10-25-2013, 04:18 PM
ipidseq.rb
auxiliary/scanner/ip/ipidseq
Mencari idle host pada jaringan target. Klik disini Mempeljari auxiliary ini lebih jauh. Module ini support terhadap perintah show options(?) dan show advanced (?)
[hide]
Call Module from #Msfconsole
Show Options
Show options command akan menampilkan opsi-opsi yang digunakan oleh module. Beberapa yang harus anda tau
Berikut ini penjelasan output dari module.
Contoh penggunaan
Setelah kita menemukan ip yang dapat di pergunakan untuk spoofing maka kita dapat menggunakan nmap untuk TCP idle-scan.
Attacker menggunakan metode serangan ini untuk.
[/hide]
- See more at: http://zico-ekel.com/msf-ipidseq-auxilia...nq4jo.dpuf
auxiliary/scanner/ip/ipidseq
Mencari idle host pada jaringan target. Klik disini Mempeljari auxiliary ini lebih jauh. Module ini support terhadap perintah show options(?) dan show advanced (?)
[hide]
Call Module from #Msfconsole
Code:
root@31c3L:~# msfconsole
Call trans opt: received. 2-19-98 13:24:18 REC:Loc
Trace program: running
wake up, Neo...
the matrix has you
follow the white rabbit.
knock, knock, Neo.
(`. ,-,
` `. ,;' /
`. ,'/ .'
`. X /.'
.-;--''--.._` ` (
.' / `
, ` ' Q '
, , `._ \
,.| ' `-.;_'
: . ` ; ` ` --,.._;
' ` , ) .'
`._ , ' /_
; ,''-,;' ``-
``-..__``--`
=[ metasploit v4.5.0-dev [core:4.5 api:1.0]
+ -- --=[ 927 exploits - 499 auxiliary - 151 post
+ -- --=[ 251 payloads - 28 encoders - 8 nops
msf > use auxiliary/scanner/ip/ipidseq
Show Options
Show options command akan menampilkan opsi-opsi yang digunakan oleh module. Beberapa yang harus anda tau
Quote:INTERFACE = Menentukan interface yang anda gunakan (eth0,wlan0,dll)
RHOSTS (remote host) = Menentukan range subnet dari Ipaddr target (ipv4-192.168.1.0/24)
RPORT (remote port) = port yang digunakan oleh target - (default 80)
SNAPLEN = Jumlah byte yang di capture
THREADS = Jumlah aktivitas scan
TIMEOUT = Menentukan timeout (gunakan ini agar tidak memperlama proses scanning pada host yang tidak aktif)
Code:
msf auxiliary(ipidseq) > show options
Module options (auxiliary/scanner/ip/ipidseq):
Name Current Setting Required Description
---- --------------- -------- -----------
INTERFACE no The name of the interface
RHOSTS yes The target address range or CIDR identifier
RPORT 80 yes The target port
SNAPLEN 65535 yes The number of bytes to capture
THREADS 1 yes The number of concurrent threads
TIMEOUT 500 yes The reply read timeout in milliseconds
Show Advance Command
Berikut ini penjelasan output dari module.
Code:
msf auxiliary(ipidseq) > show advanced
Module advanced options:
Name : GATEWAY
Current Setting:
Description : The gateway IP address. This will be used rather than a random
remote address for the UDP probe, if set.
Name : NETMASK
Current Setting: 24
Description : The local network mask. This is used to decide if an address is
in the local network.
Name : SAMPLES
Current Setting: 6
Description : The IPID sample size
Name : ShowProgress
Current Setting: true
Description : Display progress messages during a scan
Name : ShowProgressPercent
Current Setting: 10
Description : The interval in percent that progress should be shown
Name : UDP_SECRET
Current Setting: 1297303091
Description : The 32-bit cookie for UDP probe requests.
Name : VERBOSE
Current Setting: false
Description : Enable detailed status messages
Name : WORKSPACE
Current Setting:
Description : Specify the workspace for this module
Contoh penggunaan
Code:
msf auxiliary(ipidseq) > set RHOSTS 192.168.1.0/24
RHOSTS => 192.168.1.0/24
msf auxiliary(ipidseq) > set INTERFACE wlan0
INTERFACE => wlan0
msf auxiliary(ipidseq) > set TIMEOUT 200
TIMEOUT => 200
msf auxiliary(ipidseq) > run
[*] 192.168.1.5's IPID sequence class: All zeros
[*] Scanned 026 of 256 hosts (010% complete)
[*] Scanned 052 of 256 hosts (020% complete)
[*] Scanned 077 of 256 hosts (030% complete)
[*] 192.168.1.81's IPID sequence class: Incremental!
[*] Scanned 103 of 256 hosts (040% complete)
[*] Scanned 128 of 256 hosts (050% complete)
[*] 192.168.1.131's IPID sequence class: Incremental!
[*] Scanned 154 of 256 hosts (060% complete)
[*] Scanned 180 of 256 hosts (070% complete)
[*] 192.168.1.192's IPID sequence class: Incremental!
[*] 192.168.1.193's IPID sequence class: Randomized!
[*] Scanned 205 of 256 hosts (080% complete)
[*] Scanned 231 of 256 hosts (090% complete)
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
Nmap TCP idle-scan example
Setelah kita menemukan ip yang dapat di pergunakan untuk spoofing maka kita dapat menggunakan nmap untuk TCP idle-scan.
Attacker menggunakan metode serangan ini untuk.
Quote:1. Membypass rules-rules tertentu (whitelist IP pada network tertentu yang dapat melakukan scan)
2. #Anti-forensics
3. #Social Engineering
Code:
msf auxiliary(ipidseq) > nmap -PN -sI 192.168.1.81 192.168.1.131
[*] exec: nmap -PN -sI 192.168.1. 192.168.1.
idle scan using zombie 192.168.1.81 (192.168.1.:80); Class: Incremental
Interisting ports on 192.168.1.131:
Not shown: 876 closedfiltered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC address: 94:db:c9:8a:41:1b
Nmap done: 1 IP address (1 host up) scanned in 8.10 seconds
msf auxiliary(ipidseq) >
- See more at: http://zico-ekel.com/msf-ipidseq-auxilia...nq4jo.dpuf
FOLLOW @DutaLinux
for more question and sharing about security and Opensource only
for more question and sharing about security and Opensource only