XDNET
Вернуться   Hacket.Ru - Ethical Hacking - Cyber Security - Penetration Testing > UNDERGROUND > International Zone > Motherfucker Section

Motherfucker Section hacking and webhacking Section

Ответ
Опции просмотра Опции темы  
Старый 12.05.2018, 17:56   #1
Супер-модератор
 
Аватар для Que$t
Группа: Member
 
Регистрация: 29.10.2017
Возраст: 29
Сообщений: 346
Репутация: 127
По умолчанию AutoSploit = Shodan/Censys/Zoomeye + Metasploit

know, I know that you already have read about AutoSploit and used it probably since word got out about this auto exploitation tool some two months ago. However, between then and now, a lot has changed with the tool and this post is about that.


What is AutoSploit?

AutoSploit is an automated, mass exploitation tool coded in Python that can leverage Shodan, Censys or Zoomeye search engines to locate targets. You can choose either one or all three search engines. It also has an ability to include custom targets that you manually add. The mass exploitation tool then launches relevant Metasploit modules on the discovered targets. By default, there are about 300 pre-defined Metasploit modules that the tool comes out-of-the box with. These have been added with the purpose of code execution affecting different operating systems, web applications, IDS, etc. Of course, again as and when you want to add new modules to this list, simply editing the etc/json/default_modules.json file should be good enough. These modules include some really old exploits like MS01-023 (CVE-2001-0241) affecting Windows operating systems, etc.

