{"id":5326,"date":"2015-05-15T01:14:12","date_gmt":"2015-05-14T16:14:12","guid":{"rendered":"http:\/\/www.vincentina.net\/?p=5326"},"modified":"2020-02-23T16:06:15","modified_gmt":"2020-02-23T07:06:15","slug":"metasploit%e3%82%92debian8%e3%81%ab%e3%82%a4%e3%83%b3%e3%82%b9%e3%83%88%e3%83%bc%e3%83%ab%e3%81%97%e3%81%a6%e3%80%81%e3%81%84%e3%81%8f%e3%81%a4%e3%81%8b%e3%81%ae%e3%83%86%e3%82%b9%e3%83%88%e3%82%92","status":"publish","type":"post","link":"https:\/\/www.vincentina.net\/?p=5326","title":{"rendered":"Metasploit\u3092Debian8\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u3001\u3044\u304f\u3064\u304b\u306e\u30c6\u30b9\u30c8\u3092\u3057\u3066\u307f\u307e\u3057\u305f\u3002"},"content":{"rendered":"

Hack\u7cfb\u306e\u30c4\u30fc\u30eb\u3068\u3044\u3046\u3068\u30a4\u30e1\u30fc\u30b8\u7684\u306b\u3082Python\u3068\u601d\u3063\u3066\u3044\u307e\u3057\u305f\u304c\u3001\u3053\u306e\u30c4\u30fc\u30eb\u306f\u3069\u3046\u3084\u3089Ruby\u306e\u3088\u3046\u3067\u3059\u3002
\n\u308f\u304a\u301c\u3002
\n\u6700\u8fd1\u4f7f\u3044\u305f\u3044\u30c4\u30fc\u30eb\u985e\u304c\u305f\u307e\u305f\u307eRuby\u3060\u3063\u305f\u3068\u3044\u3046\u3053\u3068\u304c\u3068\u3066\u3082\u591a\u3044\u306e\u3067\u5c11\u3005\u9a5a\u3044\u3066\u3044\u307e\u3059\u304c\u3001\u3053\u306e\u30d3\u30c3\u30b0\u30a6\u30a7\u30fc\u30d6\u306b\u4e57\u308b\u3057\u304b\u306a\u3044\uff01\u3068\u3001\u30d3\u30c3\u30b0\u30a6\u30a7\u30fc\u30d6\u3068\u8a00\u3063\u3066\u3082\u30de\u30a4\u30d6\u30fc\u30e0\u306e\u4e2d\u306e\u30d3\u30c3\u30b0\u30a6\u30a7\u30fc\u30d6\u3067\u3059\u3051\u3069\u306d\u3002<\/p>\n

Hack\u3068\u3044\u3046\u3068\u6628\u4eca\u306e\u30e1\u30c7\u30a3\u30a2\u306e\u5f71\u97ff\u3067\u826f\u304f\u306a\u3044\u30a4\u30e1\u30fc\u30b8\u3092\u304a\u6301\u3061\u306e\u65b9\u3082\u591a\u3044\u3068\u601d\u3044\u307e\u3059\u304c\u3001\u672c\u6765\u306f\u304a\u533b\u8005\u3055\u3093\u306e\u3088\u3046\u306a\u3082\u306e\u3067\u3001\u63a2\u6c42\u3057\u305f\u6280\u8853\u3092\u826f\u3044\u65b9\u5411\u306b\u52d5\u304b\u3059\u4eba\u306e\u3053\u3068\u3092\u6307\u3057\u307e\u3059\u3002LifeHack\u3068\u3044\u3046\u30a6\u30a7\u30d6\u3067\u8272\u3005\u306a\u3053\u3068\u3092\u5c11\u3057\u6398\u308a\u4e0b\u3052\u3066\u308b\u8a18\u4e8b\u304c\u3042\u308a\u307e\u3059\u304c\u3001\u3042\u3042\u3044\u3046\u611f\u3058\u3060\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n

