Fredora にペネトレーションツールをインストールする
大抵のツールは Fedora にも含まれているので、そのままインストール。
# dnf install nmap gobuster
snap をインストールする
「snap」コマンドを使えるようにする。
# dnf install snap snapd
# systemctl enable snapd
# systemctl start snapd
Metasploit で使用する「PostgreSQL」をインストールする
# dnf install postgresql postgresql-server
Metasploit-Framework をインストールする
# snap install metasploit-framework
Metasploit で使用する「PostgreSQL」を初期化する
※ 一般ユーザーで初期化する必要がある。
$ msfdb init
「msfconsole」の起動
※ PATH 環境変数が変更されているので、新しいタブや端末で起動する。
$ msfconsole
Metasploit tip: Use sessions -1 to interact with the last opened session
______________________________________________________________________________
| |
| 3Kom SuperHack II Logon |
|______________________________________________________________________________|
| |
| |
| |
| User Name: [ security ] |
| |
| Password: [ ] |
| |
| |
| |
| [ OK ] |
|______________________________________________________________________________|
| |
| https://metasploit.com |
|______________________________________________________________________________|
=[ metasploit v6.4.23-dev- ]
+ -- --=[ 2444 exploits - 1256 auxiliary - 429 post ]
+ -- --=[ 1468 payloads - 47 encoders - 11 nops ]
+ -- --=[ 9 evasion ]
Metasploit Documentation: https://docs.metasploit.com/
msf6 > search blue
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/windows/http/badblue_ext_overflow 2003-04-20 great Yes BadBlue 2.5 EXT.dll Buffer Overflow
1 exploit/windows/http/badblue_passthru 2007-12-10 great No BadBlue 2.72b PassThru Buffer Overflow
2 \_ target: BadBlue EE 2.7 Universal . . . .
3 \_ target: BadBlue 2.72b Universal . . . .
4 exploit/linux/local/bash_profile_persistence 1989-06-08 normal No Bash Profile Persistence
5 exploit/windows/misc/bcaaa_bof 2011-04-04 good No Blue Coat Authentication and Authorization Agent (BCAAA) 5 Buffer Overflow
6 exploit/windows/proxy/bluecoat_winproxy_host 2005-01-05 great No Blue Coat WinProxy Host Header Overflow
7 auxiliary/scanner/rdp/cve_2019_0708_bluekeep 2019-05-14 normal Yes CVE-2019-0708 BlueKeep Microsoft Remote Desktop RCE Check
8 \_ action: Crash . . . Trigger denial of service vulnerability
9 \_ action: Scan . . . Scan for exploitable targets
10 exploit/windows/rdp/cve_2019_0708_bluekeep_rce 2019-05-14 manual Yes CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
11 \_ target: Automatic targeting via fingerprinting . . . .
12 \_ target: Windows 7 SP1 / 2008 R2 (6.1.7601 x64) . . . .
13 \_ target: Windows 7 SP1 / 2008 R2 (6.1.7601 x64 - Virtualbox 6) . . . .
14 \_ target: Windows 7 SP1 / 2008 R2 (6.1.7601 x64 - VMWare 14) . . . .
15 \_ target: Windows 7 SP1 / 2008 R2 (6.1.7601 x64 - VMWare 15) . . . .
16 \_ target: Windows 7 SP1 / 2008 R2 (6.1.7601 x64 - VMWare 15.1) . . . .
17 \_ target: Windows 7 SP1 / 2008 R2 (6.1.7601 x64 - Hyper-V) . . . .
18 \_ target: Windows 7 SP1 / 2008 R2 (6.1.7601 x64 - AWS) . . . .
19 \_ target: Windows 7 SP1 / 2008 R2 (6.1.7601 x64 - QEMU/KVM) . . . .
20 auxiliary/dos/tcp/claymore_dos 2018-02-06 normal No Claymore Dual GPU Miner Format String dos attack
21 exploit/windows/ftp/easyftp_mkd_fixret 2010-04-04 great Yes EasyFTP Server MKD Command Stack Buffer Overflow
22 \_ target: Windows Universal - v1.7.0.2 . . . .
23 \_ target: Windows Universal - v1.7.0.3 . . . .
24 \_ target: Windows Universal - v1.7.0.4 . . . .
25 \_ target: Windows Universal - v1.7.0.5 . . . .
