Vulnerability Scanning
auxiliary/scanner/vnc/vnc_login normal VNC Authentication Scanner
auxiliary/scanner/vnc/vnc_none_auth normal VNC Authentication None Detection
HAHWUL exploit(handler) > db_nmap -PN 192.168.56.101
[*] Nmap: Starting Nmap 7.01 ( https://nmap.org ) at 2017-08-07 15:04 KST
[*] Nmap: Stats: 0:00:19 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
[*] Nmap: SYN Stealth Scan Timing: About 99.99% done; ETC: 15:04 (0:00:00 remaining)
[*] Nmap: Nmap scan report for 192.168.56.101
[*] Nmap: Host is up (0.00066s latency).
[*] Nmap: Not shown: 985 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 135/tcp open msrpc
[*] Nmap: 139/tcp open netbios-ssn
[*] Nmap: 445/tcp open microsoft-ds
[*] Nmap: 554/tcp open rtsp
[*] Nmap: 2869/tcp open icslap
[*] Nmap: 5357/tcp open wsdapi
[*] Nmap: 5500/tcp open hotline
[*] Nmap: 5800/tcp open vnc-http
[*] Nmap: 5900/tcp open vnc
HAHWUL exploit(handler) > search vnc
Matching Modules
================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
auxiliary/admin/vnc/realvnc_41_bypass 2006-05-15 normal RealVNC NULL Authentication Mode Bypass
auxiliary/scanner/vnc/vnc_login normal VNC Authentication Scanner
auxiliary/scanner/vnc/vnc_none_auth normal VNC Authentication None Detection
auxiliary/server/capture/vnc normal Authentication Capture: VNC
exploit/multi/misc/legend_bot_exec 2015-04-27 excellent Legend Perl IRC Bot Remote Code Execution
exploit/multi/vnc/vnc_keyboard_exec
WMAP을 이용한 Web service 취약점 스캔
먼저 WMAP 사용을 위헤 plugin을 로드합니다.
HAHWUL > load wmap
.-.-.-..-.-.-..---..---.
| | | || | | || | || |-'
`-----'`-'-'-'`-^-'`-'
[WMAP 1.5.1] === et [ ] metasploit.com 2012
[*] Successfully loaded plugin: wmap
HAHWUL > help wmap
wmap Commands
=============
Command Description
------- -----------
wmap_modules Manage wmap modules
wmap_nodes Manage nodes
wmap_run Test targets
wmap_sites Manage sites
wmap_targets Manage targets
wmap_vulns Display web vulns
먼저 wmap_sites 로 대상 사이트 지정합니다.
wmap_sites -a (vhost,url)
HAHWUL > wmap_sites -a 172.217.27.78,google.com
[*] Site created.
HAHWUL > wmap_sites -l
[*] Available sites
===============
Id Host Vhost Port Proto # Pages # Forms
-- ---- ----- ---- ----- ------- -------
0 172.217.25.206 172.217.27.78 80 http 0 0
1 175.158.2.152 175.158.2.152 443 https 0 0
두번째론 wmap_targets 으로 실제 테스트가 진행되는 타겟을 지정합니다.
HAHWUL > wmap_targets -t 127.0.0.1
or
HAHWUL > wmap_targets -d 0
[*] Loading 172.217.27.78,http://172.217.25.206:80/.
HAHWUL > wmap_targets -l
[*] Defined targets
===============
Id Vhost Host Port SSL Path
-- ----- ---- ---- --- ----
0 172.217.27.78 172.217.25.206 80 false /
세팅이 다 되었으면.. run!
HAHWUL > wmap_run -e
[*] Using ALL wmap enabled modules.
[-] NO WMAP NODES DEFINED. Executing local modules
[*] Testing target:
[*] Site: 172.217.27.78 (172.217.25.206)
[*] Port: 80 SSL: false
============================================================
[*] Testing started. 2017-08-07 11:33:59 +0900
[*] Loading wmap modules...
[....]
완료 후 vulns에도 저장되지만 wmap_vulns 로 따로 볼수도 있습니다.
HAHWUL > wmap_vulns -l
 |
HAHWULSecurity engineer, Gopher and H4cker!
 |
0 개의 댓글:
Post a Comment