\u3067\u306f\u3001Metasploit\u3067\u4f55\u304c\u3067\u304d\u308b\u304b\u3068\u3044\u3046\u3068\u3001\u30da\u30cd\u30c8\u30ec\u30fc\u30b7\u30e7\u30f3\u30c6\u30b9\u30c8\u3068\u3044\u3063\u3066\u3001\u7c21\u5358\u306b\u3044\u3046\u3068\u30b5\u30fc\u30d0\u30fc\u3084\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u5f31\u70b9\u304c\u306a\u3044\u304b\u78ba\u8a8d\u3057\u305f\u308a\u3001\u3069\u308c\u3060\u3051\u306eDoS\u306b\u8010\u3048\u3089\u308c\u308b\u304b\u3069\u3046\u304b\u3001\u306e\u3088\u3046\u306a\u30c6\u30b9\u30c8\u3092\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n

\u3057\u304b\u3057\u3001\u5927\u3044\u306a\u308b\u529b\u306b\u306f\u3001\u5927\u3044\u306a\u308b\u8cac\u4efb\u304c\u4f34\u3044\u307e\u3059\uff01
\n\u81ea\u5206\u306e\u7ba1\u7406\u4e0b\u306b\u306a\u3044\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u3084\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u4f7f\u3063\u305f\u308a\u3059\u308b\u3068\u3001\u653b\u6483\u3068\u307f\u306a\u3055\u308c\u305f\u308a\u3001\u6cd5\u7684\u63aa\u7f6e\u3092\u3068\u3089\u308c\u305f\u308a\u3068\u3044\u3046\u3053\u3068\u3082\u5341\u5206\u306b\u3042\u308a\u5f97\u308b\u3053\u3068\u3067\u3059\u306e\u3067\u3001\u3057\u3063\u304b\u308a\u3068\u3057\u305f\u77e5\u8b58\u3092\u6301\u3063\u3066\u5229\u7528\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002
\n\u4ee5\u524d\u3068\u308a\u3042\u3052\u3066\u3044\u305f\u30b9\u30af\u30ec\u30a4\u30d4\u30f3\u30b0\u3082\u5834\u5408\u306b\u3088\u308a\u653b\u6483\u3068\u307f\u306a\u3055\u308c\u308b\u3053\u3068\u3082\u3042\u308b\u306e\u3067\u6ce8\u610f\u3067\u3059\u3002<\/p>\n

\u6ce8\u610f\u3059\u308b\u6240\u306f\u3001\u305d\u306e\u30c4\u30fc\u30eb\u3092\u4f7f\u3046\u3068\u4f55\u304c\u8d77\u3053\u308b\u306e\u304b\u3001\u305d\u306e\u30b3\u30de\u30f3\u30c9\u3092\u53e9\u304f\u3053\u3068\u3067\u3069\u3046\u3044\u3046\u7d50\u679c\u304c\u8fd4\u308b\u306e\u304b\u3001\u307e\u305f\u3001\u5b9f\u884c\u3057\u3066\u4e88\u60f3\u5916\u306e\u3053\u3068\u304c\u8d77\u3053\u3063\u305f\u6642\u306b\u81ea\u8eab\u306e\u30b9\u30ad\u30eb\u3067\u3061\u3083\u3093\u3068\u89e3\u6c7a\u304c\u3067\u304d\u308b\u306e\u304b\u3002
\n\u306a\u3069\u306a\u3069\u3001\u305d\u3046\u3044\u3046\u3053\u3068\u304c\u5206\u304b\u3063\u305f\u4e0a\u3067\u5229\u7528\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u3068\u3044\u3046\u3053\u3068\u3067\u3059\u3002<\/p>\n

