Dos dengan Metasploit

################################################ buka msfconsole

Code:

msfconsole

ssssssssssssssssssssssssssssss

sss|=== |ssssss|===|sss

sss|        |ssssss|       |sss

ssss\         \sss/        /ssss

ssssss\       \s/       / sssss

sssssss\               /sssssss

ssssssss\.........../ssssssss

ssssssssssssssssssssssss

       =[ metasploit v4.0.0-release [core:4.0 api:1.0]

+ -- --=[ 716 exploits - 361 auxiliary - 68 post

+ -- --=[ 226 payloads - 27 encoders - 8 nops

       =[ svn r14726 updated 199 days ago (2011.08.01)

Warning: This copy of the Metasploit Framework was last updated 199 days ago.

         We recommend that you update the framework at least every other day.

         For information on updating your copy of Metasploit, please see:

             https://community.rapid7.com/docs/DOC-1306

msf>

################### buka wmap, sebelum wmap di load kita koneksikan dulu ke databasenya.

Code:

msf > db_connect -y /opt/framework/config/database.yml

[*] Using database driver postgresql

msf > load wmap

[*] [WMAP 1.0] ===  et [  ] metasploit.com 2011

[*] Successfully loaded plugin: wmap

ini command standar wmap

Code:

msf > help

Wmap Commands

=============

    Command       Description

    -------       -----------

    wmap_run      Test targets

    wmap_sites    Manage sites

    wmap_targets  Manage targets

############################ udah ada site dan target belum yah?? mari kita lihat

Code:

msf > wmap_sites -l

Available sites

===============

     Id  Host  Vhost  Port  # Pages  # Forms

     --  ----  -----  ----  -------  -------

msf > wmap_targets -l

[*] No targets have been defined

ternyata belum ada,, kita tambahin site nya dulu 

Code:

msf > wmap_sites -a http://depkes.go.id/

[*] Site created.

########################################### ok lihat lagi target nya

msf > wmap_sites -l

Available sites

===============

     Id  Host          Vhost         Port  # Pages  # Forms

     --  ----          -----         ----  -------  -------

     0   202.70.136.4  202.70.136.4  80    0        0

tambahin site nya ke target kita

Code:

msf > wmap_targets -t http://202.70.136.4

########################### waktunya menjalankan misi lihat option dulu yah

Code:

msf > wmap_run -h

[*] Usage: wmap_run [options]

    -h            Display this help text

    -t            Show all enabled modules

    -m [regex]    Launch only modules that name match provided regex.

    -e [/path/to/profile]        Launch profile modules against all matched targets.

                                No file runs all enabled modules.

############################ lihat dulu modul yang cocok sama target kita

Code:

msf > wmap_run -t

[*] Testing target:

[*]     Site: 202.70.136.4 (202.70.136.4)

[*]     Port: 80 SSL: false

============================================================

[*] Testing started. 2012-02-16 20:29:20 +0700

=[ SSL testing ]=

============================================================

[*] Target is not SSL. SSL modules disabled.

=[ Web Server testing ]=

============================================================

[*] Loaded auxiliary/admin/http/contentkeeper_fileaccess ...

[*] Loaded auxiliary/admin/http/tomcat_administration ...

[*] Loaded auxiliary/admin/http/tomcat_utf8_traversal ...

[*] Loaded auxiliary/scanner/http/frontpage_login ...

[*] Loaded auxiliary/scanner/http/http_version ...

[*] Loaded auxiliary/scanner/http/open_proxy ...

[*] Loaded auxiliary/scanner/http/options ...

[*] Loaded auxiliary/scanner/http/robots_txt ...

[*] Loaded auxiliary/scanner/http/svn_scanner ...

[*] Loaded auxiliary/scanner/http/verb_auth_bypass ...

[*] Loaded auxiliary/scanner/http/vhost_scanner ...

[*] Loaded auxiliary/scanner/http/web_vulndb ...

[*] Loaded auxiliary/scanner/http/webdav_internal_ip ...

[*] Loaded auxiliary/scanner/http/webdav_scanner ...

[*] Loaded auxiliary/scanner/http/webdav_website_content ...

=[ File/Dir testing ]=

============================================================

[*] Loaded auxiliary/scanner/http/backup_file ...

[*] Loaded auxiliary/scanner/http/brute_dirs ...

[*] Loaded auxiliary/scanner/http/copy_of_file ...

[*] Loaded auxiliary/scanner/http/dir_listing ...

[*] Loaded auxiliary/scanner/http/dir_scanner ...

[*] Loaded auxiliary/scanner/http/dir_webdav_unicode_bypass ...

[*] Loaded auxiliary/scanner/http/file_same_name_dir ...

[*] Loaded auxiliary/scanner/http/files_dir ...

[*] Loaded auxiliary/scanner/http/ms09_020_webdav_unicode_bypass ...

[*] Loaded auxiliary/scanner/http/prev_dir_same_name_file ...

[*] Loaded auxiliary/scanner/http/replace_ext ...

[*] Loaded auxiliary/scanner/http/trace_axd ...

[*] Loaded auxiliary/scanner/http/writable ...

=[ Unique Query testing ]=

============================================================

[*] Loaded auxiliary/scanner/http/blind_sql_query ...

