๐’ƒ๐’†๐’‚๐’–๐’•๐’š ๐’Š๐’๐’•๐’†๐’๐’๐’Š๐’ˆ๐’†๐’๐’•
728x90
๋ฐ˜์‘ํ˜•
article thumbnail
msfvenom
Metasploit 2015. 12. 6. 23:24

์ฃผ์˜! ๋ชจ๋“  ์•…์˜์ ์ธ ๋ฒ•์  ์ฑ…์ž„์€ ์‚ฌ์šฉ์ž์—๊ฒŒ ์žˆ์Šต๋‹ˆ๋‹ค. ํ ... ์˜›๋‚ ์—๋Š” msfpayload ๋ผ๋Š” ๋ช…๋ น์–ด๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ๋ฐฑ๋„์–ด๋„ ๋งŒ๋“ค์–ด ๋ณด๊ณ  ํ–ˆ๋‹ค.๊ทธ๋Ÿฌ๋‚˜ ๋ฐ”๋ผ๊ณ  ๋‚œ ํ›„ ์˜ค๋žœ๋งŒ์— ์จ์•ผํ•ด์„œ ๋ช…๋ น์–ด๋ฅผ ํ•˜๋‹ˆ msfpayload๊ฐ€ ์—†๋ฐ์—ฌ,,,๊ฒ€์ƒ‰๊ฒฐ๊ณผ msfvenom ์œผ๋กœ ๋ฐ”๊ผˆ๊ธธ๋ž˜ ๋‹ค์‹œ ๊ณต๋ถ€๋ฅผ ํ•˜์˜€๋‹ค. ์ด์ œ ์ด๋ฅผ ๊ฐ„๋‹จํžˆ ์‚ฌ์šฉํ•ด๋ณด์ž!๋จผ์ € ๋ฆฌ์ŠคํŠธ๋ฅผ ๋ณด๊ธฐ์œ„ํ•ด 1. msfvenom -l ์ด๋ ‡๊ฒŒ ๋ฆฌ์ŠคํŠธ๊ฐ€ ๋‚˜์˜จ๋‹ค. ๋งŒ์•ฝ ์ž๊ธฐ๊ฐ€ ์“ฐ๊ณ  ์‹ถ์€ payload๋ฅผ ์ฐพ์•˜๋‹ค๋ฉด 2. msfvenom -p ์›ํ•˜๋Š” payload -f ํ™•์žฅ์ž > ํŒŒ์ผ์ด๋ฆ„.ํ™•์žฅ์ž root ํด๋”์— ๊ฐ€๋ฉด ํŒŒ์ผ์ด ์ƒ์„ฑ๋˜์–ด์žˆ๋‹ค. ์ด์   ํ•ธ๋“ค๋Ÿฌ๋ฅผ ํ–ฅํ•ด!! 1. msfconsole 2. use exploit/multi/handler 3. sey payload [payload ๋ช…]..

article thumbnail
msf ์ด์šฉํ•˜๊ธฐ // beEF ์‚ฌ์šฉ๋ฒ•
Metasploit 2015. 12. 6. 22:37

msfconsole ์„ ์ด์šฉํ•˜์—ฌ ๋งŽ์€ ์ •๋ณด๋ฅผ ์ฐพ์„ ์ˆ˜ ์žˆ๋‹ค.์•ž์—์„œ ๋ณด์—ฌ์ค€ ์ •๋ณด๋“ค ๋ฟ์•„๋‹ˆ๋ผ ์ด๋ฉ”์ผ ์ฃผ์†Œ๊นŒ์ง€ ์•Œ์•„๋‚ผ์ˆ˜ ์žˆ๋‹ค. ํ•˜์ง€๋งŒ msf ์ž์ฒด๋Š” ๋ฏธ๊ตญ์— ์ค‘์ ์ด ๋˜์–ด ํ•œ๊ตญ ์ •๋ณด๋Š” ๋งŽ์ด ์—†๋‹ค๋Š” ์ ์ด๋‹ค... (์•…์˜์ ์ธ ํ–‰์œ„์˜ ์ฑ…์ž„์€ ์‚ฌ์šฉ์ž ๋ณธ์ธ์—๊ฒŒ ์žˆ์Šต๋‹ˆ๋‹ค.) 1. use auxiliary/gather/search_email_collector 2. set domain [๋„๋ฉ”์ธ] 3. run BeEFBeEF๋Š” Browser Exploit Framework ๋กœ์จ ์‚ฌ์šฉ์ž PC์˜ ์ •๋ณด ์ˆ˜์ง‘๋ถ€ํ„ฐ ๊ณต๊ฒฉ๊นŒ์ง€ ๊ฐ€๋Šฅํ•œ ๋„๊ตฌ์ด๋‹ค. ์ฃผ๋กœ xss(ํฌ๋กœ์Šค ์‚ฌ์ดํŠธ์Šคํฌ๋ฆฝํŠธ)๊ณต๊ฒฉ ์ทจ์•ฝ์ ์„ ์ฐพ๊ธฐ ์œ„ํ•ด ์‚ฌ์šฉ์ด๋œ๋‹ค. ๊ทธ๋Ÿผ xss๋ž€ ๋ฌด์—‡์ผ๊นŒ? ์ด๋Š” ์›น์—์„œ ์‚ฌ์šฉํ•˜๋Š” ํด๋ผ์ด์–ธํŠธ ์Šคํฌ๋ฆฝํŠธ๋ฅผ ํ†ตํ•ด ํŠน์ •ํ•œ ํ–‰๋™์„ ์ผ์œผํ‚ค๋Š” ์ทจ์•ฝ์ ์„ ๋งํ•œ๋‹ค. beEF ์„ค์น˜!..

