'metasploit'에 해당되는 글 17건
[Bug-wget] GNU wget 1.16 released
It is available for download here: ftp://ftp.gnu.org/gnu/wget/wget-1.16.tar.gz ftp://ftp.gnu.org/gnu/wget/wget-1.16.tar.xz and the GPG detached signatures using the key E163E1EA: ftp://ftp.gnu.org/gnu/wget/wget-1.16.tar.gz.sig ftp://ftp.gnu.org/gnu/wget/wget-1.16.tar.xz.sig To reduce load on the main server, you can use this redirector service which automatically redirects you to a mirror: http://ftpmirror.gnu.org/wget/wget-1.16.tar.gz http://ftpmirror.gnu.org/wget/wget-1.16.tar.xz * Noteworthy changes in Wget 1.16 ** No longer create local symbolic links by default. Closes CVE-2014-4877. ** Use libpsl for verifying cookie domains. ** Default progress bar output changed. ** Introduce --show-progress to force display the progress bar. ** Introduce --no-config. The wgetrc files will not be read. ** Introduce --start-pos to allow starting downloads from a specified position. ** Fix a problem with ISA Server Proxy and keep-alive connections.
"In addition to changing arguments in all scripts or programs that invoke wget, it is possible to enabled[sic] retr-symlinks option via wget configuration file - either global /etc/wgetrc, or user specific ~/.wgetrc - by adding the line: retr-symlinks=on"
출처 : https://www.facebook.com/groups/metasploit/
In this blog I will show you a pretty sweet tool called SQL Ninja in the Metasploit Framework. There are a lot of SQL injection tools out there but this one is my favorite because instead of extracting the actual data it focuses on getting a interactive shell on the remote DB server, and uses it as a foothold against the target network. So let’s go ahead and dive in to the wonders of SQL Ninja.
First all of the information we need SQL Ninja to use is stored in a config file by default it’s called sqlninja.conf. All you need to do is simply open the configuration file with Nano, Kate or whatever your favorite text editor in Linux is. (See Below)
As you can see from the screenshot above I pointed out the important parts of the config file for basic SQL injections. The first arrow is the actual host address ie. www.domain.com this can also be an IP address of the server.
The second arrow is the port that we will try to exploit on 443 is the default for SQL so just leave it as 443. Make all the changes needed to the config file and save it.
Now type: “cd /pentest/database/sqlninja” without quotes and hit enter this will load up the SQL Ninja tool, after that type: “./sqlninja –f config.conf –m m” without quotes this is going to parse the config file into SQL Ninja and also start up a Metasploit module at the same time.
After you do this it’s going to take awhile because SQL Ninja is actually pushing SQL queries via the initial SQL injection. So it has to go through several queries and then wait for the responses from the SQL server and then check the those results. I would advise grabbing a rum and coke while you wait :) When it’s done you will get a screen like the one below:
This has created a local shell on the SQL box from here you can use your Metasploit meterpreter session, this is pretty awesome because a SQL server is usually a high maintenance server, so it’s likely the admin has logged in recently. We can do something like a hashdump or grab the tokens off the local SQL server once we have the hashes of all the accounts (Admin included) we can use the hash to pivot from the SQL server into the domain controller. This technique is known as “Pass The Hash” and works if the admin uses the same password for all his logins to windows servers.
Final Note: The best lab for this is a virtual environment I like to use VMWare Workstation to run all the different boxes needed for the demos.