'metasploit'에 해당되는 글 2

  1. 2008.09.29 Installing Old Version of ruby using MacPorts (3)
  2. 2008.09.07 Using the Metasploit as a VNC backdoor (1)
Last week I failed to demonstrate the usage of Metasploit. Because it had problem with ruby 1.8.7. You can find this issue at Metasploit's blog. It's very late time in Korea. So I'd like to write this subject shortly. 

1st, We verify the ruby's version which we want to install. We can find its revision number from below site. I found the revision number(36429) what I want to install.

2nd, We have to set up a local repository(mkdir /Users/Shared/dports) and in /opt/local/etc/macports/sources.conf add below line before rsync.

3rd, install ruby port into our local repository.
svn co -r 36429 http://svn.macports.org/repository/trunk/dports/lang/ruby/ lang/ruby/
svn co -r 36429 http://svn.macports.org/repository/macports/trunk/dports/lang/ruby/ lang/ruby/

4th, run portindex. 
portindex /Users/Shared/dports

5th, verify our ruby's port number in ports list. You can see the 1.8.6-p114.
port list

6th, install our old ruby port.
port install ruby @1.8.6-p114

We can see simple lines for installing ruby ports below. 
--->  Fetching ruby
--->  Attempting to fetch ruby-1.8.6-p114.tar.gz from http://www.ibiblio.org/pub/languages/ruby/1.8
--->  Attempting to fetch ruby-1.8.6-p114.tar.gz from http://mirrors.sunsite.dk/ruby/1.8
--->  Attempting to fetch ruby-1.8.6-p114.tar.gz from ftp://xyz.lcs.mit.edu/pub/ruby/1.8
--->  Verifying checksum(s) for ruby
--->  Extracting ruby
--->  Applying patches to ruby
--->  Configuring ruby
--->  Building ruby with target all
--->  Staging ruby into destroot
--->  Installing ruby 1.8.6-p114_0+darwin_9+thread_hooks
--->  Activating ruby 1.8.6-p114_0+darwin_9+thread_hooks
--->  Cleaning ruby

Finally, we can verify our installed ruby version. 
ruby -v

Good night! and be careful cold. T.T 

Using the Metasploit as a VNC backdoor

2008.09.07 13:05 | Posted by bar4mi
Recently my fellows often asked me to give a VNC backdoor. 

I made it to test client security about two years ago. It's just a shell which had some useful functions to handle the tight VNC client. It could make the tight VNC client to hide, to download, and to execute stealthily. I satisfied it before I met the improved Metasploit(http://www.metasploit.com/).

It was released July of 2003. I just regarded it as a tool which had some exploits. About the first of this year I studied it with my intimate elders(swbae, popeye) and some good people. Its usability was amazing. Its functions improved exceedingly when I met it first. I'd like to express my heartfelt thanks to H D Moore.

We can make a VNC backdoor using msfpayload which is in the Metasploit. The virtual environment and procedure likes a picture below.

First we make a VNC binary which will be executed and give me a whole control of the victim's PC. We can make it simply using msfpayload. 

Next, we have to launch the listener, which will waiting the victim's connection, using msfcli. LHOST is attacker's PC and RHOST is the victim's PC. It is required to disable the Courtesy Shell.

This step, we need to waiting for being executed by the victim. we can use many methods to do it. The success of this step is up to your social engineering or technique. If we succeed it, we can see the connection like below.

The ONE thing when we verify the connection is to take a whole control of the victim's PC. We can connect its VNC Server(localhost:5900) using VNC client. 

이전 1 다음

티스토리 툴바