4.15基于metasploit框架的web应用渗透技术
2014-10-15 20:27
821 查看
1.辅助模块
wmap Web扫描器
load wmap
help
wmap_sites -a http://202.112.50.74
wmap_sites -l
msf > load wmap
.-.-.-..-.-.-..---..---.
| | | || | | || | || |-'
`-----'`-'-'-'`-^-'`-'
[WMAP 1.5.1] === et [ ] metasploit.com 2012
[*] Successfully loaded plugin: wmap
msf > wmap_sites -a http://202.112.50.74 (添加要扫描的网站)
[*] Site created.
msf > wmap_sites -l
[*] Available sites
===============
Id Host Vhost Port Proto # Pages # Forms
-- ---- ----- ---- ----- ------- -------
0 65.61.137.117 65.61.137.117 80 http 0 0
1 202.112.50.74 202.112.50.74 80 http 0 0
sf > wmap_targets -t http://202.112.50.74 (把添加的网站作为扫描目标)
msf > wmap_run -t (同时查看哪些模块中将会在扫描中使用)
[*] Testing target:
[*] Site: 202.112.50.74 (202.112.50.74)
[*] Port: 80 SSL: false
============================================================
[*] Testing started. 2014-10-14 05:15:02 -0400
[*] Loading wmap modules...
[*]
=[ SSL testing ]=
============================================================
[*] Target is not SSL. SSL modules disabled.
[*]
=[ Web Server testing ]=
============================================================
[*] Module auxiliary/scanner/http/http_version
[*] Module auxiliary/scanner/http/open_proxy
[*] Module auxiliary/scanner/http/robots_txt
[*] Module auxiliary/scanner/http/frontpage_login
[*] Module auxiliary/admin/http/tomcat_administration
[*] Module auxiliary/admin/http/tomcat_utf8_traversal
[*] Module auxiliary/scanner/http/options
[*] Module auxiliary/scanner/http/drupal_views_user_enum
[*] Module auxiliary/scanner/http/scraper
[*] Module auxiliary/scanner/http/svn_scanner
[*] Module auxiliary/scanner/http/trace
[*] Module auxiliary/scanner/http/vhost_scanner
[*] Module auxiliary/scanner/http/webdav_internal_ip
[*] Module auxiliary/scanner/http/webdav_scanner
[*] Module auxiliary/scanner/http/webdav_website_content
[*]
=[ File/Dir testing ]=
============================================================
[*] Module auxiliary/dos/http/apache_range_dos
[*] Module auxiliary/scanner/http/backup_file
[*] Module auxiliary/scanner/http/brute_dirs
[*] Module auxiliary/scanner/http/copy_of_file
[*] Module auxiliary/scanner/http/dir_listing
[*] Module auxiliary/scanner/http/dir_scanner
[*] Module auxiliary/scanner/http/dir_webdav_unicode_bypass
[*] Module auxiliary/scanner/http/file_same_name_dir
[*] Module auxiliary/scanner/http/files_dir
[*] Module auxiliary/scanner/http/http_put
[*] Module auxiliary/scanner/http/ms09_020_webdav_unicode_bypass
[*] Module auxiliary/scanner/http/prev_dir_same_name_file
[*] Module auxiliary/scanner/http/replace_ext
[*] Module auxiliary/scanner/http/soap_xml
[*] Module auxiliary/scanner/http/trace_axd
[*] Module auxiliary/scanner/http/verb_auth_bypass
[*]
=[ Unique Query testing ]=
============================================================
[*] Module auxiliary/scanner/http/blind_sql_query
[*] Module auxiliary/scanner/http/error_sql_injection
[*] Module auxiliary/scanner/http/http_traversal
[*] Module auxiliary/scanner/http/rails_mass_assignment
[*] Module exploit/multi/http/lcms_php_exec
[*]
=[ Query testing ]=
============================================================
[*]
=[ General testing ]=
============================================================
[*] Done.