article thumbnail
msf ์ด์šฉํ•˜๊ธฐ2
Metasploit 2015. 12. 2. 22:42

ํฌํŠธ์Šค์บ๋‹์— ๊ด€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ๊ณ„์†ํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค. ์•ž์—์„œ ๋งํ•œ๊ฑฐ์™€ ๊ฐ™์ด ํฌํŠธ์Šค์บ๋‹์—๋Š” nmap ๊ฐ™์ด ์œ ๋ช…ํ•œ ๋„๊ตฌ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ์šฐ๋ฆฌ๋Š” msf ๋ณด์กฐ๊ธฐ๋Šฅ์„ ์ด์šฉํ•ด๋ณด๊ฒ ์Šต๋‹ˆ๋‹ค. 1. use auxiliary/scanner/smb/smb_version 2. set rhosts 192.168.32.0/24 192.168.32.0/24๋ฅผ ์ด์šฉํ•ด ๋Œ€์—ญ์„ ์Šค์บ”ํ•˜๋Š” ๊ฒƒ์ด๋‹ค. 3. set threads 256 ์ด๋Ÿฌ๊ฒŒ ํ•จ์œผ๋กœ run์„ ํ•  ์ˆ˜ ์žˆ๋‹ค. ์—ฌ๊ธฐ์„œ ์กฐ๊ธˆ๋” ์ž์„ธํžˆ ์•Œ๊ณ ์‹ถ๊ณ  ์•„์ดํ”ผ๋ฅผ ์•ˆ๋‹ค๋ฉด 1. use auxiliary/scanner/netbios/nbname 2. set rhosts IP 3. set threads 256 ์ด๋ ‡๊ฒŒ ํ•˜๋ฉด run์„ ํ• ์ˆ˜ ์žˆ๋‹ค. IP๋Œ€์—ญ์„ ์ด์šฉํ•˜์—ฌ mysql ํƒ์ƒ‰ํ•˜๋Š” ๋ฐฉ๋ฒ• 1. use auxiliary..

article thumbnail
msfconsole ์ด์šฉํ•˜๊ธฐ
Metasploit 2015. 12. 1. 03:03

์•ž์—์˜ ๊ธ€์—์„œ๋Š” msfconsole ์—์„œ company_name ์„ ์ด์šฉํ•ด์„œ ์•Œ์•„ ๋ณด์•˜๋‹ค.์ด๋ฒˆ์—๋Š” company_name ์—์„œ ์•Œ์•„๋‚ธ ์ •๋ณด๋ฅผ ์ด์šฉํ•˜์—ฌ ๋ณด์ž. ์ด๋ฅผ ์ด์šฉํ•˜์—ฌ ๋ณด์ž .1. use auxiliary/gather/corpwatch_lookup_id์ด๋Š” name ์ฒ˜๋Ÿผ ๋ณด์กฐ๊ธฐ๋Šฅ์„ ์‚ฌ์šฉํ•˜๋Š”๋ฐ name ๋Œ€์‹ ์— id๋ฅผ ์ด์šฉํ•˜๊ฒ ๋‹ค๋Š” ๊ฒƒ์ด๋‹ค. 2. set cw_id cw_40155์ด๋ ‡๊ฒŒ ์•„์ด๋””๋ฅผ ์ง€์ •ํ•˜์ค€๋‹ค. 3. set get_history true (true๋ฅผ ์ƒ๋žตํ•˜๋‹ˆ false๋กœ ๊ฐ„์ฃผ ํ•œ๋‹ค.) ๋‹ค์Œ์€ run run์„ ํ•˜๊ฒŒ ๋˜๋ฉด cw_id์— ์ž…๋ ฅํ•œ ๊ฐ’์„ ๊ธฐ๋ฐ˜์œผ๋กœ ๊ฒ€์ƒ‰์„ ํ•œ๋‹ค. ์ด๋Ÿฌํ•˜๋“ฏ ๋งŽ์€ ์ •๋ณด๋ฅผ ์–ป์„ ์ˆ˜ ์žˆ๋‹ค. ๋˜ํ•œ cw_~~~.txt๋กœ ์ €์žฅ๋„ ํ•ด์ค€๋‹ค. ๋‹ค์Œ์€ msf์—์„œ ๋ณด์กฐ ๊ธฐ๋Šฅ์„ ์ด์šฉํ•˜์—ฌ ํฌํŠธ์Šค์บ๋‹์„..

article thumbnail
kali linux ์—์„œ์˜ msf
Metasploit 2015. 12. 1. 02:41

๊ณผ์—ฐ ์ œ๋ชฉ์—์„œ ๋งํ•œ msf๋Š” ๋ฌด์—‡์ผ๊นŒ?msf๋Š” Metasploit Framework์ด๋‹ค. ์ด๋Š” ํŽ„์–ธ์–ด๋กœ ์ž‘์„ฑํ•œ ๋ชจ์˜ ์นจํˆฌ ๋„๊ตฌ์ธ๋‹ค. ๊ณผ์—ฐ kali linux์—์„œ ์–ด๋–ป๊ฒŒ ์‹คํ–‰ ์‹œํ‚ฌ๊นŒ?1. service postgresql start ์ด ๋ช…๋ น์–ด๋Š” postgresSQL ์„œ๋ฒ„๋ฅผ ์‹คํ–‰์‹œํ‚ค๋Š” ๋ช…๋ น์–ด์ด๋‹ค. ์ด๋ ‡๊ฒŒ ํ•˜๋ฉด postgreSQL ์„œ๋ฒ„๊ฐ€ ์‹คํ–‰๋œ ๊ฒƒ์ด๋‹ค. 2. service metasploit start (msfdb init

728x90
๋ฐ˜์‘ํ˜•
profile on loading

Loading...