Posts Subscribe comment Comments

rumahku sorgaku » » Pelajaran terakhir dari metasploit adalah scanner !!!

Pelajaran terakhir dari metasploit adalah scanner !!!

1. DCRRPC kita gunakan untuk melihat bentuk layanan apa saja yang tersedia di berbagai server ,

msf > use auxiliary/scanner/dcerpc/endpoint_mapper
msf auxiliary(endpoint_mapper) > show options

Module options:

... Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
RPORT 135 yes The target port
THREADS 1 yes The number of concurrent threads

msf auxiliary(endpoint_mapper) > set RHOSTS 173.236.56.106-120
RHOSTS => 173.236.56.106-120
msf auxiliary(endpoint_mapper) > set THREADS 55
THREADS => 55
msf auxiliary(endpoint_mapper) > run

[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
...[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Could not connect to the endpoint mapper service
[*] Could not connect to the endpoint mapper service
[*] Could not connect to the endpoint mapper service
[*] Could not connect to the endpoint mapper service
[*] Could not connect to the endpoint mapper service
[*] Could not connect to the endpoint mapper service
[*] Could not connect to the endpoint mapper service
[*] Could not connect to the endpoint mapper service
[*] Could not connect to the endpoint mapper service
[*] Could not connect to the endpoint mapper service
[*] Scanned 07 of 15 hosts (046% complete)
[*] Could not connect to the endpoint mapper service
[*] Could not connect to the endpoint mapper service
[*] Could not connect to the endpoint mapper service
[*] Scanned 10 of 15 hosts (066% complete)
[*] Scanned 13 of 15 hosts (086% complete)
[*] Could not connect to the endpoint mapper service
[*] Scanned 14 of 15 hosts (093% complete)
[*] Could not connect to the endpoint mapper service
[*] Scanned 15 of 15 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(endpoint_mapper) >
 
1.b. DRPC hidden sering kita gunakan untuk melihat apakah akses anonymous diizinkan oleh PC target .
msf > use auxiliary/scanner/dcerpc/hidden
msf auxiliary(hidden) > show options

Module options:

... Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
THREADS 1 yes The number of concurrent threads

msf auxiliary(hidden) > set RHOSTS 173.236.56.106-120
RHOSTS => 173.236.56.106-120
msf auxiliary(hidden) > set THREADS 55
THREADS => 55
msf auxiliary(hidden) > run

[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
...[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Connecting to the endpoint mapper service...
[*] Could not connect to the endpoint mapper service
[*] Could not contact the endpoint mapper on 173.236.56.114
[*] Could not connect to the endpoint mapper service
[*] Could not contact the endpoint mapper on 173.236.56.115
[*] Could not connect to the endpoint mapper service
[*] Could not contact the endpoint mapper on 173.236.56.113
[*] Could not connect to the endpoint mapper service
[*] Could not contact the endpoint mapper on 173.236.56.116
[*] Could not connect to the endpoint mapper service
[*] Could not contact the endpoint mapper on 173.236.56.117
[*] Could not connect to the endpoint mapper service
[*] Could not contact the endpoint mapper on 173.236.56.118
[*] Could not connect to the endpoint mapper service
[*] Could not connect to the endpoint mapper service
[*] Could not contact the endpoint mapper on 173.236.56.106
[*] Could not contact the endpoint mapper on 173.236.56.107
[*] Scanned 07 of 15 hosts (046% complete)
[*] Scanned 08 of 15 hosts (053% complete)
[*] Could not connect to the endpoint mapper service
[*] Could not contact the endpoint mapper on 173.236.56.108
[*] Scanned 09 of 15 hosts (060% complete)
[*] Could not connect to the endpoint mapper service
[*] Could not contact the endpoint mapper on 173.236.56.109
[*] Scanned 10 of 15 hosts (066% complete)
[*] Could not connect to the endpoint mapper service
[*] Could not connect to the endpoint mapper service
[*] Could not contact the endpoint mapper on 173.236.56.110
[*] Could not contact the endpoint mapper on 173.236.56.111
[*] Scanned 11 of 15 hosts (073% complete)
[*] Could not connect to the endpoint mapper service
[*] Could not contact the endpoint mapper on 173.236.56.112
[*] Scanned 12 of 15 hosts (080% complete)
[*] Scanned 13 of 15 hosts (086% complete)
[*] Could not connect to the endpoint mapper service
[*] Could not connect to the endpoint mapper service
[*] Could not contact the endpoint mapper on 173.236.56.119
[*] Could not contact the endpoint mapper on 173.236.56.120
[*] Scanned 14 of 15 hosts (093% complete)
[*] Scanned 15 of 15 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(hidden) >
 
