Tips¶
Configure db¶
# service postgresql start
# adduser msf
# passwd msf
root@local:/# su - postgres
postgres@local:~$ psql
postgres=# CREATE DATABASE msf;
postgres=# CREATE USER msf WITH PASSWORD 'msf';
postgres=# GRANT ALL PRIVILEGES ON DATABASE msf to msf;
root@local:/# msfconsole
msf > db_status
[*] postgresql selected, no connection
$ db_connect msf:msf@127.0.0.1:5432/msf
[*] Rebuilding the module cache in the background...
msf > db_status
[*] postgresql connected to msf
msf > search ftp
msf > db_rebuild_cache
[*] Purging and rebuilding the module cache in the background...
msf >
SSH Username Enumeration¶
msf > use auxiliary/scanner/ssh/ssh_enumusers
msf auxiliary(ssh_enumusers) > set RHOSTS 127.0.0.1
RHOSTS => 127.0.0.1
msf auxiliary(ssh_enumusers) > set USER_FILE /home/msf/user_list
USER_FILE => /home/msf/user_list
msf auxiliary(ssh_enumusers) > run
[*] 127.0.0.1:22 - SSH - Checking for false positives
[*] 127.0.0.1:22 - SSH - Starting scan
[+] 127.0.0.1:22 - SSH - User 'root' found
[+] 127.0.0.1:22 - SSH - User 'admin' found
[!] 127.0.0.1:22 - SSH - User 'administrator' not found
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Anonymous FTP Access Detection¶
msf > use auxiliary/scanner/ftp/anonymous
msf auxiliary(anonymous) > set RHOSTS 127.0.0.1
msf auxiliary(anonymous) > run
[+] 127.0.0.1:21 - Anonymous READ (220 (vsFTPd 2.2.2))
220 Ready)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
FTP Version Scanner¶
msf > use auxiliary/scanner/ftp/ftp_version
SMTP User Enumeration Utility¶
msf > use auxiliary/scanner/smtp/smtp_enum
msf auxiliary(smtp_enum) > set RHOSTS 127.0.0.1
msf auxiliary(smtp_enum) > run
[*] 127.0.0.1 could not be enumerated (no EXPN, no VRFY, invalid RCPT)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(smtp_enum) > set RHOSTS 127.0.0.2
msf auxiliary(smtp_enum) > run
[+] 127.0.0.2:25 Users found: , postmaster
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
SMTP Open Relay Detection¶
msf > use auxiliary/scanner/smtp/smtp_relay
SMTP Banner Grabber¶
msf > use auxiliary/scanner/smtp/smtp_version
MS03-026 Microsoft RPC DCOM Interface Overflow¶
msf > use exploit/windows/dcerpc/ms03_026_dcom
This module exploits a stack buffer overflow in the RPCSS service,
this vulnerability was originally found by the Last Stage of Delirium research group and has been widely exploited ever since.
This module can exploit the English versions of Windows NT 4.0 SP3-6a, Windows 2000, Windows XP, and Windows 2003 all in one request :)
http://www.rapid7.com/db/modules/exploit/windows/dcerpc/ms03_026_dcom
https://community.rapid7.com/community/metasploit/blog/2013/03/12/exploit-popularity-contest
Docker file¶
# install setup tools curl https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py | python - # install pip curl -L https://raw.github.com/pypa/pip/master/contrib/get-pip.py | python - # install python-dev aptitude install python-dev gcc