정보보안(구버전)/Metasploit 2016. 6. 2. 16:08
Metasploit - 04. 공격 타겟 스캐닝
본 내용은 교육 과정에서 필요한 실습 목적으로 구성된 것이며, 혹시라도 개인적인 용도 및 악의적인 목적으로 사용할 경우, 법적 책임은 본인에게 있다는 것을 알려드립니다.
[실습 시스템] Kali Linux, Firewall, Metasploitable2-Linux
- 메타스플로잇 Exploit에서 제공하는 스캔 및 db_nmap을 이용하여 스캔이 가능하다.
Ex1) 메타스플로잇 Exploit 스캔
@ Kali Linux
msf > search portscan
Matching Modules
================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
auxiliary/scanner/http/wordpress_pingback_access normal Wordpress Pingback Locator
auxiliary/scanner/natpmp/natpmp_portscan normal NAT-PMP External Port Scanner
auxiliary/scanner/portscan/ack normal TCP ACK Firewall Scanner
auxiliary/scanner/portscan/ftpbounce normal FTP Bounce Port Scanner
auxiliary/scanner/portscan/syn normal TCP SYN Port Scanner
auxiliary/scanner/portscan/tcp normal TCP Port Scanner
auxiliary/scanner/portscan/xmas normal TCP "XMas" Port Scanner
auxiliary/scanner/sap/sap_router_portscanner normal SAPRouter Port Scanner
msf > use auxiliary/scanner/portscan/syn
msf auxiliary(syn) >
smsf auxiliary(syn) > show options
Module options (auxiliary/scanner/portscan/syn):
Name Current Setting Required Description
---- --------------- -------- -----------
BATCHSIZE 256 yes The number of hosts to scan per set
INTERFACE no The name of the interface
PORTS 1-10000 yes Ports to scan (e.g. 22-25,80,110-900)
RHOSTS yes The target address range or CIDR identifier
SNAPLEN 65535 yes The number of bytes to capture
THREADS 1 yes The number of concurrent threads
TIMEOUT 500 yes The reply read timeout in milliseconds
msf auxiliary(syn) > set INTERFACE eth1
INTERFACE => eth1
msf auxiliary(syn) > set PORTS 1-500
PORTS => 1-500
msf auxiliary(syn) > set RHOSTS 192.168.20.204
RHOST => 192.168.20.204
msf auxiliary(syn) > set THREADS 50
THREADS => 50
msf auxiliary(syn) > run
[*] TCP OPEN 192.168.20.204:21
[*] TCP OPEN 192.168.20.204:22
[*] TCP OPEN 192.168.20.204:23
[*] TCP OPEN 192.168.20.204:25
[*] TCP OPEN 192.168.20.204:53
[*] TCP OPEN 192.168.20.204:80
[*] TCP OPEN 192.168.20.204:111
[*] TCP OPEN 192.168.20.204:139
[*] TCP OPEN 192.168.20.204:445
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(syn) >
msf auxiliary(syn) > back
msf >
Ex2) db_nmap 스캔
-sV: Probe open ports to determine service/version info
-O: Enable OS detection
-p <port ranges>: Only scan specified ports
-v: Increase verbosity level (use -vv or more for greater effect)
msf > db_nmap -sV -O -p1-500 -v 192.168.20.204
[*] Nmap: Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2016-06-02 16:06 KST
[*] Nmap: NSE: Loaded 33 scripts for scanning.