1.c Kita cek yuk apakah ada fasilitas remote DRPC ?
 
 
msf > use auxiliary/scanner/dcerpc/management
msf auxiliary(management) > set RHOSTS 173.236.56.106-120
RHOSTS => 173.236.56.106-120
msf auxiliary(management) > set THREADS 55
THREADS => 55

msf auxiliary(management) > run

[*] Remote Management Interface Error: The connection was refused by the remote host (173.236.56.113:135).
[*] Remote Management Interface Error: The connection was refused by the remote host (173.236.56.114:13...5).
[*] Remote Management Interface Error: The connection was refused by the remote host (173.236.56.116:135).
[*] Remote Management Interface Error: The connection was refused by the remote host (173.236.56.115:135).
[*] Remote Management Interface Error: The connection was refused by the remote host (173.236.56.118:135).
[*] Remote Management Interface Error: The connection was refused by the remote host (173.236.56.117:135).
[*] Remote Management Interface Error: The connection timed out (173.236.56.106:135).
[*] Scanned 07 of 15 hosts (046% complete)
[*] Remote Management Interface Error: The connection timed out (173.236.56.107:135).
[*] Scanned 08 of 15 hosts (053% complete)
[*] Remote Management Interface Error: The connection timed out (173.236.56.108:135).
[*] Scanned 09 of 15 hosts (060% complete)
[*] Remote Management Interface Error: The connection timed out (173.236.56.109:135).
[*] Remote Management Interface Error: The connection timed out (173.236.56.110:135).
[*] Scanned 10 of 15 hosts (066% complete)
[*] Scanned 11 of 15 hosts (073% complete)
[*] Remote Management Interface Error: The connection timed out (173.236.56.112:135).
[*] Remote Management Interface Error: The connection timed out (173.236.56.111:135).
[*] Scanned 13 of 15 hosts (086% complete)
[*] Remote Management Interface Error: The connection timed out (173.236.56.120:135).
[*] Remote Management Interface Error: The connection timed out (173.236.56.119:135).
[*] Scanned 15 of 15 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(management) >

kita lihat tidak ada kan fasilitas remote drcp di server.....

bila ada kita bisa melakukan audit lho dengan metode seperti ini:


msf > use auxiliary/scanner/dcerpc/tcp_dcerpc_auditor
msf auxiliary(tcp_dcerpc_auditor) > set RHOSTS 173.236.56.106-120
RHOSTS => 173.236.56.106-120
msf auxiliary(tcp_dcerpc_auditor) > set THREADS 55
THREADS => 55
...msf auxiliary(tcp_dcerpc_auditor) > run

The connection was refused by the remote host (173.236.56.114:135).
The connection was refused by the remote host (173.236.56.113:135).
The connection was refused by the remote host (173.236.56.117:135).
The connection was refused by the remote host (173.236.56.115:135).
The connection was refused by the remote host (173.236.56.116:135).
The connection was refused by the remote host (173.236.56.118:135).
The connection timed out (173.236.56.107:135).
The connection timed out (173.236.56.106:135).
[*] Scanned 08 of 15 hosts (053% complete)
The connection timed out (173.236.56.108:135).
[*] Scanned 09 of 15 hosts (060% complete)
The connection timed out (173.236.56.109:135).
[*] Scanned 10 of 15 hosts (066% complete)
The connection timed out (173.236.56.110:135).
[*] Scanned 11 of 15 hosts (073% complete)
The connection timed out (173.236.56.111:135).
[*] Scanned 12 of 15 hosts (080% complete)
The connection timed out (173.236.56.112:135).
[*] Scanned 13 of 15 hosts (086% complete)
The connection timed out (173.236.56.119:135).
[*] Scanned 14 of 15 hosts (093% complete)
The connection timed out (173.236.56.120:135).
[*] Scanned 15 of 15 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(tcp_dcerpc_auditor) >

kita lanjutkan ke scanning Discovery...

msf > use auxiliary/scanner/discovery/arp_sweep
msf auxiliary(arp_sweep) > show options

Module options:

... Name Current Setting Required Description
---- --------------- -------- -----------
INTERFACE no The name of the interface
PCAPFILE no The name of the PCAP capture file to process
RHOSTS yes The target address range or CIDR identifier
SHOST yes Source IP Address
SMAC yes Source MAC Address
THREADS 1 yes The number of concurrent threads
TIMEOUT 500 yes The number of seconds to wait for new data

msf auxiliary(arp_sweep) > set RHOSTS 180.246.53.204-255
RHOSTS => 180.246.53.204-255
msf auxiliary(arp_sweep) > set SHOST 180.246.53.203
SHOST => 180.246.53.203
msf auxiliary(arp_sweep) > set SMAC 6c:f0:49:86:40:e6
SMAC => 6c:f0:49:86:40:e6
msf auxiliary(arp_sweep) > set THREADS 55
THREADS => 55
msf auxiliary(arp_sweep) > run

[*] The Pcaprub module is not available: no such file to load -- pcaprub
[-] Auxiliary failed: RuntimeError Pcaprub not available
[-] Call stack:
[-] /opt/framework-3.5.1/msf3/lib/msf/core/exploit/capture.rb:355:in `check_pcaprub_loaded'
[-] /opt/framework-3.5.1/msf3/lib/msf/core/auxiliary/scanner.rb:194:in `join'
[-] /opt/framework-3.5.1/msf3/lib/msf/core/auxiliary/scanner.rb:194:in `run'
[*] Auxiliary module execution completed
msf auxiliary(arp_sweep) >


Untuk IPv6 jg sama nie.. caranya..
use auxiliary/scanner/discovery/ipv6_neighbor

msf > use auxiliary/scanner/discovery/udp_probe
msf auxiliary(udp_probe) > show options

Module options:

... Name Current Setting Required Description
---- --------------- -------- -----------
CHOST no The local client address
RHOSTS yes The target address range or CIDR identifier
THREADS 1 yes The number of concurrent threads
VERBOSE false no Enable verbose output

msf auxiliary(udp_probe) > set RHOSTS msf > use auxiliary/scanner/discovery/udp_probe
RHOSTS => msf > use auxiliary/scanner/discovery/udp_probe
msf auxiliary(udp_probe) > set RHOSTS 180.246.53.203-205
RHOSTS => 180.246.53.203-205
msf auxiliary(udp_probe) > set THREADS 253
THREADS => 253
msf auxiliary(udp_probe) > run

[*] Discovered SNMP on 180.246.53.203:161 (TD-8817)
[*] Discovered SNMP on 180.246.53.203:161 (TD-8817)
[*] Scanned 1 of 3 hosts (033% complete)
[*] Scanned 2 of 3 hosts (066% complete)
[*] Scanned 3 of 3 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(udp_probe) >
 
msf > use auxiliary/scanner/discovery/udp_probe
msf auxiliary(udp_probe) > show options

Module options:

... Name Current Setting Required Description
---- --------------- -------- -----------
CHOST no The local client address
RHOSTS yes The target address range or CIDR identifier
THREADS 1 yes The number of concurrent threads
VERBOSE false no Enable verbose output

msf auxiliary(udp_probe) > set RHOSTS msf > use auxiliary/scanner/discovery/udp_probe
RHOSTS => msf > use auxiliary/scanner/discovery/udp_probe
msf auxiliary(udp_probe) > set RHOSTS 180.246.53.203-205
RHOSTS => 180.246.53.203-205
msf auxiliary(udp_probe) > set THREADS 253
THREADS => 253
msf auxiliary(udp_probe) > run

[*] Discovered SNMP on 180.246.53.203:161 (TD-8817)
[*] Discovered SNMP on 180.246.53.203:161 (TD-8817)
[*] Scanned 1 of 3 hosts (033% complete)
[*] Scanned 2 of 3 hosts (066% complete)
[*] Scanned 3 of 3 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(udp_probe) > back
msf > set RHOSTS msf > use auxiliary/scanner/discovery/udp_sweep
RHOSTS => msf > use auxiliary/scanner/discovery/udp_sweep
msf > use auxiliary/scanner/discovery/udp_sweep
msf auxiliary(udp_sweep) > set RHOSTS 180.246.53.203-205
RHOSTS => 180.246.53.203-205
msf auxiliary(udp_sweep) > set THREADS 253
THREADS => 253
msf auxiliary(udp_sweep) > run

