Scribd Logo
Carica

Benvenuto in Scribd!

  • Cat A Tank Ali Linux

    Caricato da

    ÅñdRìäñs Thè-RuroUni KenShin
    28 visualizzazioni7 pagine
    LINUX

    Titolo originale

    Cat a Tank Ali Linux

    Copyright

    © © All Rights Reserved

    Formati disponibili

    ODT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    LINUX

    Copyright:

    © All Rights Reserved
    Scarica in formato ODT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    28 visualizzazioni7 pagine

    Cat A Tank Ali Linux

    Caricato da

    ÅñdRìäñs Thè-RuroUni KenShin
    LINUX

    Copyright:

    © All Rights Reserved
    Scarica in formato ODT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 7

    Catatan Kali Linux

    untuk Kali Linux, setiap kali kita menjalankannya maka kita harus menghubungkan Metasploit
    dengan Kali linux dengan mengetikan perintah ini:
    service postgersql start
    service metasploit start
    dan perintah ini di dalam msfconsole:
    msf > db_connect -y /opt/metasploit/apps/pro/ui/config/database.yml
    kemudian cek apakah sudah terkoneksi atau belum dengan perintah:
    msf > db_status

    Scan Mesin Target Menggunakan Nmap


    Dalam hal ini mesin target memiliki ip 192.168.1.5 . Mesin target berupa OS Metasploitable 2.
    1. Ketikan perintah :
    nmap -sS -Pn 192.168.1.5
    2. Maka akan tampil daftar port port yg terbuka:
    Starting Nmap 6.47 ( http://nmap.org ) at 2014-12-25 06:07 WITA
    Nmap scan report for 192.168.1.5
    Host is up (0.080s latency).
    Not shown: 977 closed ports
    PORT STATE SERVICE
    21/tcp open ftp
    22/tcp open ssh
    23/tcp open telnet
    25/tcp open smtp
    53/tcp open domain
    80/tcp open http
    111/tcp open rpcbind
    139/tcp open netbios-ssn
    445/tcp open microsoft-ds
    512/tcp open exec
    513/tcp open login
    514/tcp open shell
    1099/tcp open rmiregistry
    1524/tcp open ingreslock
    2049/tcp open nfs
    2121/tcp open ccproxy-ftp

    3306/tcp open mysql


    5432/tcp open postgresql
    5900/tcp open vnc
    6000/tcp open X11
    6667/tcp open irc
    8009/tcp open ajp13
    8180/tcp open unknown
    MAC Address: 94:DB:C9:44:41:E0 (Azurewave)
    Nmap done: 1 IP address (1 host up) scanned in 16.26 seconds

    Melakukan Scanning untuk Mengetahui Apakah VNC di Mesin Target


    Tidak Membutuhkan Otentifikasi
    IP komputer target : 192.168.1.3
    OS Target : Metasploitable 2
    Sesuai hasil scan NMAP maka port VNC: 5900
    Untuk masuk ke module VNC nya Jalankan perintah:
    msf > use auxiliary/scanner/vnc/vnc_none_auth
    Untuk melihat pilhan perintah yg tersedia, maka pakai perintah:
    msf auxiliary(vnc_none_auth) > show options
    Module options (auxiliary/scanner/vnc/vnc_none_auth):
    Name Current Setting Required Description
    ---- --------------- -------- ----------RHOSTS
    yes
    The target address range or CIDR identifier
    RPORT 5900
    yes
    The target port
    THREADS 1
    yes
    The number of concurrent threads
    Untuk mengetest apakah VNC di komputer target memiliki password atau tidak maka jalankan
    perintah:
    msf auxiliary(vnc_none_auth) > set RHOSTS 192.168.1.3
    RHOSTS => 192.168.1.3
    msf auxiliary(vnc_none_auth) > run
    [*] Scanned 1 of 1 hosts (100% complete)
    [*] Auxiliary module execution completed

    dengan hasil diatas berarti VNC di komputer target membutuh kan password.
    Referensi mengenai VNC:
    http://myexploit.wordpress.com/control-metasploit-vnc-scanner/
    http://www.offensive-security.com/metasploit-unleashed/Scanner_VNC_Auxiliary_Modules

