정보보안(구버전)/Metasploit 2016. 6. 2. 16:08

Metasploit - 04. 공격 타겟 스캐닝

 

 

본 내용은 교육 과정에서 필요한 실습 목적으로 구성된 것이며, 혹시라도 개인적인 용도 및 악의적인 목적으로 사용할 경우, 법적 책임은 본인에게 있다는 것을 알려드립니다.

 

 

[실습 시스템] Kali Linux, Firewall, Metasploitable2-Linux

 

 

 - 메타스플로잇 Exploit에서 제공하는 스캔 및 db_nmap을 이용하여 스캔이 가능하다.

 

 

Ex1) 메타스플로잇 Exploit 스캔

 

@ Kali Linux

 

msf > search portscan

Matching Modules
================

   Name                                              Disclosure Date  Rank    Description
   ----                                              ---------------  ----    -----------
   auxiliary/scanner/http/wordpress_pingback_access                   normal  Wordpress Pingback Locator
   auxiliary/scanner/natpmp/natpmp_portscan                           normal  NAT-PMP External Port Scanner
   auxiliary/scanner/portscan/ack                                     normal  TCP ACK Firewall Scanner
   auxiliary/scanner/portscan/ftpbounce                               normal  FTP Bounce Port Scanner
   auxiliary/scanner/portscan/syn                                     normal  TCP SYN Port Scanner
   auxiliary/scanner/portscan/tcp                                     normal  TCP Port Scanner
   auxiliary/scanner/portscan/xmas                                    normal  TCP "XMas" Port Scanner
   auxiliary/scanner/sap/sap_router_portscanner                       normal  SAPRouter Port Scanner


 

msf > use auxiliary/scanner/portscan/syn
msf auxiliary(syn) >
smsf auxiliary(syn) > show options

Module options (auxiliary/scanner/portscan/syn):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   BATCHSIZE  256              yes       The number of hosts to scan per set
   INTERFACE                   no        The name of the interface
   PORTS      1-10000          yes       Ports to scan (e.g. 22-25,80,110-900)
   RHOSTS                      yes       The target address range or CIDR identifier
   SNAPLEN    65535            yes       The number of bytes to capture
   THREADS    1                yes       The number of concurrent threads
   TIMEOUT    500              yes       The reply read timeout in milliseconds

 

 

msf auxiliary(syn) > set INTERFACE eth1
INTERFACE => eth1

 

msf auxiliary(syn) > set PORTS 1-500
PORTS => 1-500


msf auxiliary(syn) > set RHOSTS 192.168.20.204
RHOST => 192.168.20.204

 

msf auxiliary(syn) > set THREADS 50
THREADS => 50

msf auxiliary(syn) > run

 

[*]  TCP OPEN 192.168.20.204:21
[*]  TCP OPEN 192.168.20.204:22
[*]  TCP OPEN 192.168.20.204:23
[*]  TCP OPEN 192.168.20.204:25
[*]  TCP OPEN 192.168.20.204:53
[*]  TCP OPEN 192.168.20.204:80
[*]  TCP OPEN 192.168.20.204:111
[*]  TCP OPEN 192.168.20.204:139
[*]  TCP OPEN 192.168.20.204:445
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(syn) >
msf auxiliary(syn) > back
msf >

 

 

 

Ex2) db_nmap 스캔

 

  -sV: Probe open ports to determine service/version info

  -O: Enable OS detection

  -p <port ranges>: Only scan specified ports

  -v: Increase verbosity level (use -vv or more for greater effect)

 

msf > db_nmap -sV -O -p1-500 -v 192.168.20.204
[*] Nmap: Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2016-06-02 16:06 KST
[*] Nmap: NSE: Loaded 33 scripts for scanning.
[*] Nmap: Initiating ARP Ping Scan at 16:06
[*] Nmap: Scanning 192.168.20.204 [1 port]
[*] Nmap: Completed ARP Ping Scan at 16:06, 0.22s elapsed (1 total hosts)
[*] Nmap: Initiating Parallel DNS resolution of 1 host. at 16:06
[*] Nmap: Completed Parallel DNS resolution of 1 host. at 16:06, 4.01s elapsed
[*] Nmap: Initiating SYN Stealth Scan at 16:06
[*] Nmap: Scanning 192.168.20.204 [500 ports]
[*] Nmap: Discovered open port 22/tcp on 192.168.20.204
[*] Nmap: Discovered open port 139/tcp on 192.168.20.204
[*] Nmap: Discovered open port 53/tcp on 192.168.20.204
[*] Nmap: Discovered open port 445/tcp on 192.168.20.204
[*] Nmap: Discovered open port 25/tcp on 192.168.20.204
[*] Nmap: Discovered open port 80/tcp on 192.168.20.204
[*] Nmap: Discovered open port 21/tcp on 192.168.20.204
[*] Nmap: Discovered open port 111/tcp on 192.168.20.204
[*] Nmap: Discovered open port 23/tcp on 192.168.20.204
[*] Nmap: Completed SYN Stealth Scan at 16:06, 1.23s elapsed (500 total ports)
[*] Nmap: Initiating Service scan at 16:06
[*] Nmap: Scanning 9 services on 192.168.20.204
[*] Nmap: Completed Service scan at 16:06, 11.01s elapsed (9 services on 1 host)
[*] Nmap: Initiating OS detection (try #1) against 192.168.20.204
[*] Nmap: NSE: Script scanning 192.168.20.204.
[*] Nmap: Initiating NSE at 16:06
[*] Nmap: Completed NSE at 16:06, 1.41s elapsed
[*] Nmap: Nmap scan report for 192.168.20.204
[*] Nmap: Host is up (0.00034s latency).
[*] Nmap: Not shown: 491 closed ports
[*] Nmap: PORT    STATE SERVICE     VERSION
[*] Nmap: 21/tcp  open  ftp         vsftpd 2.3.4
[*] Nmap: 22/tcp  open  ssh         OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
[*] Nmap: 23/tcp  open  telnet      Linux telnetd
[*] Nmap: 25/tcp  open  smtp        Postfix smtpd
[*] Nmap: 53/tcp  open  domain      ISC BIND 9.4.2
[*] Nmap: 80/tcp  open  http        Apache httpd 2.2.8 ((Ubuntu) DAV/2)
[*] Nmap: 111/tcp open  rpcbind     2 (RPC #100000)
[*] Nmap: 139/tcp open  netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
[*] Nmap: 445/tcp open  netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
[*] Nmap: MAC Address: 00:0C:29:34:5A:8A (VMware)
[*] Nmap: Device type: general purpose
[*] Nmap: Running: Linux 2.6.X
[*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6
[*] Nmap: OS details: Linux 2.6.9 - 2.6.33
[*] Nmap: Uptime guess: 0.068 days (since Thu Jun  2 14:28:03 2016)
[*] Nmap: Network Distance: 1 hop
[*] Nmap: TCP Sequence Prediction: Difficulty=202 (Good luck!)
[*] Nmap: IP ID Sequence Generation: All zeros
[*] Nmap: Service Info: Host:  metasploitable.localdomain; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
[*] Nmap: Read data files from: /usr/bin/../share/nmap
[*] Nmap: OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 21.16 seconds
[*] Nmap: Raw packets sent: 538 (26.104KB) | Rcvd: 534 (23.816KB)
msf >

msf > quit

 

 

[유튜브] 동영상 강의 링크 (구독! 좋아요!!!)


Metasploit - 제1장 메타스플로잇 (metaspliot)   

 

 

 

Posted by 김정우 강사(카카오톡 : kim10322)
,


Q