Following is a list of the default Metasploit modules that comes with AutoSploit:
Код:
    exploit/windows/ftp/ms09_053_ftpd_nlst
    exploit/windows/firewall/blackice_pam_icq
    exploit/windows/http/amlibweb_webquerydll_app
    exploit/windows/http/ektron_xslt_exec_ws
    exploit/windows/http/umbraco_upload_aspx
    exploit/windows/iis/iis_webdav_scstoragepathfromurl
    exploit/windows/iis/iis_webdav_upload_asp
    exploit/windows/iis/ms01_023_printer
    exploit/windows/iis/ms01_026_dbldecode
    exploit/windows/iis/ms01_033_idq
    exploit/windows/iis/ms02_018_htr
    exploit/windows/iis/ms02_065_msadc
    exploit/windows/iis/ms03_007_ntdll_webdav
    exploit/windows/iis/msadc
    exploit/windows/isapi/ms00_094_pbserver
    exploit/windows/isapi/ms03_022_nsiislog_post
    exploit/windows/isapi/ms03_051_fp30reg_chunked
    exploit/windows/isapi/rsa_webagent_redirect
    exploit/windows/isapi/w3who_query
    exploit/windows/scada/advantech_webaccess_dashboard_file_upload
    exploit/windows/ssl/ms04_011_pct
    exploit/freebsd/http/watchguard_cmd_exec
    exploit/linux/http/alienvault_exec
    exploit/linux/http/alienvault_sqli_exec
    exploit/linux/http/astium_sqli_upload
    exploit/linux/http/centreon_sqli_exec
    exploit/linux/http/centreon_useralias_exec
    exploit/linux/http/crypttech_cryptolog_login_exec
    exploit/linux/http/dolibarr_cmd_exec
    exploit/linux/http/goautodial_3_rce_command_injection
    exploit/linux/http/kloxo_sqli
    exploit/linux/http/nagios_xi_chained_rce
    exploit/linux/http/netgear_wnr2000_rce
    exploit/linux/http/pandora_fms_sqli
    exploit/linux/http/riverbed_netprofiler_netexpress_exe
    exploit/linux/http/wd_mycloud_multiupload_upload
    exploit/linux/http/zabbix_sqli
    exploit/linux/misc/qnap_transcode_server
    exploit/linux/mysql/mysql_yassl_getname
    exploit/linux/mysql/mysql_yassl_hello
    exploit/linux/postgres/postgres_payload
    exploit/linux/samba/is_known_pipename
    exploit/multi/browser/java_jre17_driver_manager
    exploit/multi/http/atutor_sqli
    exploit/multi/http/dexter_casinoloader_exec
    exploit/multi/http/drupal_drupageddon
    exploit/multi/http/manage_engine_dc_pmp_sqli
    exploit/multi/http/manageengine_search_sqli
    exploit/multi/http/movabletype_upgrade_exec
    exploit/multi/http/php_volunteer_upload_exe
    exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli
    exploit/multi/http/splunk_mappy_exec
    exploit/multi/http/testlink_upload_exec
    exploit/multi/http/zpanel_information_disclosure_rce
    exploit/multi/misc/legend_bot_exec
    exploit/multi/mysql/mysql_udf_payload
    exploit/multi/postgres/postgres_createlang
    exploit/solaris/sunrpc/ypupdated_exec
    exploit/unix/ftp/proftpd_133c_backdoor
    exploit/unix/http/tnftp_savefile
    exploit/unix/webapp/joomla_contenthistory_sqli_rce
    exploit/unix/webapp/kimai_sqli
    exploit/unix/webapp/openemr_sqli_privesc_upload
    exploit/unix/webapp/seportal_sqli_exec
    exploit/unix/webapp/vbulletin_vote_sqli_exec
    exploit/unix/webapp/vicidial_manager_send_cmd_exec
    exploit/windows/antivirus/symantec_endpoint_manager_rce
    exploit/windows/http/apache_mod_rewrite_ldap
    exploit/windows/http/ca_totaldefense_regeneratereports
    exploit/windows/http/cyclope_ess_sqli
    exploit/windows/http/hp_mpa_job_acct
    exploit/windows/http/solarwinds_storage_manager_sql
    exploit/windows/http/sonicwall_scrutinizer_sql
    exploit/windows/misc/altiris_ds_sqli
    exploit/windows/misc/fb_cnct_group
    exploit/windows/misc/lianja_db_net
    exploit/windows/misc/manageengine_eventlog_analyzer_rce
    exploit/windows/mssql/lyris_listmanager_weak_pass
    exploit/windows/mssql/ms02_039_slammer
    exploit/windows/mssql/ms09_004_sp_replwritetovarbin
    exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli
    exploit/windows/mssql/mssql_linkcrawler
    exploit/windows/mssql/mssql_payload
    exploit/windows/mssql/mssql_payload_sqli
    exploit/windows/mysql/mysql_mof
    exploit/windows/mysql/mysql_start_up
    exploit/windows/mysql/mysql_yassl_hello
    exploit/windows/mysql/scrutinizer_upload_exec
    exploit/windows/postgres/postgres_payload
    exploit/windows/scada/realwin_on_fcs_login
    exploit/multi/http/rails_actionpack_inline_exec
    exploit/multi/http/rails_dynamic_render_code_exec
    exploit/multi/http/rails_json_yaml_code_exec
    exploit/multi/http/rails_secret_deserialization
    exploit/multi/http/rails_web_console_v2_code_exec
