• Importing Data
    		•

    | Chapter 5: Automated Exploits




    Download 22,59 Mb.
    Pdf ko'rish
    bet151/225
    Sana14.05.2024
    Hajmi22,59 Mb.
    #232856
    1   ...   147   148   149   150   151   152   153   154   ...   225
    Bog'liq
    learningkalilinux

    160 | Chapter 5: Automated Exploits

    Exploits are essentially the same as the auxiliary module. You still have to 
    use
    the
    module. You will have variables that need to be set. You will still need to set your tar‐
    get, though with an exploit you are looking at only a single system, which makes the
    variable 
    RHOST
    rather than 
    RHOSTS
    . Also, with an exploit, you will likely have an
    RPORT
    variable to set. This is one that would typically have a default set based on the
    service that is being targeted. However, services aren’t always run on the default port.
    So, the variable is there if you need to reset it and it will be required, but you may not
    need to touch it. 
    related to a vulnerability with the distributed C compiler service, 
    distcc
    .
    Example 5-12. Options for distcc exploit
    msf exploit
    (
    unix/misc/distcc_exec
    )
    > show options
    Module options 
    (
    exploit/unix/misc/distcc_exec
    )
    :
    Name Current Setting Required Description
    ---- --------------- -------- -----------
    RHOST yes The target address
    RPORT
    3632
    yes The target port 
    (
    TCP
    )
    Exploit target:
    Id Name
    -- ----
    0
    Automatic Target
    You will see the target listed, which is the variation of the exploit to use in this case
    rather than being a specific IP address to target. Some exploits will have different tar‐
    gets, which you may see with Windows exploits. This is because versions of Windows
    such as Windows 7, 8, and 10 have different memory structures and the services may
    behave differently. This may force the exploit to behave differently based on the ver‐
    sion of the operating system targeted. You may get an automatic target with the abil‐
    ity to change. Since this particular service isn’t impacted by differences in the
    operating system, there is no need for different targets.
    Importing Data
    Metasploit can use outside resources to populate the database. The first thing we can
    do is use 
    nmap
    from within 
    msfconsole
    . This will automatically populate the database
    with any hosts that are found and the services that are running. Rather than calling
    nmap
    directly, you use 
    db_nmap
    , but you would still use the same command-line
    parameters. 
    db_nmap
    to do a SYN scan with the highest
    throttle rate possible, which will hopefully make it complete faster.

    Download 22,59 Mb.
    1   ...   147   148   149   150   151   152   153   154   ...   225




    Download 22,59 Mb.
    Pdf ko'rish