[*] Loaded auxiliary/scanner/http/error_sql_injection ...

=[ Query testing ]=

============================================================

=[ General testing ]=

============================================================

[*] Analysis completed in 5.741826057434082 seconds.

[*] Done.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

############################################ ok melakukan scanning

Code:

wmap_run -e

[*] Using ALL wmap enabled modules.

[*] Testing target:

[*]     Site: 202.70.136.4 (202.70.136.4)

[*]     Port: 80 SSL: false

============================================================

[*] Testing started. 2012-02-16 20:31:36 +0700

=[ SSL testing ]=

============================================================

[*] Target is not SSL. SSL modules disabled.

=[ Web Server testing ]=

============================================================

Module auxiliary/admin/http/contentkeeper_fileaccess

[*] Attempting to connect to 202.70.136.4:80

[-] Attempt returned HTTP error 404 on 202.70.136.4:80 Response: 

Not Found

The requested URL /cgi-bin/ck/mimencode was not found on this server.

---

Apache/2.2.3 (CentOS) Server at 202.70.136.4 Port 80

Module auxiliary/admin/http/tomcat_administration

Module auxiliary/admin/http/tomcat_utf8_traversal

[*] Attempting to connect to 202.70.136.4:80

[-] Attempt #1 returned HTTP error 404 on 202.70.136.4:80

[-] Attempt #2 returned HTTP error 404 on 202.70.136.4:80

[-] Attempt #3 returned HTTP error 404 on 202.70.136.4:80

[-] Attempt #4 returned HTTP error 404 on 202.70.136.4:80

[-] Attempt #5 returned HTTP error 404 on 202.70.136.4:80

[-] Attempt #6 returned HTTP error 404 on 202.70.136.4:80

[-] Attempt #7 returned HTTP error 404 on 202.70.136.4:80

Module auxiliary/scanner/http/frontpage_login

[*] http://202.70.136.4/ may not support FrontPage Server Extensions

Module auxiliary/scanner/http/http_version

[*] 202.70.136.4 Apache/2.2.3 (CentOS) ( Powered by PHP/5.1.6 )

Module auxiliary/scanner/http/open_proxy

Module auxiliary/scanner/http/options

Module auxiliary/scanner/http/robots_txt

[*] [202.70.136.4] /robots.txt found

Module auxiliary/scanner/http/svn_scanner

[*] Using code '404' as not found.

Module auxiliary/scanner/http/verb_auth_bypass

[*] [202.70.136.4] Authentication not required. / 200

Module auxiliary/scanner/http/vhost_scanner

[*]  >> Exception during launch from auxiliary/scanner/http/vhost_scanner: The following options failed to validate: DOMAIN.

Module auxiliary/scanner/http/web_vulndb

[*]  >> Exception during launch from auxiliary/scanner/http/web_vulndb: The following options failed to validate: VULNCSV.

Module auxiliary/scanner/http/webdav_internal_ip

Module auxiliary/scanner/http/webdav_scanner

Module auxiliary/scanner/http/webdav_website_content

=[ File/Dir testing ]=

============================================================

Module auxiliary/scanner/http/backup_file:

Module auxiliary/scanner/http/brute_dirs:

[*] Path: /

[*] Using code '404' as not found.

Module auxiliary/scanner/http/copy_of_file:

Module auxiliary/scanner/http/dir_listing:

[*] Path: /

Module auxiliary/scanner/http/dir_scanner:

[*] Path: /

[*] Detecting error code

[*] Using code '404' as not found for 202.70.136.4

[*] Found http://202.70.136.4:80/CHANGELOG/ 200 (202.70.136.4)

[*] Found http://202.70.136.4:80/LICENSE/ 200 (202.70.136.4)

[*] Found http://202.70.136.4:80/administrator/ 303 (202.70.136.4)

[*] Found http://202.70.136.4:80/cache/ 200 (202.70.136.4)

[*] Found http://202.70.136.4:80/cgi-bin/ 403 (202.70.136.4)

Module auxiliary/scanner/http/dir_webdav_unicode_bypass:

[*] Path: /

[*] Using code '404' as not found.

Module auxiliary/scanner/http/file_same_name_dir:

[*] Path: /

[-] Blank or default PATH set.

Module auxiliary/scanner/http/files_dir:

[*] Path: /

[*] Using code '404' as not found for files with extension .null

Module auxiliary/scanner/http/ms09_020_webdav_unicode_bypass:

[*] Path: /

[-] NO Response.

Module auxiliary/scanner/http/prev_dir_same_name_file:

[*] Path: /

[-] Blank or default PATH set.

Module auxiliary/scanner/http/replace_ext:

Module auxiliary/scanner/http/trace_axd:

[*] Path: /

Module auxiliary/scanner/http/writable:

[*] Path: /

=[ Unique Query testing ]=

============================================================

=[ Query testing ]=

============================================================

=[ General testing ]=

============================================================

######################################## yuk mari kita lihat hasilnya

Code:

msf > hosts -c address,svcs,vulns

Hosts

=====

address         svcs  vulns

-------         ----  -----

192.168.100.10  1     0

202.70.136.4    1     0

####################################### ternyata sitenya gak vuln -_-