I'm back, yeah
← Older revision
Revision as of 18:28, 29 March 2016
Line 1:
Line 1:
−
[[Category:Networking
(Русский)
]]
+
[[Category:Networking]]
−
[[Category:Security
(Русский)]]
+
[[Category:Security]]
−
[[Category:Русский]]
+
−
[[en:Metasploit Framework
]]
+
[[ja:Metasploit Framework]]
[[ja:Metasploit Framework]]
−
{{Unmaintained (Русский)}}
+
[[ru:Metasploit Framework]]
−
{{Expansion
(Русский)
|Meterpreter; More/better SQL search examples; More commands; Module development;}}
+
{{Expansion|Meterpreter; More/better SQL search examples; More commands; Module development;}}
−
Из
[http://www.offensive-security.com/metasploit-unleashed/Introduction
the official site
]:
+
С
[http://www.offensive-security.com/metasploit-unleashed/Introduction
официального сайта
]:
:''Consider the MSF to be one of the single most useful auditing tools freely available to security professionals today. From a wide array of commercial grade exploits and an extensive exploit development environment, all the way to network information gathering tools and web vulnerability plugins. The Metasploit Framework provides a truly impressive work environment. The MSF is far more than just a collection of exploits, it's an infrastructure that you can build upon and utilize for your custom needs. This allows you to concentrate on your unique environment, and not have to reinvent the wheel.''
:''Consider the MSF to be one of the single most useful auditing tools freely available to security professionals today. From a wide array of commercial grade exploits and an extensive exploit development environment, all the way to network information gathering tools and web vulnerability plugins. The Metasploit Framework provides a truly impressive work environment. The MSF is far more than just a collection of exploits, it's an infrastructure that you can build upon and utilize for your custom needs. This allows you to concentrate on your unique environment, and not have to reinvent the wheel.''
−
В настоящее время метасплоит
нуждается в
установке
и
настройке Postgresqlr
на целевой системе для работы.
+
На данный момент Metasploit
нуждается в
установленном
и
настроенном Postgresql
на целевой системе для работы.
−
В
этой
статье
описывается, как установить метасплоит
и
заставить использовать его
Postgresql.
+
В
данной
статье
будет описана установка и настройка Metasploit
и Postgresql.
== Установка ==
== Установка ==
−
Установите пакет
{{AUR|metasploit}}.
+
Install
{{AUR|metasploit}}
from [[AUR]]
.
−
Чтобы установить последнюю разрабатываемую версию (возможны баги
,
недочёты, отсутствие совместимости), установите пакет
{{AUR|metasploit-git}}
вместо обычного
.
+
For latest development version
,
install
{{AUR|metasploit-git}}
instead.
+
+
=== Armitage ===
+
+
[http://www.fastandeasyhacking.com/ Armitage] is a GUI front end for metasploit written in Java; it can be installed with the {{AUR|armitage}} package.
+
+
When running Armitage, [[#Setting up the database]] is not optional, and must be followed. It is also mandatory to use a {{ic|~/.msf4/database.yml}} file.
+
+
A sample {{ic|database.yml}} file is packaged as {{ic|/usr/share/metasploit/database.yml.sample}}
.
=== RVM ===
=== RVM ===
−
Msfconsole
требует
[[Ruby]]
и некоторые
[[Ruby#RubyGems]]
для работы
.
+
Msfconsole
requires
[[Ruby]]
and some
[[Ruby#RubyGems]]
to run without error
.
−
Следуйте инструкциям в
[[RVM#Installing RVM]]
и
[[RVM#Using RVM]]
, чтобы установить
Ruby 2.1.5
и настроить использование по умолчанию
.
+
Follow the
[[RVM#Installing RVM]]
and
[[RVM#Using RVM]]
articles to install and use
Ruby
version
2.1.5
and set it to default
.