运行后,wmap会调用配置好的辅助模块对目标进行扫描,然后通过命令查看结果
msf > wmap_run -e
[*] Using ALL wmap enabled modules.
[-] NO WMAP NODES DEFINED. Executing local modules
[*] Testing target:
[*] Site: 202.112.50.74 (202.112.50.74)
[*] Port: 80 SSL: false
============================================================
[*] Testing started. 2014-10-14 05:22:04 -0400
[*]
=[ SSL testing ]=
============================================================
[*] Target is not SSL. SSL modules disabled.
[*]
=[ Web Server testing ]=
============================================================
[*] Module auxiliary/scanner/http/http_version
[*] 202.112.50.74:80
[*] Module auxiliary/scanner/http/open_proxy
[*] Module auxiliary/scanner/http/robots_txt
[*] Module auxiliary/scanner/http/frontpage_login
[*] http://202.112.50.74/ may not support FrontPage Server Extensions
[*] Module auxiliary/admin/http/tomcat_administration
[*] Module auxiliary/admin/http/tomcat_utf8_traversal
[*] Attempting to connect to 202.112.50.74:80
[+] No File(s) found
[*] Module auxiliary/scanner/http/options
[*] 202.112.50.74 allows GET,HEAD,POST,OPTIONS methods
[*] Module auxiliary/scanner/http/drupal_views_user_enum
[-] 202.112.50.74 does not appear to be vulnerable, will not continue
[*] Module auxiliary/scanner/http/scraper
[*] Module auxiliary/scanner/http/svn_scanner
[*] Using code '404' as not found.
[*] Module auxiliary/scanner/http/trace
[-] Received 405 TRACE is not enabled for 202.112.50.74:80
[*] Module auxiliary/scanner/http/vhost_scanner
[*] >> Exception during launch from auxiliary/scanner/http/vhost_scanner: The following options failed to validate: DOMAIN.
[*] Module auxiliary/scanner/http/webdav_internal_ip
[*] Module auxiliary/scanner/http/webdav_scanner
[*] 202.112.50.74 (Apache/2.2.22 (Ubuntu)) WebD*** disabled.
[*] Module auxiliary/scanner/http/webdav_website_content
[*]
=[ File/Dir testing ]=
============================================================
[*] Module auxiliary/dos/http/apache_range_dos
[*] Module auxiliary/scanner/http/backup_file
[*] Module auxiliary/scanner/http/brute_dirs
[*] Path: /
[*] Using code '404' as not found.
[*] Found http://202.112.50.74:80/axq/ 200
2.渗透模块
exploit/unix/webapp....exploit/windows/http....exploit/multi/http
极其复杂,有针对主流CMS的漏洞,也有各种数据库漏洞的模块
##以下工具与metasploit结合比较完善
W3AF 综合性Web应用扫描和审计工具 开源,功能全面,部分功能待完善
SQLMap SQL注入和攻击工具 开源,全面
wXf 开源Web渗透测试框架 专门准对Web应用的渗透测试框架。功能待完善
XSSF 跨站脚本攻击框架 利用XSS漏洞配合Metasploit展现出强大的渗透功能
BeEF 浏览器攻击平台框架 通过XSS漏洞配合Metasploit进行各种渗透功能
wmap Web扫描器
load wmap
help
wmap_sites -a http://202.112.50.74
wmap_sites -l
msf > load wmap
.-.-.-..-.-.-..---..---.
| | | || | | || | || |-'
`-----'`-'-'-'`-^-'`-'
[WMAP 1.5.1] === et [ ] metasploit.com 2012
[*] Successfully loaded plugin: wmap
msf > wmap_sites -a http://202.112.50.74 (添加要扫描的网站)
[*] Site created.
msf > wmap_sites -l
[*] Available sites
===============
Id Host Vhost Port Proto # Pages # Forms
-- ---- ----- ---- ----- ------- -------
0 65.61.137.117 65.61.137.117 80 http 0 0
1 202.112.50.74 202.112.50.74 80 http 0 0
sf > wmap_targets -t http://202.112.50.74 (把添加的网站作为扫描目标)
msf > wmap_run -t (同时查看哪些模块中将会在扫描中使用)
[*] Testing target:
[*] Site: 202.112.50.74 (202.112.50.74)
[*] Port: 80 SSL: false
============================================================
[*] Testing started. 2014-10-14 05:15:02 -0400
[*] Loading wmap modules...