\u306a\u301c\u3093\u3066\u5049\u305d\u3046\u306b\u8a9e\u3063\u3066\u3044\u307e\u3059\u304c\u3001\u81ea\u5206\u3082\u307e\u3060\u307e\u3060\u534a\u4eba\u524d\u3060\u3057\u3001\u697d\u3057\u304f\u306a\u3051\u308a\u3083\u610f\u5473\u304c\u306a\u3044\u3068\u601d\u3063\u3066\u307e\u3059\u304b\u3089\u3001\u6e96\u5099\u304c\u6574\u3063\u305f\u3089WAN\u5074\u306eLAN\u30b1\u30fc\u30d6\u30eb\u306f\u629c\u3044\u3066\u3057\u307e\u3063\u3066\u3001\u30b9\u30bf\u30f3\u30c9\u30a2\u30ed\u30f3\u306a\u74b0\u5883\u3067\u5b9f\u9a13\u3059\u308c\u3070\u5b89\u5168\u306a\u306e\u3067\u3059\u3088\u3002<\/p>\n

\u74b0\u5883<\/h3>\n

\u6700\u8fd1\u306f\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u306e\u7cbe\u795e\u306b\u30cf\u30de\u3063\u3066\u3044\u3066\u3001\u307f\u3093\u306a\u3067\u826f\u304f\u3057\u3066\u3044\u3053\u3046\u305c\uff01\u3063\u3066\u3044\u3044\u3067\u3059\u3088\u306d\u3002
\nDebian\u306f\u30e6\u30fc\u30b6\u30fc\u30aa\u30f3\u30ea\u30fc\u306e\u30c7\u30a3\u30b9\u30c8\u30ea\u3068\u3044\u3046\u3053\u3068\u3092\u6700\u8fd1\u77e5\u308a\u307e\u3057\u305f\u3002
\n\u4eca\u56de\u306fDebian\u306b\u3057\u305f\u3044\u3068\u601d\u3044\u307e\u3059\u3002
\nDebian\u30828\u304b\u3089\u306fSystemD\u306b\u306a\u3063\u305f\u3057\u306d\u301c\u3002<\/p>\n