[*] Sending 10 probes to 180.246.53.203->180.246.53.205 (3 hosts)
[*] Discovered SNMP on 180.246.53.203:161 (TD-8817)
[*] Discovered SNMP on 180.246.53.203:161 (TD-8817)
[*] Discovered DNS on 192.168.1.1:53 (d18c850000010000000100000756455253494f4e0442494e440000100003c00c00060003000151800023c00c0a686f73746d6173746572c00c000000000000708000001c2000093a8000015180)
[*] Scanned 3 of 3 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(udp_sweep) >
 
Untuk mengecek apakah bisa memasuki ftp menggunakan user anonymous..??
msf > use auxiliary/scanner/ftp/anonymous
msf auxiliary(anonymous) > show options

Module options:

... Name Current Setting Required Description
---- --------------- -------- -----------
FTPPASS mozilla@example.com no The password for the specified username
FTPUSER anonymous no The username to authenticate as
RHOSTS msf > use auxiliary/scanner/discovery/udp_sweep yes The target address range or CIDR identifier
RPORT 21 yes The target port
THREADS 1 yes The number of concurrent threads

msf auxiliary(anonymous) > set RHOSTS 180.246.53.203-205
RHOSTS => 180.246.53.203-205
msf auxiliary(anonymous) > set THREADS 55
THREADS => 55
msf auxiliary(anonymous) > run

[*] Scanned 1 of 3 hosts (033% complete)
[*] Scanned 3 of 3 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(anonymous) >
 
msf auxiliary(ftp_version) > set RHOSTS 180.246.53.203-205
RHOSTS => 180.246.53.203-205
msf auxiliary(ftp_version) > set THREADS 55
THREADS => 55
msf auxiliary(ftp_version) > run
...
[*] 180.246.53.203:21 FTP Banner: '220 TP-LINK FTP version 1.0 ready at Tue Mar 22 16:45:27 2011\x0d\x0a'
[*] Scanned 1 of 3 hosts (033% complete)
[*] Scanned 2 of 3 hosts (066% complete)
[*] Scanned 3 of 3 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(ftp_version) >
 
Nah kita masuk ke http scanner, ni yang paling menarik..
http/cert - http/dir_listing - http/dir_scanner - http/dir_webdav_unicode_bypass - http/enum_delicious - http/enum_wayback - http/files_dir - http/http_login - http/open_proxy - http/options - http/robots_txt - http/ssl - http/http_version - http/tomcat_mgr_login - http/verb_auth_bypass - http/webdav_scanner - http/webdav_website_content - http/wordpress_login_enum

msf > use auxiliary/scanner/http/cert
msf auxiliary(cert) > show options

Module options:

... Name Current Setting Required Description
---- --------------- -------- -----------
ISSUER .* yes Show a warning if the Issuer doesn't match this regex
RHOSTS msf > use auxiliary/scanner/discovery/udp_sweep yes The target address range or CIDR identifier
RPORT 443 yes The target port
SHOWALL false no Show all certificates (issuer,time) regardless of match
THREADS 1 yes The number of concurrent threads

msf auxiliary(cert) > set RHOSTS 173.236.56.106
RHOSTS => 173.236.56.106
msf auxiliary(cert) > set THREADS 254
THREADS => 254

kita lihat berapa server yang satu jaringan .....

kita lakukan run

msf auxiliary(cert) > run

[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(cert) > set RHOSTS 173.236.56.106/24
...RHOSTS => 173.236.56.106/24
msf auxiliary(cert) > set THREADS 254
THREADS => 254
msf auxiliary(cert) > run