[*]
=[ SSL testing ]=
============================================================
[*] Target is not SSL. SSL modules disabled.
[*]
=[ Web Server testing ]=
============================================================
[*] Module auxiliary/scanner/http/http_version
[*] Module auxiliary/scanner/http/open_proxy
[*] Module auxiliary/scanner/http/robots_txt
[*] Module auxiliary/scanner/http/frontpage_login
[*] Module auxiliary/admin/http/tomcat_administration
[*] Module auxiliary/admin/http/tomcat_utf8_traversal
[*] Module auxiliary/scanner/http/options
[*] Module auxiliary/scanner/http/drupal_views_user_enum
[*] Module auxiliary/scanner/http/scraper
[*] Module auxiliary/scanner/http/svn_scanner
[*] Module auxiliary/scanner/http/trace
[*] Module auxiliary/scanner/http/vhost_scanner
[*] Module auxiliary/scanner/http/webdav_internal_ip
[*] Module auxiliary/scanner/http/webdav_scanner
[*] Module auxiliary/scanner/http/webdav_website_content
[*]
=[ File/Dir testing ]=
============================================================
[*] Module auxiliary/dos/http/apache_range_dos
[*] Module auxiliary/scanner/http/backup_file
[*] Module auxiliary/scanner/http/brute_dirs
[*] Module auxiliary/scanner/http/copy_of_file
[*] Module auxiliary/scanner/http/dir_listing
[*] Module auxiliary/scanner/http/dir_scanner
[*] Module auxiliary/scanner/http/dir_webdav_unicode_bypass
[*] Module auxiliary/scanner/http/file_same_name_dir
[*] Module auxiliary/scanner/http/files_dir
[*] Module auxiliary/scanner/http/http_put
[*] Module auxiliary/scanner/http/ms09_020_webdav_unicode_bypass
[*] Module auxiliary/scanner/http/prev_dir_same_name_file
[*] Module auxiliary/scanner/http/replace_ext
[*] Module auxiliary/scanner/http/soap_xml
[*] Module auxiliary/scanner/http/trace_axd
[*] Module auxiliary/scanner/http/verb_auth_bypass
[*]
=[ Unique Query testing ]=
============================================================
[*] Module auxiliary/scanner/http/blind_sql_query
[*] Module auxiliary/scanner/http/error_sql_injection
[*] Module auxiliary/scanner/http/http_traversal
[*] Module auxiliary/scanner/http/rails_mass_assignment
[*] Module exploit/multi/http/lcms_php_exec
[*]
=[ Query testing ]=
============================================================
[*]
=[ General testing ]=
============================================================
[*] Done.
运行后,wmap会调用配置好的辅助模块对目标进行扫描,然后通过命令查看结果
msf > wmap_run -e
[*] Using ALL wmap enabled modules.
[-] NO WMAP NODES DEFINED. Executing local modules
[*] Testing target:
[*] Site: 202.112.50.74 (202.112.50.74)
[*] Port: 80 SSL: false
============================================================
[*] Testing started. 2014-10-14 05:22:04 -0400
[*]
=[ SSL testing ]=
============================================================
[*] Target is not SSL. SSL modules disabled.
