MSFconsole core commands tutorial
Berikut ini adalah satu set inti dari Perintah Metasploit.
back Move back from the current context banner Display an awesome metasploit banner cd Change the current working directory color Toggle color connect Communicate with a host edit Edit the current module with $VISUAL or $EDITOR exit Exit the console get Gets the value of a context-specific variable getg Gets the value of a global variable go_pro Launch Metasploit web GUI
grep Grep the output of another command help Help menu info Displays information about one or more module irb Drop into irb scripting mode jobs Displays and manages jobs kill Kill a job load Load a framework plugin loadpath Searches for and loads modules from a path makerc Save commands entered since start to a file popm Pops the latest module off the stack and makes it active
previous Sets the previously loaded module as the current module pushm Pushes the active or list of modules onto the module stack quit Exit the console reload_all Reloads all modules from all defined module paths rename_job Rename a job resource Run the commands stored in a file route Route traffic through a session save Saves the active datastores search Searches module names and descriptions sessions Dump session listings and display information about sessions
set Sets a context-specific variable to a value setg Sets a global variable to a value show Displays modules of a given type, or all modules sleep Do nothing for the specified number of seconds spool Write console output into a file as well the screen threads View and manipulate background threads unload Unload a framework plugin unset Unsets one or more context-specific variables unsetg Unsets one or more global variables use Selects a module by name version Show the framework and console library version numbers
back
Dimulai dari perintah back, mungkin setelah Anda selesai bekerja dengan modul-modul tertentu, atau jika Anda secara tidak sengaja memilih modul yang salah, nah... tu.. bingung kan, jangan bingung anda dapat keluar dari konteks saat ini dengan menggunakan perintah back . dengan perintah tersebut anda dapat beralih ke modul lain.
msf auxiliary(ms09_001_write) > back msf >
banner
Hanya menampilkan banner yang dipilih secara acak atau bisa juga dibilang semacam hiasan :D
msf > banner
_ _
/ \ /\ __ _ __ /_/ __
| |\ / | _____ \ \ ___ _____ | | / \ _ \ \
| | \/| | | ___\ |- -| /\ / __\ | -__/ | || | || | |- -|
|_| | | | _|__ | |_ / -\ __\ \ | | | | \__/| | | |_
|/ |____/ \___\/ /\ \\___/ \/ \__| |_\ \___\
Frustrated with proxy pivoting? Upgrade to layer-2 VPN pivoting with
Metasploit Pro -- type 'go_pro' to launch it now.
=[ metasploit v4.11.4-2015071402 ]
+ -- --=[ 1467 exploits - 840 auxiliary - 232 post ]
+ -- --=[ 432 payloads - 37 encoders - 8 nops ]
check
Tidak banyak eksploitasi yang mendukungnya, akan tetapi ada juga yang mememakainya ketika akan memeriksa apakah target rentan terhadap eksploitasi.
msf exploit(ms08_067_netapi) > show options Module options (exploit/windows/smb/ms08_067_netapi): Name Current Setting Required Description ---- --------------- -------- ----------- RHOST 172.16.194.134 yes The target address RPORT 445 yes Set the SMB service port SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC) Exploit target: Id Name -- ---- 0 Automatic Targeting msf exploit(ms08_067_netapi) > check [*] Verifying vulnerable status... (path: 0x0000005a) [*] System is not vulnerable (status: 0x00000000) [*] The target is not exploitable. msf exploit(ms08_067_netapi) >
color
Anda dapat mengaktifkan atau menonaktifkan jika output Anda melalui msfconsole akan berisi warna.
msf > banner Usage: color <'true'|'false'|'auto'> Enable or disable color output.
connect
Ada tiruan miniatur netcat yang dibangun ke dalam msfconsole yang mendukung SSL, proxy, berputar, dan file yang mengirimkan. Dengan mengeluarkan perintah connect dengan alamat ip dan nomor port, Anda dapat terhubung ke remote host dari dalam msfconsole sama seperti yang Anda lakukan dengan netcat atau telnet.
msf > connect 192.168.1.1 23 [*] Connected to 192.168.1.1:23 DD-WRT v24 std (c) 2008 NewMedia-NET GmbH Release: 07/27/08 (SVN revision: 10011) DD-WRT login:
Anda dapat melihat semua opsi tambahan dengan mengeluarkan "-h" parameter.
msf > connect -h
Usage: connect [options]
Communicate with a host, similar to interacting via netcat, taking advantage of
any configured session pivoting.
OPTIONS:
-C Try to use CRLF for EOL sequence.
-P <opt> Specify source port.
-S <opt> Specify source address.
-c <opt> Specify which Comm to use.
-h Help banner.
-i <opt> Send the contents of a file.
-p <opt> List of proxies to use.
-s Connect with SSL.
-u Switch to a UDP socket.
-w <opt> Specify connect timeout.
-z Just try to connect, then return.
msf >
edit
Perintah ini berguna untuk mengedit modul saat ini dengan VISUAL atau $ EDITOR $. Secara default ini akan membuka modul saat ini di Vim.
msf exploit(ms10_061_spoolss) > edit
[*] Launching /usr/bin/vim /usr/share/metasploit-framework/modules/exploits/windows/smb/ms10_061_spoolss.rb
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'msf/windows_error'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::DCERPC
include Msf::Exploit::Remote::SMB
include Msf::Exploit::EXE
include Msf::Exploit::WbemExec
def initialize(info = {})
exit
Perintah jika akan keluar dari msfconsole.
msf exploit(ms10_061_spoolss) > exit root@kali:~#
help
Perintah help akan berguna ketika anda ingin memberikan daftar dan deskripsi kecil dari semua perintah yang tersedia.
msf > help
Core Commands
=============
Command Description
------- -----------
? Help menu
back Move back from the current context
banner Display an awesome metasploit banner
cd Change the current working directory
color Toggle color
connect Communicate with a host
...snip...
Database Backend Commands
=========================
Command Description
------- -----------
creds List all credentials in the database
db_connect Connect to an existing database
db_disconnect Disconnect from the current database instance
db_export Export a file containing the contents of the database
db_import Import a scan result file (filetype will be auto-detected)
...snip...
info
Perintah info akan memberikan informasi rinci tentang modul tertentu termasuk semua pilihan, target, dan informasi lainnya. Pastikan untuk selalu membaca deskripsi modul sebelum menggunakannya karena beberapa diantaranya mungkin memiliki efek un-diinginkan.
Perintah info juga menyediakan informasi berikut:
- Penulis dan perizinan informasi
- Referensi kerentanan (yaitu: CVE, BID, dll)
- Pembatasan muatan modul mungkin memiliki
msf exploit(ms09_050_smb2_negotiate_func_index) > info exploit/windows/smb/ms09_050_smb2_negotiate_func_index
Name: Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
Module: exploit/windows/smb/ms09_050_smb2_negotiate_func_index
Version: 14774
Platform: Windows
Privileged: Yes
License: Metasploit Framework License (BSD)
Rank: Good
Provided by:
Laurent Gaffie <laurent.gaffie@gmail.com>
hdm <hdm@metasploit.com>
sf <stephen_fewer@harmonysecurity.com>
Available targets:
Id Name
-- ----
0 Windows Vista SP1/SP2 and Server 2008 (x86)
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 445 yes The target port
WAIT 180 yes The number of seconds to wait for the attack to complete.
Payload information:
Space: 1024
Description:
This module exploits an out of bounds function table dereference in
the SMB request validation code of the SRV2.SYS driver included with
Windows Vista, Windows 7 release candidates (not RTM), and Windows
2008 Server prior to R2. Windows Vista without SP1 does not seem
affected by this flaw.
References:
http://www.microsoft.com/technet/security/bulletin/MS09-050.mspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3103
http://www.securityfocus.com/bid/36299
http://www.osvdb.org/57799
http://seclists.org/fulldisclosure/2009/Sep/0039.html
http://www.microsoft.com/technet/security/Bulletin/MS09-050.mspx
msf exploit(ms09_050_smb2_negotiate_func_index) >
irb
Perintah irb akan berguna ketika anda ingin membuat skrip Metasploit dengan cepat. Fitur ini juga sangat berguna untuk memahami internal Framework.
msf > irb [*] Starting IRB shell... >> puts "Hello, metasploit!" Hello, metasploit! => nil >> Framework::Version => "4.8.2-2014022601"
jobs
Jobs adalah modul yang berjalan di latar belakang. Perintah jobs juga menyediakan kemampuan untuk daftar dan mengakhiri pekerjaan ini.
msf > jobs -h
Usage: jobs [options]
Active job manipulation and interaction.
OPTIONS:
-K Terminate all running jobs.
-h Help banner.
-i <opt> Lists detailed information about a running job.
-k <opt> Terminate the specified job name.
-l List all running jobs.
-v Print more detailed info. Use with -i and -l
msf >
kill
Perintah kill akan berguna ketika anda akan mematikan setiap pekerjaan yang sedang berjalan ketika disertakan dengan id pekerjaan.
msf exploit(ms10_002_aurora) > kill 0 Stopping job: 0... [*] Server stopped.
load
Perintah load beban plugin dari direktori Plugin Metasploit ini. Argumen yang lulus sebagai kunci = val di shell.
msf > load Usage: load <path> [var=val var=val ...] Loads a plugin from the supplied path. If path is not absolute, first looks in the user's plugin directory (/root/.msf4/plugins) then in the framework root plugin directory (/usr/share/metasploit-framework/plugins). The optional var=val options are custom parameters that can be passed to plugins. msf > load pcap_log [*] PcapLog plugin loaded. [*] Successfully loaded plugin: pcap_log
loadpath
Perintah loadpath akan memuat pohon modul-bagian ketiga untuk jalan sehingga Anda bisa mengarahkan Metasploit pada 0-hari eksploitasi Anda, encoders, muatan, dll
msf > loadpath /home/secret/modules Loaded 0 modules.
unload
Sebaliknya, perintah unload plugin dimuat sebelumnya dan menghapus semua perintah diperpanjang.
msf > unload pcap_log Unloading plugin pcap_log...unloaded.
resource
Perintah resource berjalan sebagai sumber daya (batch) file yang dapat dimuat melalui msfconsole.
msf > resource Usage: resource path1 [path2 ...] Run the commands stored in the supplied files. Resource files may also contain ruby code between tags. See also: makerc
Beberapa serangan seperti Karmetasploit menggunakan file sumber daya untuk menjalankan sekumpulan perintah dalam file karma.rc untuk membuat serangan. Kemudian kita akan membahas bagaimana, di luar Karmetasploit, yang bisa sangat berguna.
msf > resource karma.rc [*] Processing karma.rc for ERB directives. resource (karma.rc)> db_connect msf3:PASSWORD@127.0.0.1:7175/msf3 resource (karma.rc)> use auxiliary/server/browser_autopwn ...snip...
Batch file dapat sangat mempercepat pengujian dan pengembangan kali serta memungkinkan pengguna untuk mengotomatisasi banyak tugas. Selain memuat file batch dari dalam msfconsole, mereka juga dapat lulus pada saat startup menggunakan 'r' bendera. Contoh sederhana di bawah ini menciptakan sebuah file batch untuk menampilkan nomor versi Metasploit saat startup.
root@kali:~# echo version > version.rc
root@kali:~# msfconsole -r version.rc
_ _
/ \ /\ __ _ __ /_/ __
| |\ / | _____ \ \ ___ _____ | | / \ _ \ \
| | \/| | | ___\ |- -| /\ / __\ | -__/ | || | || | |- -|
|_| | | | _|__ | |_ / -\ __\ \ | | | | \__/| | | |_
|/ |____/ \___\/ /\ \\___/ \/ \__| |_\ \___\
Frustrated with proxy pivoting? Upgrade to layer-2 VPN pivoting with
Metasploit Pro -- type 'go_pro' to launch it now.
=[ metasploit v4.8.2-2014021901 [core:4.8 api:1.0] ]
+ -- --=[ 1265 exploits - 695 auxiliary - 202 post ]
+ -- --=[ 330 payloads - 32 encoders - 8 nops ]
[*] Processing version.rc for ERB directives.
resource (version.rc)> version
Framework: 4.8.2-2014022601
Console : 4.8.2-2014022601.15168
msf >
route
"rute" perintah dalam Metasploit memungkinkan Anda untuk soket rute melalui sesi atau 'comm', menyediakan kemampuan berputar dasar. Untuk menambahkan rute, Anda lulus target subnet mask dan jaringan diikuti dengan sesi (comm) nomor.
meterpreter > route -h Usage: route [-h] command [args] Display or modify the routing table on the remote machine. Supported commands: add [subnet] [netmask] [gateway] delete [subnet] [netmask] [gateway] list meterpreter >
meterpreter > route
Network routes
==============
Subnet Netmask Gateway
------ ------- -------
0.0.0.0 0.0.0.0 172.16.1.254
127.0.0.0 255.0.0.0 127.0.0.1
172.16.1.0 255.255.255.0 172.16.1.100
172.16.1.100 255.255.255.255 127.0.0.1
172.16.255.255 255.255.255.255 172.16.1.100
224.0.0.0 240.0.0.0 172.16.1.100
255.255.255.255 255.255.255.255 172.16.1.100
search
Msfconsole mencakup regular-expression berdasarkan fungsi pencarian ekstensif.Jika Anda memiliki gambaran umum tentang apa yang Anda cari Anda dapat mencari melalui'search'. Dalam output bawah, pencarian sedang dibuat untuk MS Bulletin MS09-011.Fungsi pencarian akan menemukan string ini dalam modul nama, deskripsi, referensi, dllPerhatikan konvensi penamaan untuk modul Metasploit menggunakan garis bawah dibandingkan tanda hubung.helpmsf > search usermap_script Matching Modules ================ Name Disclosure Date Rank Description ---- --------------- ---- ----------- exploit/multi/samba/usermap_script 2007-05-14 excellent Samba "username map script" Command Execution msf >
Anda dapat lebih menyempurnakan pencarian Anda dengan menggunakan sistem kata kunci built-in.msf > help search Usage: search [keywords] Keywords: name : Modules with a matching descriptive name path : Modules with a matching path or reference name platform : Modules affecting this platform type : Modules of a specific type (exploit, auxiliary, or post) app : Modules that are client or server attacks author : Modules written by this author cve : Modules with a matching CVE ID bid : Modules with a matching Bugtraq ID osvdb : Modules with a matching OSVDB ID Examples: search cve:2009 type:exploit app:client msf >name
Untuk pencarian menggunakan nama deskriptif, menggunakan kata kunci"name".
msf > search name:mysql Matching Modules ================ Name Disclosure Date Rank Description ---- --------------- ---- ----------- auxiliary/admin/mysql/mysql_enum normal MySQL Enumeration Module auxiliary/admin/mysql/mysql_sql normal MySQL SQL Generic Query auxiliary/analyze/jtr_mysql_fast normal John the Ripper MySQL Password Cracker (Fast Mode) auxiliary/scanner/mysql/mysql_authbypass_hashdump 2012-06-09 normal MySQL Authentication Bypass Password Dump auxiliary/scanner/mysql/mysql_hashdump normal MYSQL Password Hashdump auxiliary/scanner/mysql/mysql_login normal MySQL Login Utility auxiliary/scanner/mysql/mysql_schemadump normal MYSQL Schema Dump auxiliary/scanner/mysql/mysql_version normal MySQL Server Version Enumeration exploit/linux/mysql/mysql_yassl_getname 2010-01-25 good MySQL yaSSL CertDecoder::GetName Buffer Overflow exploit/linux/mysql/mysql_yassl_hello 2008-01-04 good MySQL yaSSL SSL Hello Message Buffer Overflow exploit/windows/mysql/mysql_payload 2009-01-16 excellent Oracle MySQL for Microsoft Windows Payload Execution exploit/windows/mysql/mysql_yassl_hello 2008-01-04 average MySQL yaSSL SSL Hello Message Buffer Overflow msf >
Tidak ada komentar:
Posting Komentar