[*] Nmap: Initiating ARP Ping Scan at 16:06
[*] Nmap: Scanning 192.168.20.204 [1 port]
[*] Nmap: Completed ARP Ping Scan at 16:06, 0.22s elapsed (1 total hosts)
[*] Nmap: Initiating Parallel DNS resolution of 1 host. at 16:06
[*] Nmap: Completed Parallel DNS resolution of 1 host. at 16:06, 4.01s elapsed
[*] Nmap: Initiating SYN Stealth Scan at 16:06
[*] Nmap: Scanning 192.168.20.204 [500 ports]
[*] Nmap: Discovered open port 22/tcp on 192.168.20.204
[*] Nmap: Discovered open port 139/tcp on 192.168.20.204
[*] Nmap: Discovered open port 53/tcp on 192.168.20.204
[*] Nmap: Discovered open port 445/tcp on 192.168.20.204
[*] Nmap: Discovered open port 25/tcp on 192.168.20.204
[*] Nmap: Discovered open port 80/tcp on 192.168.20.204
[*] Nmap: Discovered open port 21/tcp on 192.168.20.204
[*] Nmap: Discovered open port 111/tcp on 192.168.20.204
[*] Nmap: Discovered open port 23/tcp on 192.168.20.204
[*] Nmap: Completed SYN Stealth Scan at 16:06, 1.23s elapsed (500 total ports)
[*] Nmap: Initiating Service scan at 16:06
[*] Nmap: Scanning 9 services on 192.168.20.204
[*] Nmap: Completed Service scan at 16:06, 11.01s elapsed (9 services on 1 host)
[*] Nmap: Initiating OS detection (try #1) against 192.168.20.204
[*] Nmap: NSE: Script scanning 192.168.20.204.
[*] Nmap: Initiating NSE at 16:06
[*] Nmap: Completed NSE at 16:06, 1.41s elapsed
[*] Nmap: Nmap scan report for 192.168.20.204
[*] Nmap: Host is up (0.00034s latency).
[*] Nmap: Not shown: 491 closed ports
[*] Nmap: PORT STATE SERVICE VERSION
[*] Nmap: 21/tcp open ftp vsftpd 2.3.4
[*] Nmap: 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
[*] Nmap: 23/tcp open telnet Linux telnetd
[*] Nmap: 25/tcp open smtp Postfix smtpd
[*] Nmap: 53/tcp open domain ISC BIND 9.4.2
[*] Nmap: 80/tcp open http Apache httpd 2.2.8 ((Ubuntu) DAV/2)
[*] Nmap: 111/tcp open rpcbind 2 (RPC #100000)
[*] Nmap: 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
[*] Nmap: 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
[*] Nmap: MAC Address: 00:0C:29:34:5A:8A (VMware)
[*] Nmap: Device type: general purpose
[*] Nmap: Running: Linux 2.6.X
[*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6
[*] Nmap: OS details: Linux 2.6.9 - 2.6.33
[*] Nmap: Uptime guess: 0.068 days (since Thu Jun 2 14:28:03 2016)
[*] Nmap: Network Distance: 1 hop
[*] Nmap: TCP Sequence Prediction: Difficulty=202 (Good luck!)
[*] Nmap: IP ID Sequence Generation: All zeros
[*] Nmap: Service Info: Host: metasploitable.localdomain; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
[*] Nmap: Read data files from: /usr/bin/../share/nmap
[*] Nmap: OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 21.16 seconds
[*] Nmap: Raw packets sent: 538 (26.104KB) | Rcvd: 534 (23.816KB)
msf >
msf > quit
[유튜브] 동영상 강의 링크 (구독! 좋아요!!!)
Metasploit - 제1장 메타스플로잇 (metaspliot)
'정보보안(구버전) > Metasploit' 카테고리의 다른 글
| Metasploit - 06. 취약점 발견 및 공격 (tikiwiki 취약점 공격) (0) | 2016.06.02 |
|---|---|
| Metasploit - 05. 취약점 발견 및 공격 (MySQL 원격 로그인 시도) (0) | 2016.06.02 |
| Metasploit - 03. 외부 스캔 파일 사용하는 방법 (0) | 2016.06.02 |
| Metasploit - 02. 메타스플로잇 명령어 및 사용 방법 (0) | 2016.06.01 |
| Metasploit - 01. 메타스플로잇 (metasploit) (0) | 2016.05.31 |