    exploit/multi/http/rails_xml_yaml_code_exec
    exploit/multi/http/rocket_servergraph_file_requestor_rce
    exploit/multi/http/phpmoadmin_exec
    exploit/multi/http/phpmyadmin_3522_backdoor
    exploit/multi/http/phpmyadmin_preg_replace
    exploit/multi/http/phpscheduleit_start_date
    exploit/multi/http/phptax_exec
    exploit/multi/http/phpwiki_ploticus_exec
    exploit/multi/http/plone_popen2
    exploit/multi/http/pmwiki_pagelist
    exploit/multi/http/joomla_http_header_rce
    exploit/multi/http/novell_servicedesk_rce
    exploit/multi/http/oracle_reports_rce
    exploit/multi/http/php_utility_belt_rce
    exploit/multi/http/phpfilemanager_rce
    exploit/multi/http/processmaker_exec
    exploit/multi/http/rocket_servergraph_file_requestor_rce
    exploit/multi/http/spree_search_exec
    exploit/multi/http/spree_searchlogic_exec
    exploit/multi/http/struts_code_exec_parameters
    exploit/multi/http/vtiger_install_rce
    exploit/multi/http/werkzeug_debug_rce
    exploit/multi/http/zemra_panel_rce
    exploit/multi/http/zpanel_information_disclosure_rce
    exploit/multi/http/joomla_http_header_rce
    exploit/unix/webapp/joomla_akeeba_unserialize
    exploit/unix/webapp/joomla_comjce_imgmanager
    exploit/unix/webapp/joomla_contenthistory_sqli_rce
    exploit/unix/webapp/joomla_media_upload_exec
    exploit/multi/http/builderengine_upload_exec
    exploit/multi/http/caidao_php_backdoor_exec
    exploit/multi/http/atutor_sqli
    exploit/multi/http/ajaxplorer_checkinstall_exec
    exploit/multi/http/apache_activemq_upload_jsp
    exploit/unix/webapp/wp_lastpost_exec
    exploit/unix/webapp/wp_mobile_detector_upload_execute
    exploit/multi/http/axis2_deployer
    exploit/unix/webapp/wp_foxypress_upload
    exploit/linux/http/tr064_ntpserver_cmdinject
    exploit/linux/misc/quest_pmmasterd_bof
    exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload
    exploit/unix/webapp/php_xmlrpc_eval
    exploit/unix/webapp/wp_admin_shell_upload
    exploit/linux/http/sophos_wpa_sblistpack_exec
    exploit/linux/local/sophos_wpa_clear_keys
    exploit/multi/http/zpanel_information_disclosure_rce
    auxiliary/admin/cisco/cisco_asa_extrabacon
    auxiliary/admin/cisco/cisco_secure_acs_bypass
    auxiliary/admin/cisco/vpn_3000_ftp_bypass
    exploit/bsdi/softcart/mercantec_softcart
    exploit/freebsd/misc/citrix_netscaler_soap_bof
    exploit/freebsd/samba/trans2open
    exploit/linux/ftp/proftp_sreplace
    exploit/linux/http/dcos_marathon
    exploit/linux/http/f5_icall_cmd
    exploit/linux/http/fritzbox_echo_exec
    exploit/linux/http/gitlist_exec
    exploit/linux/http/goautodial_3_rce_command_injection
    exploit/linux/http/ipfire_bashbug_exec
    exploit/linux/http/ipfire_oinkcode_exec
    exploit/linux/http/ipfire_proxy_exec
    exploit/linux/http/kaltura_unserialize_rce
    exploit/linux/http/lifesize_uvc_ping_rce
    exploit/linux/http/nagios_xi_chained_rce
    exploit/linux/http/netgear_dgn1000_setup_unauth_exec
    exploit/linux/http/netgear_wnr2000_rce
    exploit/linux/http/nuuo_nvrmini_auth_rce
    exploit/linux/http/nuuo_nvrmini_unauth_rce
    exploit/linux/http/op5_config_exec
    exploit/linux/http/pandora_fms_exec
    exploit/linux/http/pineapple_preconfig_cmdinject
    exploit/linux/http/seagate_nas_php_exec_noauth
    exploit/linux/http/symantec_messaging_gateway_exec
    exploit/linux/http/trendmicro_imsva_widget_exec
    exploit/linux/http/trueonline_billion_5200w_rce
    exploit/linux/http/trueonline_p660hn_v1_rce
    exploit/linux/http/trueonline_p660hn_v2_rce
    exploit/linux/http/vcms_upload
    exploit/linux/misc/lprng_format_string
    exploit/linux/misc/mongod_native_helper
    exploit/linux/misc/ueb9_bpserverd
    exploit/linux/mysql/mysql_yassl_getname
    exploit/linux/pop3/cyrus_pop3d_popsubfolders
    exploit/linux/postgres/postgres_payload
    exploit/linux/pptp/poptop_negative_read
    exploit/linux/proxy/squid_ntlm_authenticate
    exploit/linux/samba/lsa_transnames_heap
    exploit/linux/samba/setinfopolicy_heap
    exploit/linux/samba/trans2open
    exploit/multi/elasticsearch/script_mvel_rce
    exploit/multi/elasticsearch/search_groovy_script
    exploit/multi/http/atutor_sqli
    exploit/multi/http/axis2_deployer
    exploit/multi/http/familycms_less_exe
    exploit/multi/http/freenas_exec_raw
    exploit/multi/http/gestioip_exec
    exploit/multi/http/glassfish_deployer
    exploit/multi/http/glpi_install_rce
    exploit/multi/http/joomla_http_header_rce
