| | at : |
Archive

[MAD-METASPLOIT] 0x12 - Vulnerability Scanning 하훌 rwxr-xr-x 0 8/07/2017



[MAD-METASPLOIT] 0x12 - Vulnerability Scanning

Permission rw-r--r--
Author 하훌
Date and Time 8/07/2017
Label
License 크리에이티브 커먼즈 라이선스





Vulnerability Scanning


   auxiliary/scanner/vnc/vnc_login                                                           normal     VNC Authentication Scanner
   auxiliary/scanner/vnc/vnc_none_auth                                                       normal     VNC Authentication None Detection

HAHWUL exploit(handler) > db_nmap -PN 192.168.56.101
[*] Nmap: Starting Nmap 7.01 ( https://nmap.org ) at 2017-08-07 15:04 KST
[*] Nmap: Stats: 0:00:19 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
[*] Nmap: SYN Stealth Scan Timing: About 99.99% done; ETC: 15:04 (0:00:00 remaining)
[*] Nmap: Nmap scan report for 192.168.56.101
[*] Nmap: Host is up (0.00066s latency).
[*] Nmap: Not shown: 985 closed ports
[*] Nmap: PORT      STATE SERVICE
[*] Nmap: 135/tcp   open  msrpc
[*] Nmap: 139/tcp   open  netbios-ssn
[*] Nmap: 445/tcp   open  microsoft-ds
[*] Nmap: 554/tcp   open  rtsp
[*] Nmap: 2869/tcp  open  icslap
[*] Nmap: 5357/tcp  open  wsdapi
[*] Nmap: 5500/tcp  open  hotline
[*] Nmap: 5800/tcp  open  vnc-http
[*] Nmap: 5900/tcp  open  vnc


HAHWUL exploit(handler) > search vnc

Matching Modules
================

   Name                                                 Disclosure Date  Rank       Description
   ----                                                 ---------------  ----       -----------
   auxiliary/admin/vnc/realvnc_41_bypass                2006-05-15       normal     RealVNC NULL Authentication Mode Bypass
   auxiliary/scanner/vnc/vnc_login                                       normal     VNC Authentication Scanner
   auxiliary/scanner/vnc/vnc_none_auth                                   normal     VNC Authentication None Detection
   auxiliary/server/capture/vnc                                          normal     Authentication Capture: VNC
   exploit/multi/misc/legend_bot_exec                   2015-04-27       excellent  Legend Perl IRC Bot Remote Code Execution
   exploit/multi/vnc/vnc_keyboard_exec



WMAP을 이용한 Web service 취약점 스캔


먼저 WMAP 사용을 위헤 plugin을 로드합니다.

HAHWUL > load wmap

.-.-.-..-.-.-..---..---.
| | | || | | || | || |-'
`-----'`-'-'-'`-^-'`-'
[WMAP 1.5.1] ===  et [  ] metasploit.com 2012
[*] Successfully loaded plugin: wmap

HAHWUL > help wmap

wmap Commands
=============

    Command       Description
    -------       -----------
    wmap_modules  Manage wmap modules
    wmap_nodes    Manage nodes
    wmap_run      Test targets
    wmap_sites    Manage sites
    wmap_targets  Manage targets
    wmap_vulns    Display web vulns


먼저 wmap_sites 로 대상 사이트 지정합니다.

wmap_sites -a (vhost,url)

HAHWUL > wmap_sites -a 172.217.27.78,google.com
[*] Site created.

HAHWUL > wmap_sites -l
[*] Available sites
===============

     Id  Host            Vhost          Port  Proto  # Pages  # Forms
     --  ----            -----          ----  -----  -------  -------
     0   172.217.25.206  172.217.27.78  80    http   0        0
     1   175.158.2.152   175.158.2.152  443   https  0        0


두번째론 wmap_targets 으로 실제 테스트가 진행되는 타겟을 지정합니다.

HAHWUL > wmap_targets -t 127.0.0.1

or

HAHWUL > wmap_targets -d 0
[*] Loading 172.217.27.78,http://172.217.25.206:80/.
HAHWUL > wmap_targets -l
[*] Defined targets
===============

     Id  Vhost          Host            Port  SSL    Path
     --  -----          ----            ----  ---    ----
     0   172.217.27.78  172.217.25.206  80    false   /


세팅이 다 되었으면.. run!

HAHWUL > wmap_run -e 
[*] Using ALL wmap enabled modules.
[-] NO WMAP NODES DEFINED. Executing local modules
[*] Testing target:
[*] Site: 172.217.27.78 (172.217.25.206)
[*] Port: 80 SSL: false
============================================================
[*] Testing started. 2017-08-07 11:33:59 +0900
[*] Loading wmap modules...
[....]

완료 후 vulns에도 저장되지만 wmap_vulns 로 따로 볼수도 있습니다.

HAHWUL > wmap_vulns -l



Share







HAHWUL
HACKING | PENETRATION-TEST | CODING
HACKERONE : GIT : 0DAY-TODAY : EXPLOIT-DB : PACKETSTORM
GOOGLE+ | HAHWUL@GMAIL.COM | TWITTER
WWW.HAHWUL.COM




0 개의 댓글:

댓글 쓰기