'metasploit'에 해당되는 글 17건

  1. 2012.02.23 Metasploit Framework 4.2.0
  2. 2011.10.11 MSFConsole Prompt Fiddling
  3. 2011.09.28 Metasploit: The Penetration Tester’s Guide
2012. 2. 23. 18:59

Metasploit Framework 4.2.0

“The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.“

Official change log for Metasploit Framework 4.2.0:

  • IPv6 Coverage:
    Metasploit 4.2 now ships with thirteen brand new payloads, all added to support opening command sessions and shells on IPv6 networks. In addition, Metasploit’s existing arsenal of payloads has been updated to support IPv6 as well. The database back end now fully supports IPv6 addressing for discovered and compromised hosts. Rex, Metasploit’s general purpose socket and protocol library, is now compatible with IPv6 networks. The ability to launch attacks over IPv6, even in otherwise IPv4 networks, is crucial in the modern penetration testing environment, so if you’re not yet up to speed on auditing a client network’s IPv6 exposure, be sure to catch HD Moore’s free IPv6 security online training on March 28.
  • Virtualization as an Attack Vector
    With this release comes a pile of new modules targeting VMware vSphere/ESX SOAP interface, as well as a pair of new brute force modules to audit password strength for both vmauthd and Virtual Web Services. Here’s the quick list of the new virtual target hotness:
  • vmauthd_version : Discovers the version details for a vmauthd service
  • esx_fingerprint : Fingerprints (down to the build number) of a stand-alone ESX server
  • vmware_http_login : Attempts to brute force local VMware credentials via the Web Services interface
  • vmauthd_login : Attempts to brute force local VMware credentials via the vmauthd service
  • vmware_enum_users : Enumerates both local and domain VMware user accounts
  • vmware_enum_permissions : Enumerates locally-defined user and group permissions on aVMware instance
  • vmware_enum_sessions : Enumerates active VMware login sessions
  • vmware_enum_vms : Enumerates all local virtual machines on the local VMware instance
  • vmware_host_details : Discovers host hardware and software details of the VMware host machine
  • poweroff_vm : Powers off a virtual machine via the VMware Web Services interface
  • poweron_vm : Powers on a virtual machine via the VMware Web Services interface
  • tag_vm : Writes a user-defined “tag” to the VMware logs as proof of compromise
  • vmware_screenshot_stealer : Grabs screenshots of VMware guest operating systems as proof of compromise
  • terminate_esx_sessions : Disconnects a user from the ESX server
  • Virtual machine targets in a network often offer unique avenues of attack for penetration testers, and are sometimes overlooked by IT departments and security infrastructure groups alike. Rapid7′s David Maloney, aka, TheLightCosine, wrote most of these modules. For a deep-dive into virtualization security, please join his webcast on March 21.
  • New Resource Scripts
    Metasploit 4.2 now ships with fourteen new resource scripts, nearly all of which were provided byopen source community contributors. These scripts demonstrate the power of Metasploit’s extensible architecture, allowing programmatic Metasploit module usage through the powerful Ruby scripting language. By automating away penetration testing tasks common to most engagements, Metasploit expert users can free up valuable time for more interesting avenues of research and exploitation. Note that while these scripts are useful on their own, they’re also great examples of using this entry point and really getting your hands dirty with Metasploit internals. Finally, most of these scripts were submitted by open source contributor m-1-k-3, while the Oracle-centric scripts come from nebulous.
  • Module Changes

  • Trackback 2 Comment 0
    2011. 10. 11. 19:11

    MSFConsole Prompt Fiddling

    In @carnal0wnage and my presentation at DerbyCon 2011 we talked about using SCREENand SCRIPT to keep connections live / use them across SSH sessions, and log everything that happens. What we didn't cover is the fact that there isn't a time stamp for those logs. Now, Metasploit has multiple ways of creating logs:

    cat ~/.msf4/logs/framework.log       This log automatically logs all of the error data that is great for trouble shooting when something is working, but doesn't record what you are doing inside of msfconsole
    msf> spool ~/myclient.log The spool command is great for logging output from anything you do in either consoles or sessions, even when you drop to a shell. My one gripe about this one is that it doesn't log the actual command you issued.
    msf> set ConsoleLogging true
    msf> set LogLevel 5
    msf> set SessionLogging true
    msf> set TimestampOutput true 
    These combined essentially do the same thing as spool except that they go into different logs, but do actually log the command you issued


    Plenty of logging right? But none of them really 'log everything' and time stamps are not a regular occurrence in them. Cool, but we need both. We've got the 'log everything' with the Linux 'script' command, we just need a way to inject time stamps into our log.