−
После завершения
,
подключим только что установленную
RVM:
+
Once complete
,
source the newly created
RVM
installation
:
$ source ~/.rvm/scripts/rvm
$ source ~/.rvm/scripts/rvm
−
+
and install all gems necessary to run Msfconsole using
[[Ruby#Bundler]]:
−
И установим все гемы, необходимые для запуска msfconsole с помощью
[[Ruby#Bundler]]:
+
$ gem install bundler
$ gem install bundler
Line 36:
Line 41:
$ bundle install
$ bundle install
−
{{Note|
Использование
Ruby
версии старше, чем
2.1.5
, приведёт к ошибке установки гема
{{ic|metasploit-concern}}.}}
+
{{Note|
Using a version of
Ruby
older than
2.1.5
will result in the failure to install the
{{ic|metasploit-concern}}
gem
.}}
−
== Setting up the
databaseНастраиваем базу данных
==
+
== Setting up the
database
==
{{Note|Commands which must be run from {{ic|msfconsole}} will be prefixed with {{ic|msf >}} in this article.}}
{{Note|Commands which must be run from {{ic|msfconsole}} will be prefixed with {{ic|msf >}} in this article.}}
Metasploit can be used without a database, but cache operations like searching would be very slow. This section shows how to set up Metasploit with ''Postgresql'' database server.
Metasploit can be used without a database, but cache operations like searching would be very slow. This section shows how to set up Metasploit with ''Postgresql'' database server.
+
+
{{Note|If you are using the [[#Armitage]] front-end, the database is mandatory.}}
Follow the [[PostgreSQL]] article and create a new database called {{ic|msf}}. Any database name can be used, but this article will follow {{ic|msf}}.
Follow the [[PostgreSQL]] article and create a new database called {{ic|msf}}. Any database name can be used, but this article will follow {{ic|msf}}.
Line 79:
Line 86:
timeout: 5
timeout: 5
}}
}}
−
{{Note|The database cache needs to be built only once. Later on upon startup, {{ic|msfconsole}} will say {{ic|[*] Rebuilding the module cache in the background...}}, but it will actually only update the changes. If no changes are made to the database, it will take only half a second.}}
{{Note|The database cache needs to be built only once. Later on upon startup, {{ic|msfconsole}} will say {{ic|[*] Rebuilding the module cache in the background...}}, but it will actually only update the changes. If no changes are made to the database, it will take only half a second.}}
Line 93:
Line 99:
There are several interfaces available for Metasploit. This section will explain how to use {{ic|msfconsole}}, the interface that provides the most features available in MSF.
There are several interfaces available for Metasploit. This section will explain how to use {{ic|msfconsole}}, the interface that provides the most features available in MSF.
−
To start it, simply type {{ic|msfconsole}}. The prompt will change to {{ic|msf >}} to indicate it
's
waiting for commands.
+
To start it, simply type {{ic|msfconsole}}. The prompt will change to {{ic|msf >}} to indicate it
is
waiting for commands.
{{Tip|Besides additional Metasploit commands explained below, all the regular shell commands and scripts found in {{ic|$PATH}} are available too! (except for aliases)}}
{{Tip|Besides additional Metasploit commands explained below, all the regular shell commands and scripts found in {{ic|$PATH}} are available too! (except for aliases)}}
Line 118:
Line 124:
msf > search platform:linux type:exploit name:Novell
msf > search platform:linux type:exploit name:Novell
−
To search for specific field, type
it's
name, followed by column and the phrase. The following search fields are available:
+
To search for specific field, type
its
name, followed by column and the phrase. The following search fields are available:
{| class="wikitable"
{| class="wikitable"
Line 166:
Line 172:
=== Using an exploit ===
=== Using an exploit ===
−
After choosing an appropriate exploit, it
's
time to start hacking!
+
After choosing an appropriate exploit, it
is
time to start hacking!
First, select an exploit using the {{ic|use}} command:
First, select an exploit using the {{ic|use}} command:
Line 214:
Line 220:
RPORT 445 yes Set the SMB service port
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
−
Payload options (windows/meterpreter/reverse_tcp):
Payload options (windows/meterpreter/reverse_tcp):
Line 247:
Line 252:
=== Searching from the database ===
=== Searching from the database ===
−
Since everything in Metasploit is stored in a database, it
's
easy to make powerful search queries without the need of the {{ic|search}} frontend command.
+
Since everything in Metasploit is stored in a database, it
is
easy to make powerful search queries without the need of the {{ic|search}} frontend command.
To start the database interface, run:
To start the database interface, run:
Line 368:
Line 373:
=== Preserve variable values between sessions ===
=== Preserve variable values between sessions ===
−
If you
don't
want the variables to reset when selecting another module and when rerunning {{ic|msfconsole}} then set it globally via {{ic|setg}}, for example:
+
If you
do not
want the variables to reset when selecting another module and when rerunning {{ic|msfconsole}} then set it globally via {{ic|setg}}, for example:
msf > setg RHOST 192.168.56.102
msf > setg RHOST 192.168.56.102