    exploit/multi/http/makoserver_cmd_exec
    exploit/multi/http/novell_servicedesk_rc
    exploit/multi/http/oracle_reports_rce
    exploit/multi/http/php_utility_belt_rce
    exploit/multi/http/phpfilemanager_rce
    exploit/multi/http/phpmyadmin_3522_backdoor
    exploit/multi/http/phpwiki_ploticus_exec
    exploit/multi/http/processmaker_exec
    exploit/multi/http/rails_actionpack_inline_exec
    exploit/multi/http/rails_dynamic_render_code_exec
    exploit/multi/http/rails_secret_deserialization
    exploit/multi/http/rocket_servergraph_file_requestor_rce
    exploit/multi/http/simple_backdoors_exec
    exploit/multi/http/spree_search_exec
    exploit/multi/http/spree_searchlogic_exec
    exploit/multi/http/struts2_rest_xstream
    exploit/multi/http/struts_code_exec
    exploit/multi/http/struts_code_exec_classloader
    exploit/multi/http/struts_code_exec_parameters
    exploit/multi/http/struts_dev_mode
    exploit/multi/http/sysaid_auth_file_upload
    exploit/multi/http/tomcat_jsp_upload_bypass
    exploit/multi/http/vtiger_install_rce
    exploit/multi/http/werkzeug_debug_rce
    exploit/multi/http/zemra_panel_rce
    exploit/multi/http/zpanel_information_disclosure_rce
    exploit/multi/ids/snort_dce_rpc
    exploit/multi/misc/batik_svg_java
    exploit/multi/misc/pbot_exec
    exploit/multi/misc/veritas_netbackup_cmdexec
    exploit/multi/mysql/mysql_udf_payload
    exploit/multi/php/php_unserialize_zval_cookie
    exploit/unix/http/freepbx_callmenum
    exploit/unix/http/lifesize_room
    exploit/unix/http/pfsense_clickjacking
    exploit/unix/http/pfsense_group_member_exec
    exploit/unix/http/tnftp_savefile
    exploit/unix/misc/polycom_hdx_traceroute_exec
    exploit/unix/webapp/awstats_migrate_exec
    exploit/unix/webapp/carberp_backdoor_exec
    exploit/unix/webapp/citrix_access_gateway_exec
    exploit/unix/webapp/dogfood_spell_exec
    exploit/unix/webapp/invision_pboard_unserialize_exec
    exploit/unix/webapp/joomla_contenthistory_sqli_rce
    exploit/unix/webapp/mybb_backdoor
    exploit/unix/webapp/opensis_modname_exec
    exploit/unix/webapp/oscommerce_filemanager
    exploit/unix/webapp/piwik_superuser_plugin_upload
    exploit/unix/webapp/tikiwiki_upload_exec
    exploit/unix/webapp/webtester_exec
    exploit/unix/webapp/wp_phpmailer_host_header
    exploit/unix/webapp/wp_total_cache_exec
    exploit/windows/antivirus/symantec_endpoint_manager_rce
    exploit/windows/http/ektron_xslt_exec
    exploit/windows/http/ektron_xslt_exec_ws
    exploit/windows/http/geutebrueck_gcore_x64_rce_bo
    exploit/windows/http/hp_autopass_license_traversal
    exploit/windows/http/manage_engine_opmanager_rce
    exploit/windows/http/netgear_nms_rce
    exploit/windows/http/sepm_auth_bypass_rce
    exploit/windows/http/trendmicro_officescan_widget_exec
    exploit/windows/iis/iis_webdav_upload_asp
    exploit/windows/iis/msadc
    exploit/windows/misc/manageengine_eventlog_analyzer_rce
    exploit/windows/novell/file_reporter_fsfui_upload
    exploit/windows/scada/ge_proficy_cimplicity_gefebt
    exploit/windows/smb/ipass_pipe_exec
    exploit/windows/smb/smb_relay
    auxiliary/sqli/oracle/jvm_os_code_10g
    auxiliary/sqli/oracle/jvm_os_code_11g
    auxiliary/fuzzers/dns/dns_fuzzer
    auxiliary/fuzzers/ftp/client_ftp
    auxiliary/fuzzers/ftp/ftp_pre_post
    auxiliary/fuzzers/http/http_form_field
    auxiliary/fuzzers/http/http_get_uri_long
    auxiliary/fuzzers/http/http_get_uri_strings
    auxiliary/fuzzers/ntp/ntp_protocol_fuzzer
    auxiliary/fuzzers/smb/smb2_negotiate_corrupt
    auxiliary/fuzzers/smb/smb_create_pipe
    auxiliary/fuzzers/smb/smb_create_pipe_corrupt
    auxiliary/fuzzers/smb/smb_negotiate_corrupt
    auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt
    auxiliary/fuzzers/smb/smb_tree_connect
    auxiliary/fuzzers/smb/smb_tree_connect_corrupt
    auxiliary/fuzzers/smtp/smtp_fuzzer
    auxiliary/fuzzers/ssh/ssh_kexinit_corrupt
    auxiliary/fuzzers/ssh/ssh_version_15
    auxiliary/fuzzers/ssh/ssh_version_2
    auxiliary/fuzzers/ssh/ssh_version_corrupt
    auxiliary/fuzzers/tds/tds_login_corrupt
    auxiliary/fuzzers/tds/tds_login_username
Installation of the tool is pretty simple and won’t need anything on Kali Linux, however this tool can also be Dockerized. Post installation, you are requested for your Shodan and Censys API credentials, which as stored in /AutoSploit/etc/tokens/shodan.key and /AutoSploit/etc/tokens/censys.key respectively.