    Cara Mengakses Komputer Target Menggunakan VNC setelah Password


    nya Diketahui
    Dalam contoh sebelumnya ketika kita scan menggunakan module Metasploit, maka kita ketahui
    bahwa di komputer target terinstal VNC yg memiliki password setelah melakukan searching di
    Google, maka diketahui bahwa passwordnya adalah : password.
    Info tersebut didapatkan disitus ini:
    https://community.rapid7.com/docs/DOC-1875

    Untuk konek ke VNC dengan perintah:

    vncviewer 192.168.1.3
    Ketika dijalankan maka akan tampil baris-baris berikut ini:
    msf auxiliary(vnc_none_auth) > vncviewer 192.168.1.3
    [*] exec: vncviewer 192.168.1.3
    Connected to RFB server, using protocol version 3.3
    Performing standard VNC authentication
    Password:
    Authentication successful
    Desktop name "root's X desktop (metasploitable:0)"
    VNC server default format:
    32 bits per pixel.
    Least significant byte first in each pixel.
    True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0

    Perintah Nmap Untuk Mengetahui Informasi Mengenai Komputer Target


    IP Target : 192.168.1.4
    OS Target : Metasploitable 2
    Mencoba menjalankan perintah:

    nmap -sV -sC 192.168.1.4 6000


    mencoba mengecek apakah bisa terkoneksi ke x11, karena dari hasil scan nmap bahwa nomer port
    x11 adalah 6000
    Hasilnya:
    Starting Nmap 6.47 ( http://nmap.org ) at 2014-12-26 10:58 WITA
    setup_target: failed to determine route to 6000 (0.0.23.112)
    Nmap scan report for 192.168.1.4
    Host is up (0.00095s latency).
    Not shown: 977 closed ports
    PORT STATE SERVICE VERSION
    21/tcp open ftp
    vsftpd 2.3.4
    |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
    22/tcp open ssh
    OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
    | ssh-hostkey:
    | 1024 60:0f:cf:e1:c0:5f:6a:74:d6:90:24:fa:c4:d5:6c:cd (DSA)
    |_ 2048 56:56:24:0f:21:1d:de:a7:2b:ae:61:b1:24:3d:e8:f3 (RSA)
    23/tcp open telnet
    Linux telnetd
    25/tcp open smtp
    Postfix smtpd
    |_smtp-commands: metasploitable.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN,
    STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
    | ssl-cert: Subject: commonName=ubuntu804base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing
    outside US/countryName=XX
    | Not valid before: 2010-03-17T14:07:45+00:00
    |_Not valid after: 2010-04-16T14:07:45+00:00
    |_ssl-date: 2014-12-26T02:53:14+00:00; -7m42s from local time.
    53/tcp open domain
    ISC BIND 9.4.2
    | dns-nsid:
    |_ bind.version: 9.4.2
    80/tcp open http
    Apache httpd 2.2.8 ((Ubuntu) DAV/2)
    |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
    |_http-title: Metasploitable2 - Linux
    111/tcp open rpcbind 2 (RPC #100000)
    | rpcinfo:
    | program version port/proto service
    | 100000 2
    111/tcp rpcbind
    | 100000 2
    111/udp rpcbind
    | 100003 2,3,4
    2049/tcp nfs
    | 100003 2,3,4
    2049/udp nfs
    | 100005 1,2,3
    46848/tcp mountd
    | 100005 1,2,3
    51528/udp mountd