26 \_ target: Windows Universal - v1.7.0.6 . . . .
27 \_ target: Windows Universal - v1.7.0.7 . . . .
28 \_ target: Windows Universal - v1.7.0.8 . . . .
29 \_ target: Windows Universal - v1.7.0.9 . . . .
30 \_ target: Windows Universal - v1.7.0.10 . . . .
31 \_ target: Windows Universal - v1.7.0.11 . . . .
32 exploit/linux/http/github_enterprise_secret 2017-03-15 excellent Yes Github Enterprise Default Session Secret And Deserialization Vulnerability
33 post/windows/manage/install_ssh . normal No Install OpenSSH for Windows
34 post/windows/manage/install_python . normal No Install Python for Windows
35 exploit/windows/local/bthpan 2014-07-18 average Yes MS14-062 Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation
36 exploit/windows/smb/ms17_010_eternalblue 2017-03-14 average Yes MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
37 \_ target: Automatic Target . . . .
38 \_ target: Windows 7 . . . .
39 \_ target: Windows Embedded Standard 7 . . . .
40 \_ target: Windows Server 2008 R2 . . . .
41 \_ target: Windows 8 . . . .
42 \_ target: Windows 8.1 . . . .
43 \_ target: Windows Server 2012 . . . .
44 \_ target: Windows 10 Pro . . . .
45 \_ target: Windows 10 Enterprise Evaluation . . . .
46 exploit/windows/smb/ms17_010_psexec 2017-03-14 normal Yes MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
47 \_ target: Automatic . . . .
48 \_ target: PowerShell . . . .
49 \_ target: Native upload . . . .
50 \_ target: MOF upload . . . .
51 \_ AKA: ETERNALSYNERGY . . . .
52 \_ AKA: ETERNALROMANCE . . . .
53 \_ AKA: ETERNALCHAMPION . . . .
54 \_ AKA: ETERNALBLUE . . . .
55 auxiliary/admin/smb/ms17_010_command 2017-03-14 normal No MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
56 \_ AKA: ETERNALSYNERGY . . . .
57 \_ AKA: ETERNALROMANCE . . . .
58 \_ AKA: ETERNALCHAMPION . . . .
59 \_ AKA: ETERNALBLUE . . . .
60 auxiliary/scanner/smb/smb_ms17_010 . normal No MS17-010 SMB RCE Detection
61 \_ AKA: DOUBLEPULSAR . . . .
62 \_ AKA: ETERNALBLUE . . . .
63 exploit/windows/fileformat/word_msdtjs_rce 2022-05-29 excellent No Microsoft Office Word MSDTJS
64 exploit/windows/smb/smb_doublepulsar_rce 2017-04-14 great Yes SMB DOUBLEPULSAR Remote Code Execution
65 \_ target: Execute payload (x64) . . . .
66 \_ target: Neutralize implant . . . .
67 exploit/windows/local/cve_2020_0796_smbghost 2020-03-13 good Yes SMBv3 Compression Buffer Overflow
68 \_ AKA: SMBGhost . . . .
69 \_ AKA: CoronaBlue . . . .
70 exploit/windows/smb/cve_2020_0796_smbghost 2020-03-13 average Yes SMBv3 Compression Buffer Overflow
71 \_ AKA: SMBGhost . . . .
72 \_ AKA: CoronaBlue . . . .
73 exploit/unix/webapp/skybluecanvas_exec 2014-01-28 excellent Yes SkyBlueCanvas CMS Remote Code Execution
74 exploit/windows/misc/trendmicro_cmdprocessor_addtask 2011-12-07 good No TrendMicro Control Manger CmdProcessor.exe Stack Buffer Overflow
75 exploit/unix/webapp/jquery_file_upload 2018-10-09 excellent Yes blueimp's jQuery (Arbitrary) File Upload
76 \_ target: PHP Dropper . . . .
77 \_ target: Linux Dropper . . . .
78 exploit/linux/local/blueman_set_dhcp_handler_dbus_priv_esc 2015-12-18 excellent Yes blueman set_dhcp_handler D-Bus Privilege Escalation
Interact with a module by name or index. For example info 78, use 78 or use exploit/linux/local/blueman_set_dhcp_handler_dbus_priv_esc
msf6 >
どうやら使えそうだ。
