfs
| 100003 2,3,4
2049/udp nfs
| 100005 1,2,3
46848/tcp mountd
| 100005 1,2,3
51528/udp mountd
| 100021 1,3,4
33657/udp nlockmgr
| 100021 1,3,4
34166/tcp nlockmgr
| 100024 1
45513/udp status
|_ 100024 1
52659/tcp status
2121/tcp open ftp
ProFTPD 1.3.1
|_ftp-bounce: no banner
3306/tcp open mysql
MySQL 5.0.51a-3ubuntu5
|_mysql-info: ERROR: Script execution failed (use -d to debug)
5432/tcp open postgresql PostgreSQL DB 8.3.0 - 8.3.7
5900/tcp open vnc
VNC (protocol 3.3)
| vnc-info:
| Protocol version: 3.3
| Security types:
|_ Unknown security type (33554432)
6000/tcp open X11
(access denied)
6667/tcp open irc
Unreal ircd
| irc-info:
| server: irc.Metasploitable.LAN
| version: Unreal3.2.8.1. irc.Metasploitable.LAN
| servers: 1
| users: 1
| lservers: 0
| lusers: 1
| uptime: 0 days, 2:16:59
| source host: 353C1D75.78DED367.FFFA6D49.IP
|_ source ident: nmap
8009/tcp open ajp13
Apache Jserv (Protocol v1.3)
|_ajp-methods: Failed to get a valid response for the OPTION request
8180/tcp open http
Apache Tomcat/Coyote JSP engine 1.1
|_http-favicon: Apache Tomcat
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
http://nmap.org/nsedoc/scripts/ssl-heartbleed.html
Tambahan Info:
Referensi Cara Mencari Lokasi file Script Nmap di Linux:
https://blog.skullsecurity.org/2010/how-to-install-an-nmap-script-2
/usr/share/nmap/scripts
Untuk scanning vulnerability heartbleed nya saya menggunakan Tutorial di situs ini:
https://gist.github.com/bonsaiviking/10402038
Jadi perintah nya yg dijalankan di Terminal: