{"id":4779,"date":"2012-07-19T21:45:41","date_gmt":"2012-07-20T00:45:41","guid":{"rendered":"http:\/\/www.ethicalhacker.com.br\/site\/?page_id=4779"},"modified":"2012-07-20T12:40:45","modified_gmt":"2012-07-20T15:40:45","slug":"trabalhando-com-msfconsole","status":"publish","type":"page","link":"https:\/\/www.ethicalhacker.com.br\/site\/trabalhando-com-msfconsole\/","title":{"rendered":"Trabalhando com MSFCONSOLE"},"content":{"rendered":"
PARTE II – Trabalhando com MSFCONSOLE<\/strong><\/div>\n
<\/div>\n
    \n
  • Pesquisando exploits atrav\u00e9s do comando search
    \n<\/strong><\/li>\n<\/ul>\n
     msf> search dcom\r\n\r\nMatching Modules\r\n================\r\n\r\n   Name                                       Disclosure Date  Rank   Description\r\n   ----                                       ---------------  ----   -----------\r\n   exploit\/windows\/dcerpc\/ms03_026_dcom       2003-07-16       great  Microsoft RPC DCOM Interface Overflow\r\n   exploit\/windows\/driver\/broadcom_wifi_ssid  2006-11-11       low    Broadcom Wireless Driver Probe Response SSID Overflow\r\n   exploit\/windows\/smb\/ms04_031_netdde        2004-10-12       good   Microsoft NetDDE Service Overflow<\/pre>\n
      \n
    • Comando RESOURCE , atrav\u00e9s dele \u00e9 poss\u00edvel criar uma esp\u00e9cie de script com os comandos a serem executados, exemplo : criando um arquivo chamado comando.txt em \/root, conte\u00fado do arquivo.txt > search ftp, a seguir a execu\u00e7\u00e3o:
      \n<\/strong><\/li>\n<\/ul>\n
       msf> resource \/root\/comando.txt\r\n[*] Processing \/root\/comando.txt for ERB directives.\r\nresource (\/root\/comando.txt)> search ftp\r\n\r\n OpenTFTP SP 1.4 Error Packet Overflow\r\n   exploit\/windows\/tftp\/quick_tftp_pro_mode          2008-03-27       good                                          Quick FTP Pro 2.1 Transfer-Mode Overflow\r\n   exploit\/windows\/tftp\/tftpd32_long_filename        2002-11-19       average                                       TFTPD32<\/pre>\n
        \n
      • Comando INFO, atrav\u00e9s dele \u00e9 poss\u00edvel buscar mais informa\u00e7\u00f5es a respeito de determinado exploit:
        \n<\/strong><\/li>\n<\/ul>\n
          msf> info exploit\/windows\/tftp\/tftpdwin_long_filename\r\n\r\n       Name: TFTPDWIN v0.4.2 Long Filename Buffer Overflow\r\n     Module: exploit\/windows\/tftp\/tftpdwin_long_filename\r\n    Version: 14774\r\n   Platform: Windows\r\n Privileged: No\r\n    License: Metasploit Framework License (BSD)\r\n       Rank: Great\r\n\r\nProvided by:\r\n  patrick \r\n\r\nAvailable targets:\r\n  Id  Name\r\n  --  ----\r\n  0   Universal - tftpd.exe\r\n\r\nBasic options:\r\n  Name   Current Setting  Required  Description\r\n  ----   ---------------  --------  -----------\r\n  RHOST                   yes       The target address\r\n  RPORT  69               yes       The target port\r\n\r\nPayload information:\r\n  Space: 284\r\n  Avoid: 1 characters\r\n\r\nDescription:\r\n  This module exploits the ProSysInfo TFTPDWIN threaded TFTP Server.\r\n  By sending an overly long file name to the tftpd.exe server, the\r\n  stack can be overwritten.\r\n\r\nReferences:\r\n  http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=2006-4948\r\n  http:\/\/www.osvdb.org\/29032\r\n  http:\/\/www.securityfocus.com\/bid\/20131\r\n  http:\/\/www.milw0rm.com\/exploits\/3132<\/pre>\n
          \n
        • Comando SHOW OPTIONS , utilizado para obter informa\u00e7\u00f5es sobre a utiliza\u00e7\u00e3o de determinado exploit:
          \n<\/strong><\/li>\n<\/ul>\n
            msf  auxiliary(apache_userdir_enum) > show options\r\n\r\nModule options (auxiliary\/scanner\/http\/apache_userdir_enum):\r\n\r\n   Name              Current Setting                                     Required  Description\r\n   ----              ---------------                                     --------  -----------\r\n   BRUTEFORCE_SPEED  5                                                   yes       How fast to bruteforce, from 0 to 5\r\n   Proxies                                                               no        Use a proxy chain\r\n   RHOSTS                                                                yes       The target address range or CIDR identifier\r\n   RPORT             80                                                  yes       The target port\r\n   THREADS           1                                                   yes       The number of concurrent threads\r\n   URI               \/                                                   yes       The path to users Home Page\r\n   USERNAME                                                              no        A specific username to authenticate as\r\n   USER_FILE         \/opt\/metasploit\/msf3\/data\/wordlists\/unix_users.txt  yes       File containing users, one per line\r\n   VERBOSE           true                                                yes       Whether to print output for all attempts\r\n   VHOST<\/pre>\n
            \n
          • Comando SET , utilizado para setar op\u00e7\u00f5es a respeito de portas remotas ou locais RPORT \/ LPORT , payloads, THREADS, etc.
            \n<\/strong><\/li>\n<\/ul>\n
             msf  auxiliary(apache_userdir_enum) > set RHOSTS 192.168.30.1\r\nRHOSTS => 192.168.30.1<\/pre>\n
              \n
            • Comando UNSET , utilizado para desfazer op\u00e7\u00f5es a respeito de portas remotas ou locais RPORT \/ LPORT , payloads, THREADS, etc.
              \n<\/strong><\/li>\n<\/ul>\n
               msf  auxiliary(apache_userdir_enum) > unset RHOSTS 192.168.30.1\r\nUnsetting RHOSTS...\r\nUnsetting 192.168.30.1...<\/pre>\n
                \n
              • Comando USE, utilizado para determinar qual m\u00f3dulo ser\u00e1 utilizado
                \n<\/strong><\/li>\n<\/ul>\n
                 msf> use exploit\/windows\/smb\/ms03_049_netapi\r\nmsf  exploit(ms03_049_netapi) ><\/pre>\n
                  \n
                • Comando BACK, volta ao contexto anterior:
                  \n<\/strong><\/li>\n<\/ul>\n
                   msf> use exploit\/windows\/smb\/ms03_049_netapi\r\nmsf  exploit(ms03_049_netapi)> back\r\nmsf ><\/pre>\n
                    \n
                  • Comando VERSION, mostra vers\u00e3o atual:
                    \n<\/strong><\/li>\n<\/ul>\n
                     msf> version\r\nFramework: 4.2.0-release.14784\r\nConsole  : 4.2.0-release.14649\r\nmsf ><\/pre>\n
                      \n
                    • Comando BANNER, troca banner inicial:
                      \n<\/strong><\/li>\n<\/ul>\n
                       msf> banner\r\n\r\n _                                                      _\r\n\/  \\  \/ \\        __                          _   __    \/_\/ __\r\n| |\\ \/  | _____  \\ \\            ___   _____ | | \/   \\  _   \\ \\\r\n| | \\\/| | | ___\\ |- -|   \/\\    \/ __\\ | -__\/ | | | |  || | |- -|\r\n|_|   | | | _|__  | |_  \/ -\\ __\\ \\   | |    | |_ \\__\/ | |  | |_\r\n      |\/  |____\/  \\___\\\/ \/\\  \\___\/   \\\/      \\__|     |_\\  \\___\\\r\n\r\n       =[ metasploit v4.2.0-release [core:4.2 api:1.0]\r\n+ -- --=[ 805 exploits - 451 auxiliary - 135 post\r\n+ -- --=[ 246 payloads - 27 encoders - 8 nops\r\n       =[ svn r15560 updated 147 days ago (2012.02.23)\r\n\r\nWarning: This copy of the Metasploit Framework was last updated 147 days ago.\r\n         We recommend that you update the framework at least every other day.\r\n         For information on updating your copy of Metasploit, please see:\r\n             http:\/\/community.rapid7.com\/docs\/DOC-1306<\/pre>\n
                        \n
                      • Comando EXIT, sair do console:
                        \n<\/strong><\/li>\n<\/ul>\n
                         msf> exit\r\nroot@bt:~#<\/pre>\n\r\n\t\t
                        \r\n\t\t\t
                        \r\n\t\t\t\t
                        \r\n\t\t\t\r\n\t\t\t
                        <\/div>\r\n\t\t<\/div>  \r\n\t\t
                        \r\n\t\t\t
                        Autor:\u00a0S\u00edlvio C\u00e9sar Roxo Giavaroto<\/strong><\/p>\n
                        \u00c9 MBA Especialista em Gest\u00e3o de Seguran\u00e7a da Informa\u00e7\u00e3o,\nTecn\u00f3logo em Redes de Computadores, C|EH Certified Ethical Hacker,\natua como Pentest e Analista de Seguran\u00e7a em Servidores Linux no\nGoverno do Estado de S\u00e3o Paulo, Professor Universit\u00e1rio , \u00a0Instrutor\nC|EH e C|HFI.<\/p>\n
                        \u00a0<\/em>\r\n\t\t<\/div> <\/p>\r\n\t\t\t<\/div> \r\n\t\t<\/div> \n","protected":false},"excerpt":{"rendered":"
                        PARTE II – Trabalhando com MSFCONSOLE Pesquisando exploits atrav\u00e9s do comando search msf> search dcom Matching Modules ================ Name Disclosure Date Rank Description —- ————— —- ———– exploit\/windows\/dcerpc\/ms03_026_dcom 2003-07-16 great Microsoft RPC DCOM Interface Overflow exploit\/windows\/driver\/broadcom_wifi_ssid 2006-11-11 low Broadcom Wireless Driver Probe Response SSID Overflow exploit\/windows\/smb\/ms04_031_netdde 2004-10-12 good Microsoft NetDDE Service Overflow Comando RESOURCE , […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"open","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-4779","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/pages\/4779","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=4779"}],"version-history":[{"count":25,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/pages\/4779\/revisions"}],"predecessor-version":[{"id":4830,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/pages\/4779\/revisions\/4830"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=4779"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}