[*]
=[ Web Server testing ]=
============================================================
[*] Module auxiliary/scanner/http/http_version
[*] 202.112.50.74:80
[*] Module auxiliary/scanner/http/open_proxy
[*] Module auxiliary/scanner/http/robots_txt
[*] Module auxiliary/scanner/http/frontpage_login
[*] http://202.112.50.74/ may not support FrontPage Server Extensions
[*] Module auxiliary/admin/http/tomcat_administration
[*] Module auxiliary/admin/http/tomcat_utf8_traversal
[*] Attempting to connect to 202.112.50.74:80
[+] No File(s) found
[*] Module auxiliary/scanner/http/options
[*] 202.112.50.74 allows GET,HEAD,POST,OPTIONS methods
[*] Module auxiliary/scanner/http/drupal_views_user_enum
[-] 202.112.50.74 does not appear to be vulnerable, will not continue
[*] Module auxiliary/scanner/http/scraper
[*] Module auxiliary/scanner/http/svn_scanner
[*] Using code '404' as not found.
[*] Module auxiliary/scanner/http/trace
[-] Received 405 TRACE is not enabled for 202.112.50.74:80
[*] Module auxiliary/scanner/http/vhost_scanner
[*] >> Exception during launch from auxiliary/scanner/http/vhost_scanner: The following options failed to validate: DOMAIN.
[*] Module auxiliary/scanner/http/webdav_internal_ip
[*] Module auxiliary/scanner/http/webdav_scanner
[*] 202.112.50.74 (Apache/2.2.22 (Ubuntu)) WebD*** disabled.
[*] Module auxiliary/scanner/http/webdav_website_content
[*]
=[ File/Dir testing ]=
============================================================
[*] Module auxiliary/dos/http/apache_range_dos
[*] Module auxiliary/scanner/http/backup_file
[*] Module auxiliary/scanner/http/brute_dirs
[*] Path: /
[*] Using code '404' as not found.
[*] Found http://202.112.50.74:80/axq/ 200
2.渗透模块
exploit/unix/webapp....exploit/windows/http....exploit/multi/http
极其复杂,有针对主流CMS的漏洞,也有各种数据库漏洞的模块
##以下工具与metasploit结合比较完善
W3AF 综合性Web应用扫描和审计工具 开源,功能全面,部分功能待完善
SQLMap SQL注入和攻击工具 开源,全面
wXf 开源Web渗透测试框架 专门准对Web应用的渗透测试框架。功能待完善
XSSF 跨站脚本攻击框架 利用XSS漏洞配合Metasploit展现出强大的渗透功能
BeEF 浏览器攻击平台框架 通过XSS漏洞配合Metasploit进行各种渗透功能
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 基于DNF4.0框架的MSBuild编译技术研究及其应用
- 基于JavaScript 和 CSS 的 Web 图表框架技术学习
- 基于插件技术的GIS应用框架(C# + ArcEngine9.3)(七)
- 基于插件技术的GIS应用框架(C# + ArcEngine9.3)(十一)
- uml技术在基于web的应用系统中的应用(一)
- 基于插件技术的GIS应用框架(C# + ArcEngine9.3)(十)
- 基于插件技术的GIS应用框架(C# + ArcEngine9.3)(十二)
- 在IIS上部署基于django WEB框架的python网站应用
- Trufun WebRCP基于html5技术的GWT开发框架介绍
- 使用Acegi作为基于Spring框架的WEB应用的安全框架
- uml技术在基于web的应用系统中的应用(二)
- 基于插件技术的GIS应用框架(C# + ArcEngine9.3)(六)
- 基于插件技术的GIS应用框架(C# + ArcEngine9.3)(二)
- 基于插件技术的GIS应用框架(C# + ArcEngine9.3)(二)
- 基于WEB纯JAVA应用的框架太棒了-WUI
- 基于.NET平台的Web应用中数据访问技术的深入探索(转)
- 基于插件技术的GIS应用框架(C# + ArcEngine9.3)(三)
- 一起谈.NET技术,ASP.NET应用下基于SessionState的“状态编程框架”解决方案
- Web移动应用开发框架的8个技术构想
- 技术收集 -Spring Mobile- 移动Web 应用框架