kali ini cakil akan share tutorial scan vulnerability with metasploit..
cekidots !!
bahan :
1.rokok
2.kopi
3.termux / terminal linux
oke buka terminal kamu..
ketik :
root@Mr.Cakil:~#msfconsole
msf > load wmap
.-.-.-..-.-.-..---..---.
| | | || | | || | || |-'
`-----'`-'-'-'`-^-'`-'
[WMAP 1.5.1] === et [ ] metasploit.com 2012
[*] Successfully loaded plugin: wmap
msf > wmap_sites -h
[*] Usage: wmap_sites [options]
-h Display this help text
-a [url] Add site (vhost,url)
-d [ids] Delete sites (separate ids with space)
-l List all available sites
-s [id] Display site structure (vhost,url|ids) (level) (unicode output true/false)
msf > wmap_sites -a http://target.com
[*] Site created.
msf > wmap_sites -l
[*] Available sites
===============
Id Host Vhost Port Proto # Pages # Forms
-- ---- ----- ---- ----- ------- -------
0 HostTarget HostTarget 80 http 0 0
1 HostTarget HostTarget 80 http 0 0
msf > wmap_targets -h
[*] Usage: wmap_targets [options]
-h Display this help text
-t [urls] Define target sites (vhost1,url[space]vhost2,url)
-d [ids] Define target sites (id1, id2, id3 ...)
-c Clean target sites list
-l List all target sites
msf > wmap_targets -t HostTarget
kita coba liat host target nya
msf > wmap_targets -l
[*] Defined targets
===============
Id Vhost Host Port SSL Path
-- ----- ---- ---- --- ----
0 HostTarget HostTarget 80 false /
sekarang kita coba liat gmn cara run nya
ketik:
msf > wmap_run -h
[*] Usage: wmap_run [options]
-h Display this help text
-t Show all enabled modules
-m [regex] Launch only modules that name match provided regex.
-p [regex] Only test path defined by regex.
-e [/path/to/profile] Launch profile modules against all matched targets.
(No profile file runs all enabled modules.)
msf > wmap_run -t
[*] Testing target:
[*] Site: HostTarget (HostTarget)
[*] Port: 80 SSL: false
============================================================
[*] Testing started. 2018-06-08 11:51:00 +0700
[*] Loading wmap modules...
[*] =[ SSL testing ]=
[*] ============================================================
[*] Target is not SSL. SSL modules disabled.
[*] =[ Web Server testing ]=
[*] ============================================================
[*] Loaded auxiliary/admin/http/contentkeeper_fileaccess ...
[*] Loaded auxiliary/admin/http/tomcat_administration ...
[*] Loaded auxiliary/admin/http/tomcat_utf8_traversal ...
[*] Loaded auxiliary/admin/http/trendmicro_dlp_traversal ...
tunggu sampai selesai..
sekarang kita coba scan lagi dengan mengetik :
msf > wmap_run -e
[*] Using ALL wmap enabled modules.
[-] NO WMAP NODES DEFINED. Executing local modules
[*] Testing target:
[*] Site: HostTarget (HostTarget)
[*] Port: 80 SSL: false
============================================================
[*] Testing started. 2018-06-08 11:51:00 +0700
[*] =[ SSL testing ]=
============================================================
[*] Target is not SSL. SSL modules disabled.
[*] =[ Web Server testing ]=
============================================================
[*] Module auxiliary/scanner/http/http_version
[*] HostTarget:80 Apache/2.2.8 (Ubuntu) DAV/2 ( Powered by PHP/5.2.4-2ubuntu5.10 )
[*] Module auxiliary/scanner/http/open_proxy
[*] Module auxiliary/scanner/http/robots_txt..
snip.....
snip.....
snip...
[*] Module auxiliary/scanner/http/soap_xml
[*] Path: /
[*] Server HostTarget:80 returned HTTP 404 for /. Use a different one.
[*] Module auxiliary/scanner/http/trace_axd
[*] Path: /
[*] Module auxiliary/scanner/http/verb_auth_bypass
[*] =[ Unique Query testing ]=
============================================================
[*] Module auxiliary/scanner/http/blind_sql_query
[*] Module auxiliary/scanner/http/error_sql_injection
[*] Module auxiliary/scanner/http/http_traversal
[*] Module auxiliary/scanner/http/rails_mass_assignment
[*] Module exploit/multi/http/lcms_php_exec
[*] =[ Query testing ]=
============================================================
[*] =[ General testing ]=
============================================================
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Launch completed in 212.01512002944946 seconds.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[*] Done.
sekarang kita liat. ada berapa banyak yang vuln..
ketik :
msf > wmap_vulns -l
[*] + [HOSTtarget] (HostTarget):
scraper /
[*] scraper Scraper
[*] GET Metasploitable2 - Linux
[*] + [HostTarget] (HostTarget):
directory /dav/
[*] directory Directory found.
[*] GET Res code: 200
[*] + [HostTarget] (HostTarget):
directory /cgi-bin/
[*] directory Directoy found.
[*] GET Res code: 403...
snip...
sekarang kita coba liat yang vuln nya
ketik :
msf > vulns
[*] Time: 2018-06-08 11:51:00 +0700
Vuln:
host=HostTarget port=80 proto=tcp name=auxiliary/scanner/http/options refs=CVE-2005-3398,CVE-2005-3498,OSVDB-877,BID-11604,BID-9506,BID-9561
msf >
ganti HostTarget sama target mu (liat gambar gan)
nah gmna.. mudah bukan hehe..
oke guys sekian dan terima kasih
0 Comments