[*] 173.236.56.11 - 'madelynsclassicbedding.com' : 'Wed Dec 22 00:00:00 UTC 2010' - 'Thu Dec 22 23:59:59 UTC 2011'
[*] 173.236.56.13 - 'www.vvskivvys.com' : 'Mon Nov 08 00:00:00 UTC 2010' - 'Tue Nov 15 23:59:59 UTC 2011'
[*] 173.236.56.14 - 'www.tagshopstuff.com' : 'Wed Dec 15 00:00:00 UTC 2010' - 'Fri Dec 30 23:59:59 UTC 2011'
[*] 173.236.56.74 - 'xiaomenkou.info' : 'Tue Nov 16 18:24:20 UTC 2010' - 'Sat Nov 19 07:01:24 UTC 2011'
[*] 173.236.56.12 - 'www.hummul.com' : 'Wed Sep 15 00:00:00 UTC 2010' - 'Wed Sep 21 23:59:59 UTC 2011'
[*] 173.236.56.77 - 'vps.funkymunks.com' : 'Tue Oct 12 12:53:11 UTC 2010' - 'Wed Oct 12 12:53:11 UTC 2011'
[*] 173.236.56.188 - 'lum-tec.com' : 'Fri Mar 11 00:37:28 UTC 2011' - 'Sat Mar 10 03:04:49 UTC 2012'
[*] 173.236.56.246 - 'server.rnweb.com.br' : 'Mon Jul 12 12:55:06 UTC 2010' - 'Tue Jul 12 12:55:06 UTC 2011'
[*] 173.236.56.245 - 'server.rnweb.com.br' : 'Mon Jul 12 12:55:06 UTC 2010' - 'Tue Jul 12 12:55:06 UTC 2011'
[*] 173.236.56.108 - 'www.myclientzone.co.uk' : 'Thu Nov 04 00:00:00 UTC 2010' - 'Fri Nov 04 23:59:59 UTC 2011'
[*] 173.236.56.174 - 'tweople.com' : 'Fri Jan 07 20:39:26 UTC 2011' - 'Sat Jan 07 20:39:26 UTC 2012'
[*] 173.236.56.171 - 'www.yakkingheads.com' : 'Mon Sep 20 22:47:23 UTC 2010' - 'Tue Sep 20 21:59:06 UTC 2011'
[*] 173.236.56.76 - 'www.gospelreggae.com' : 'Fri Jan 21 05:29:38 UTC 2011' - 'Fri Jul 08 00:48:44 UTC 2011'
[+] 173.236.56.173 - 'tinywebpeople.com' : 'Fri Mar 12 18:57:11 UTC 2010' - 'Sat Mar 12 18:57:11 UTC 2011' (EXPIRED)'
[*] 173.236.56.98 - 'www.candlelightsolutions.com' : 'Wed Apr 07 00:51:25 UTC 2010' - 'Sat Apr 09 04:04:36 UTC 2011'
[*] 173.236.56.150 - 'jghelectronicsstore.com' : 'Sat Aug 28 14:28:53 UTC 2010' - 'Wed Aug 31 07:39:04 UTC 2011'
[*] 173.236.56.244 - 'server.rnweb.com.br' : 'Mon Jul 12 12:55:06 UTC 2010' - 'Tue Jul 12 12:55:06 UTC 2011'
[+] 173.236.56.203 - 'www.postclicks.net' : 'Thu Feb 25 00:00:00 UTC 2010' - 'Sat Feb 26 23:59:59 UTC 2011' (EXPIRED)'
[*] 173.236.56.172 - 'yourvideopartner.com' : 'Fri Jan 07 20:49:23 UTC 2011' - 'Sat Jan 07 20:49:23 UTC 2012'
[*] 173.236.56.130 - 'www.countrybabyproducts.com' : 'Wed May 19 18:34:58 UTC 2010' - 'Sun May 22 11:06:15 UTC 2011'
[*] 173.236.56.187 - 'wiegandwatches.net' : 'Tue Feb 22 06:54:28 UTC 2011' - 'Wed Feb 22 03:30:28 UTC 2012'
[*] 173.236.56.250 - 'www.musiccomputing.com' : 'Tue Oct 19 06:13:00 UTC 2010' - 'Wed Oct 19 06:13:00 UTC 2011'
[*] 173.236.56.75 - 'vps.openscope.net' : 'Thu Sep 30 18:46:23 UTC 2010' - 'Fri Sep 30 18:46:23 UTC 2011'
[*] 173.236.56.243 - 'server.rnweb.com.br' : 'Mon Jul 12 12:55:06 UTC 2010' - 'Tue Jul 12 12:55:06 UTC 2011'
[*] 173.236.56.78 - 'vps.sellmyretro.com' : 'Wed Oct 13 12:59:52 UTC 2010' - 'Thu Oct 13 12:59:52 UTC 2011'
[*] Scanned 158 of 256 hosts (061% complete)
[*] Scanned 185 of 256 hosts (072% complete)
[*] Scanned 192 of 256 hosts (075% complete)
[*] Scanned 193 of 256 hosts (075% complete)
[*] Scanned 197 of 256 hosts (076% complete)
[*] Scanned 213 of 256 hosts (083% complete)
[*] Scanned 214 of 256 hosts (083% complete)
[*] Scanned 215 of 256 hosts (083% complete)
[*] Scanned 232 of 256 hosts (090% complete)
[*] 173.236.56.242 - 'server.rnweb.com.br' : 'Mon Jul 12 12:55:06 UTC 2010' - 'Tue Jul 12 12:55:06 UTC 2011'
[*] 173.236.56.251 - 'descontos.tur.br' : 'Tue Mar 15 04:13:41 UTC 2011' - 'Thu Mar 15 04:13:41 UTC 2012'
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(cert) > ping madelynsclassicbedding.com
[*] exec: ping madelynsclassicbedding.com