    Enter the ever mutable 'msf>' prompt:

    A lesser known variable in MSFConsole is 'PROMPT'. You can set this pretty much like any other OS can, however there are some metasploit specific things you can add. Using a three letter abbreviation you can even add color to it. 

    For example lets add our hostname to our prompt:

    • set PROMPT %H

    changes msf> to myattackmachine>

    And you can combine and add things that you wish:

    • set PROMPT %H Just more text %U

    changes the prompt to:  myattackmachine Just more text mubix>  (%U is username)

    For reference here are the other working % variables that I know of:

    • %D = Current local directory (not sure if this changes when in meterpreter or not for the victims dir, that would be cool)
    • %H = Host name (again, would be cool if this changed when in meterpreter)
    • %J = Current number of jobs running
    • %L = Local IP (makes it easy to remember what to put in LHOST)
    • %S = Currently number of sessions open
    • %T = Time stamp
    • %U = Username (yes, would be awesome if this changed in meterpreter too)

    Now if you wanted to add colors to that, all you would do is use something like %grn%T to make the time stamp green. You'll have to play around with the color's names as I don't know them all. %red %blu %blk etc...

    Combine all of that with script and you've got something awesome. I set my PROMPT to:

    • set PROMPT %T S:%S J:%J
    • 1970-01-01 00:00:00 +0000 S:0 J:0> 

    This gives me the number of jobs and sessions and has the time stamp every time I throw a command, so in my logs I can very easily narrow down the exact time when I did or didnt' do something. The number of sessions and jobs are just good to know items.

    Throw in one more trick to make the whole thing a cake walk:

    In your ~/.msf4 directory, if you haven't already, create a file called 'msfconsole.rc'. This magical file will run every time you start msfconsole (with the express exception of when you specify a resource file to run from the command line using the -r argument). Throw your 'set PROMPT %blah %blah %blah' in there formatted however you like, and now whenever you start msfconsole you'll have your handy dandy timestamp.

    Shout out to @egyp7 for showing me this.

    출처 : Room362.com

    Trackback 0 Comment 0
    2011. 9. 28. 18:55

    Metasploit: The Penetration Tester’s Guide

    It gives me great pleasure to review this book ‘Metasploit – The Penetration Tester’s Guide’, not only because it is written on most popular penetration testing framework but the way it is written doing complete justice to the title!

    Here is the core information about the book,

    • Title: Metasploit: The Penetration Tester’s Guide
    • Author: David Kennedy, Jim O’Gorman, Devon Kearns, Mati Aharoni
    • Publisher: No Starch Press
    • Pages: 328
    • Release Date: July 22, 2011
    • Rating(Amazon): 


    Here is the table of contents

    Chapter 1: The Absolute Basics of Penetration Testing
    Chapter 2: Metasploit Basics
    Chapter 3: Intelligence Gathering
    Chapter 4: Vulnerability Scanning
    Chapter 5: The Joy of Exploitation
    Chapter 6: Meterpreter
    Chapter 7: Avoiding Detection
    Chapter 8: Exploitation Using Client-side Attacks
    Chapter 9: Metasploit Auxiliary Modules
    Chapter 10: The Social-Engineer Toolkit
    Chapter 11: Fast-Track
    Chapter 12: Karmetasploit
    Chapter 13: Building Your Own Module
    Chapter 14: Creating Your Own Exploits
    Chapter 15: Porting Exploits to the Metasploit Framework
    Chapter 16: Meterpreter Scripting
    Chapter 17: Simulated Penetration Test
    Appendix A: Configuring Your Target Machines
    Appendix B: Cheat Sheet

    출처 : nagareshwar.securityxploded.com

    Trackback 0 Comment 0