Metasploit

msf ์ด์šฉํ•˜๊ธฐ2

๐“›๐“พ๐“ฌ๐“ฎ๐“ฝ๐“ฎ_๐“ข๐“ฝ๐“ฎ๐“ต๐“ต๐“ช 2015. 12. 2.
728x90
๋ฐ˜์‘ํ˜•

ํฌํŠธ์Šค์บ๋‹์— ๊ด€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ๊ณ„์†ํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค.


์•ž์—์„œ ๋งํ•œ๊ฑฐ์™€ ๊ฐ™์ด ํฌํŠธ์Šค์บ๋‹์—๋Š” nmap ๊ฐ™์ด ์œ ๋ช…ํ•œ ๋„๊ตฌ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.


์šฐ๋ฆฌ๋Š” msf ๋ณด์กฐ๊ธฐ๋Šฅ์„ ์ด์šฉํ•ด๋ณด๊ฒ ์Šต๋‹ˆ๋‹ค.


1. use auxiliary/scanner/smb/smb_version



2. set rhosts 192.168.32.0/24




192.168.32.0/24๋ฅผ ์ด์šฉํ•ด ๋Œ€์—ญ์„ ์Šค์บ”ํ•˜๋Š” ๊ฒƒ์ด๋‹ค.


3. set threads 256



์ด๋Ÿฌ๊ฒŒ ํ•จ์œผ๋กœ run์„ ํ•  ์ˆ˜ ์žˆ๋‹ค.





์—ฌ๊ธฐ์„œ ์กฐ๊ธˆ๋” ์ž์„ธํžˆ ์•Œ๊ณ ์‹ถ๊ณ  ์•„์ดํ”ผ๋ฅผ ์•ˆ๋‹ค๋ฉด 


1. use auxiliary/scanner/netbios/nbname



2. set rhosts IP



3. set threads 256



์ด๋ ‡๊ฒŒ ํ•˜๋ฉด run์„ ํ• ์ˆ˜ ์žˆ๋‹ค.





IP๋Œ€์—ญ์„ ์ด์šฉํ•˜์—ฌ mysql ํƒ์ƒ‰ํ•˜๋Š” ๋ฐฉ๋ฒ•


1. use auxiliary/scanner/mysql/mtsql_version



2. set rhosts IP



์ด๋ ‡๊ฒŒ ์•„์ดํ”ผ ๋Œ€์—ญ์„ ์žก์•„์ฃผ๊ณ  


3. set rport 3306


sql ํฌํŠธ๋ฅผ ์ง€์ •ํ•ด์ค€๋‹ค.


4. set threads 256



์ด๋ ‡๊ฒŒ ํ•˜๋ฉด ์ค€๋น„ ๋!!!




์ด๋ ‡๊ฒŒ ๋‚˜์˜จ๋‹ค. ๋ˆ„๊ตฌ๊ป€์ง€ ๋ชจ๋ฅธ๋‹ค...


์ด๋ฅผ ๊ณต๊ฒฉํ•ด๋ณด๊ธฐ ๋ฌด์ฐจ๋ณ„ ๊ณต๊ฒฉ์„ ํ•ด๋ณด์ž


1. use auxiliary/scanner/mysql/mysql_login



2. set rhosts IP



3. set rport 3306



4. set user_file /tmp/users.txt



์ด๋Š” ๋ฌด์ฐจ๋ณ„ ๊ณต๊ฒฉ ํ•˜๊ธฐ์œ„ํ•ด ์œ ์ €์•„์ด๋””์˜ ์‚ฌ์ „ํŒŒ์ผ์„ ๋“ฑ๋กํ•ด์ฃผ๋Š” ๊ฒƒ์ด๋‹ค.

๊ธฐ๋ณธ์ ์œผ๋กœ๋Š” (cp /usr/share/w3af/w3af/core/controllers/bruteforce/users.txt /tmp/ <=๋ช…๋ น์–ด์ด์šฉํ•˜์—ฌ tmp๋กœ ์ด๋™์‹œ์ผœ์•ผํ•จ) = passwords.txt๋„ ๋™์ผ


5. set pass_file /tmp/passwords.txt



6. set stop_on_success true



๊ฒฐ๊ณผ๊ฐ’์ด true๊ฐ€ ๋œจ๋ฉด ๋ฉˆ์ถ”๋ผ๋Š” ๋ช…๋ น์–ด์ด๋‹ค.


7. set threads 256


์ค€๋น„๋์ธ๋ฐ...


์™œ์•ˆ๋ ๊นŒ?


์ด์œ ๋Š” ์ง€์›๋˜์ง€ ์•Š๋Š” ๋ฒ„์ „ ๋Œ€์ƒ์ด๋ž˜์š” ,,,

728x90
๋ฐ˜์‘ํ˜•

'Metasploit' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

msfvenom  (0) 2015.12.06
msf ์ด์šฉํ•˜๊ธฐ // beEF ์‚ฌ์šฉ๋ฒ•  (0) 2015.12.06
Arp Spoofing & DNS Spoofing  (0) 2015.12.06
msfconsole ์ด์šฉํ•˜๊ธฐ  (0) 2015.12.01
kali linux ์—์„œ์˜ msf  (0) 2015.12.01

๋Œ“๊ธ€