PING madelynsclassicbedding.com (173.236.56.11) 56(84) bytes of data.
64 bytes from madelynsclassicbedding.com (173.236.56.11): icmp_req=1 ttl=44 time=388 ms
64 bytes from madelynsclassicbedding.com (173.236.56.11): icmp_req=2 ttl=44 time=310 ms
64 bytes from madelynsclassicbedding.com (173.236.56.11): icmp_req=3 ttl=44 time=315 ms
64 bytes from madelynsclassicbedding.com (173.236.56.11): icmp_req=4 ttl=44 time=310 ms
^CInterrupt: use the 'exit' command to quit
msf auxiliary(cert) >
 
sekarang kita coba untuk komputer server mana yang memiliki daftar direktory kita coba dengan perintah.

msf > use auxiliary/scanner/http/dir_listing
msf auxiliary(dir_listing) > show options

Module options:

... Name Current Setting Required Description
---- --------------- -------- -----------
PATH / yes The path to identify directoy listing
Proxies no Use a proxy chain
RHOSTS msf > use auxiliary/scanner/discovery/udp_sweep yes The target address range or CIDR identifier
RPORT 80 yes The target port
THREADS 1 yes The number of concurrent threads
VHOST no HTTP server virtual host

msf auxiliary(dir_listing) > set RHOSTS 173.236.56.106/24
RHOSTS => 173.236.56.106/24
msf auxiliary(dir_listing) > set THREADS 55
THREADS => 55
msf auxiliary(dir_listing) > run

[*] Found Directory Listing http://173.236.56.3:80/
[*] NOT Vulnerable to directory listing http://173.236.56.27:80/
[*] NOT Vulnerable to directory listing http://173.236.56.28:80/
[*] NOT Vulnerable to directory listing http://173.236.56.29:80/
[*] NOT Vulnerable to directory listing http://173.236.56.26:80/
[*] NOT Vulnerable to directory listing http://173.236.56.30:80/
[*] NOT Vulnerable to directory listing http://173.236.56.46:80/
[*] Scanned 030 of 256 hosts (011% complete)
[*] NOT Vulnerable to directory listing http://173.236.56.66:80/
[*] NOT Vulnerable to directory listing http://173.236.56.67:80/
[*] NOT Vulnerable to directory listing http://173.236.56.68:80/
[*] NOT Vulnerable to directory listing http://173.236.56.70:80/
[*] Scanned 064 of 256 hosts (025% complete)
[*] NOT Vulnerable to directory listing http://173.236.56.69:80/
[*] NOT Vulnerable to directory listing http://173.236.56.74:80/
[*] NOT Vulnerable to directory listing http://173.236.56.84:80/
[*] NOT Vulnerable to directory listing http://173.236.56.82:80/
[*] NOT Vulnerable to directory listing http://173.236.56.90:80/
[*] NOT Vulnerable to directory listing http://173.236.56.93:80/
[*] NOT Vulnerable to directory listing http://173.236.56.86:80/
[*] NOT Vulnerable to directory listing http://173.236.56.94:80/
[*] NOT Vulnerable to directory listing http://173.236.56.108:80/
[*] Scanned 109 of 256 hosts (042% complete)
[*] Found Directory Listing http://173.236.56.125:80/
[*] NOT Vulnerable to directory listing http://173.236.56.148:80/
[*] Found Directory Listing http://173.236.56.149:80/
[*] Scanned 143 of 256 hosts (055% complete)
[*] NOT Vulnerable to directory listing http://173.236.56.171:80/
[*] NOT Vulnerable to directory listing http://173.236.56.173:80/
[*] NOT Vulnerable to directory listing http://173.236.56.174:80/
[*] NOT Vulnerable to directory listing http://173.236.56.165:80/
[*] Scanned 196 of 256 hosts (076% complete)
[*] NOT Vulnerable to directory listing http://173.236.56.203:80/
[*] NOT Vulnerable to directory listing http://173.236.56.218:80/
 
 
 is DONE !!

 

0

Silahkan Tulis Komentar Anda ...

© Kabar Kami 2010 is proudly powered by Blogger
Design by Azis Lamayuda | Do The Best To Get The Best