All in all a good tool if you know what you are doing as you need some configuration of this tool to actually get a shell. The default module list also won’t help much as the exploits are pretty old and you may end with some low hanging fruits eventually and I do not really know the brouhaha behind the release of this tool by the people in this security industry.

Now about the newer features in the latest AutoSploit release. This release has a few bug fixes and three new features. A feature that I like in this release is the addition of an exploit reporting feature. Metasploit output is captured and saved to a report file. Additionally, a .rc script file for every module ran against a given host is also created, allowing you to reproduce whatever caused an exploit to work. Another feature in this release is the introduction of a command whitelist which contains a list of items allowed commands, blocking all others not included in this list.

Download AutoSploit:

The latest version of this mass exploitation tool was released 4 days ago – AutoSploit v2.1 (AutoSploit-2.1.zip/AutoSploit-2.1.tar.gz), which can be downloaded from [Ссылки могут видеть только зарегистрированные пользователи. ]. Another way is to perform a git pull on the directory to get everything from the source repository.
Que$t вне форума   Ответить с цитированием
Ответ

Метки
metasploit autosploit


Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
 
Опции темы
Опции просмотра

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.

Быстрый переход

Друзья

Текущее время: 07:17. Часовой пояс GMT +4.


"(c) Hacket.Ru" (c) Hacket.Ru Внимание! Все материалы, находящиеся на сайте, выложены исключительно в образовательных целях. Владельцы сайта не несут ответственность за использование информации в незаконных целях.
Мы не несём никакой ответственности за предоставленные материалы. При копировании информации обратная ссылка обязательна.
Powered by: vBulletin Version 3.8.1
Copyright ©2000 - 2017, vBulletin Solutions, Inc ~ Перевод: zCarot
Remix fluid style from X1mer@ for Hacket.Ru Взлом и Безопасность (c) Hacket.Ru
Время генерации страницы 0.05050 секунды с 13 запросами