    | 100021 1,3,4
    33657/udp nlockmgr
    | 100021 1,3,4
    34166/tcp nlockmgr
    | 100024 1
    45513/udp status
    |_ 100024 1
    52659/tcp status
    139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
    445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
    512/tcp open exec
    netkit-rsh rexecd
    513/tcp open login?
    514/tcp open shell?
    1099/tcp open rmiregistry GNU Classpath grmiregistry
    |_rmi-dumpregistry: Registry listing failed (No return data received from server)
    1524/tcp open shell
    Metasploitable root shell
    2049/tcp open nfs
    2-4 (RPC #100003)
    | rpcinfo:
    | program version port/proto service
    | 100000 2
    111/tcp rpcbind
    | 100000 2
    111/udp rpcbind
    | 100003 2,3,4
    2049/tcp nfs
    | 100003 2,3,4
    2049/udp nfs
    | 100005 1,2,3
    46848/tcp mountd
    | 100005 1,2,3
    51528/udp mountd
    | 100021 1,3,4
    33657/udp nlockmgr
    | 100021 1,3,4
    34166/tcp nlockmgr
    | 100024 1
    45513/udp status
    |_ 100024 1
    52659/tcp status
    2121/tcp open ftp
    ProFTPD 1.3.1
    |_ftp-bounce: no banner
    3306/tcp open mysql
    MySQL 5.0.51a-3ubuntu5
    |_mysql-info: ERROR: Script execution failed (use -d to debug)
    5432/tcp open postgresql PostgreSQL DB 8.3.0 - 8.3.7
    5900/tcp open vnc
    VNC (protocol 3.3)
    | vnc-info:
    | Protocol version: 3.3
    | Security types:
    |_ Unknown security type (33554432)
    6000/tcp open X11
    (access denied)
    6667/tcp open irc
    Unreal ircd
    | irc-info:
    | server: irc.Metasploitable.LAN
    | version: Unreal3.2.8.1. irc.Metasploitable.LAN
    | servers: 1
    | users: 1
    | lservers: 0
    | lusers: 1
    | uptime: 0 days, 2:16:59
    | source host: 353C1D75.78DED367.FFFA6D49.IP
    |_ source ident: nmap
    8009/tcp open ajp13
    Apache Jserv (Protocol v1.3)
    |_ajp-methods: Failed to get a valid response for the OPTION request
    8180/tcp open http
    Apache Tomcat/Coyote JSP engine 1.1
    |_http-favicon: Apache Tomcat
    |_http-methods: No Allow or Public header in OPTIONS response (status code 200)

    |_http-title: Apache Tomcat/5.5


    MAC Address: 08:00:27:9E:EB:32 (Cadmus Computer Systems)
    Service Info: Hosts: metasploitable.localdomain, localhost, irc.Metasploitable.LAN; OSs: Unix,
    Linux; CPE: cpe:/o:linux:linux_kernel
    Host script results:
    |_nbstat: NetBIOS name: METASPLOITABLE, NetBIOS user: <unknown>, NetBIOS MAC:
    <unknown> (unknown)
    | smb-os-discovery:
    | OS: Unix (Samba 3.0.20-Debian)
    | NetBIOS computer name:
    | Workgroup: WORKGROUP
    |_ System time: 2014-12-25T21:53:04-05:00
    Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 174.57 seconds
    msf auxiliary(open_x11) > nmap -p 443 --script ssl-heartbleed 192.168.1.4[*] exec: nmap -p 443
    --script ssl-heartbleed 192.168.1.4
    Starting Nmap 6.47 ( http://nmap.org ) at 2014-12-26 11:41 WITA
    Nmap scan report for 192.168.1.4
    Host is up (0.00081s latency).
    PORT STATE SERVICE
    443/tcp closed https
    MAC Address: 08:00:27:9E:EB:32 (Cadmus Computer Systems)
    Nmap done: 1 IP address (1 host up) scanned in 4.62 seconds

    Mengecek Vulnerability Terhadap SSL-Heartbleed Menggunakan Nmap


    OS Target : Metasploitable2
    IP Target : 192.168.1.4

    Refensi mengenai script Nmap untuk mengecek vulnerability SSL Heartbleed:

    http://nmap.org/nsedoc/scripts/ssl-heartbleed.html

    Tambahan Info:
    Referensi Cara Mencari Lokasi file Script Nmap di Linux:

    https://blog.skullsecurity.org/2010/how-to-install-an-nmap-script-2

    Saya menemukan lokasi scriptnya di :

    /usr/share/nmap/scripts

    Untuk scanning vulnerability heartbleed nya saya menggunakan Tutorial di situs ini:

    https://gist.github.com/bonsaiviking/10402038
    Jadi perintah nya yg dijalankan di Terminal:

    nmap -d --script ssl-heartbleed --script-args vulns.showall -sV 192.168.1.4

    Potrebbero piacerti anche