\u6700\u65b0\u306eJesie\u3067\u3059\u3002<\/p>\n

\r\nuser@deb:~$ sudo lsb_release -d\r\nDescription:\tDebian GNU\/Linux 8.0 (jessie)\r\n<\/pre>\n<\/p>\n
sudo\u3084\u5fc5\u8981\u6700\u4f4e\u9650\u306a\u3082\u306e\u306f\u65e2\u306b\u6e96\u5099\u6e08\u307f\u306e\u72b6\u614b\u3067\u3059\u3002<\/p>\n
\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u30e1\u30e2<\/h3>\n
\u30d1\u30c3\u30b1\u30fc\u30b8\u985e\u3092\u63a8\u5968\u30d1\u30c3\u30b1\u30fc\u30b8\u3068\u5171\u306b\u3044\u308d\u3044\u308d\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3002PATH\u3092\u901a\u3057\u305f\u308a\u304c\u9762\u5012\u306a\u306e\u3067\u3001rbenv\u3067\u3084\u3063\u305f\u65b9\u304c\u3044\u3044\u3068\u601d\u3044\u307e\u3057\u305f\u3002rbenv\u306a\u3057\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305f\u306e\u3067\u3001\u6298\u89d2\u306a\u306e\u3067\u305d\u306e\u307e\u307e\u8f09\u305b\u307e\u3059\u308b\u3002
\n\u30d1\u30c3\u30b1\u30fc\u30b8\u306f\u9014\u4e2d\u304b\u3089\u307e\u305f\u6700\u521d\u306b1\u56de\u623b\u3063\u3066\u3044\u308b\u306e\u3067\u3059\u304c\u3001\u591a\u5206\u3053\u308c\u3089\u3067\u5927\u4e08\u592b\u3060\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n
\r\nuser@deb:~$ sudo aptitude update\r\nuser@deb:~$ sudo aptitude upgrade\r\nuser@deb:~$ sudo aptitude install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre subversion git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev libyaml-dev nmap xtightvncviewer\r\n  \r\nuser@deb:~$ sudo gem install --verbose --debug pcaprub wirble pg sqlite3 msgpack activerecord redcarpet rspec simplecov yard bundler\r\n<\/pre>\n<\/p>\n
\u74b0\u5883\u5909\u6570\u306e\u8ffd\u52a0<\/p>\n
\r\nuser@deb:~$ cat >> ~\/.bashrc\r\nexport GEM_HOME=~\/extlib\/gems\r\n^C\r\nuser@deb:~$ exec $SHELL -l\r\n<\/pre>\n<\/p>\n
Metasploit-framework\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/p>\n
\r\nuser@deb:~$ cd \/opt\r\nuser@deb:\/opt$ sudo mkdir metasploit-framework\r\nuser@deb:\/opt$ sudo chown -R user:user .\r\nuser@deb:\/opt$ git clone https:\/\/github.com\/rapid7\/metasploit-framework.git\r\nuser@deb:\/opt$ cd metasploit-framework\r\nuser@deb:\/opt$ bash -c 'for MSF in $(ls msf*); do ln -s \/opt\/metasploit-framework\/$MSF \/usr\/local\/bin\/$MSF;done'\r\nuser@deb:\/opt\/metasploit-framework$ echo 'export PATH="\/var\/lib\/gems\/2.1.0\/gems\/bundler-1.9.8\/bin:$PATH"' >> ~\/.bashrc\r\nuser@deb:\/opt\/metasploit-framework$ exec $SHELL -l\r\nuser@deb:\/opt\/metasploit-framework$ bundle install\r\n<\/pre>\n<\/p>\n
bundle install\u3067\u7d50\u69cb\u306a\u91cf\u304c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u307e\u3057\u305f\u3002
\n\u304a\u99b4\u67d3\u307f\u306e\u30e9\u30a4\u30d6\u30e9\u30ea\u3084\u3001\u521d\u3081\u3066\u898b\u308b\u3082\u306e\u3082\u305f\u304f\u3055\u3093\u3042\u308a\u307e\u3059\u306d\u3002<\/p>\n
\r\nrake 10.4.2\r\ni18n 0.7.0\r\nminitest 4.7.5\r\nmulti_json 1.11.0\r\nthread_safe 0.3.5\r\ntzinfo 0.3.43\r\nactivesupport 4.0.13\r\nbuilder 3.1.4\r\nerubis 2.7.0\r\nrack 1.5.2\r\nrack-test 0.6.3\r\nactionpack 4.0.13\r\nmime-types 2.4.3\r\nmail 2.6.3\r\nactionmailer 4.0.13\r\nactivemodel 4.0.13\r\nactiverecord-deprecated_finders 1.0.4\r\narel 4.0.2\r\nactiverecord 4.0.13\r\narel-helpers 2.1.0\r\nffi 1.9.8\r\nchildprocess 0.5.5\r\ndiff-lcs 1.2.5\r\ngherkin 2.12.2\r\nmulti_test 0.1.2\r\ncucumber 1.3.19\r\nrspec-expectations 2.99.2\r\naruba 0.6.2\r\nbcrypt 3.1.10\r\nbundler 1.9.8\r\nmini_portile 0.6.2\r\nnokogiri 1.6.6.2\r\nxpath 2.0.0\r\ncapybara 2.4.4\r\ncoderay 1.1.0\r\nthor 0.19.1\r\nrailties 4.0.13\r\nhike 1.2.3\r\ntilt 1.4.1\r\nsprockets 2.12.3\r\nsprockets-rails 2.2.4\r\nrails 4.0.13\r\ncucumber-rails 1.4.2\r\ndocile 1.1.5\r\nfactory_girl 4.5.0\r\nfactory_girl_rails 4.5.0\r\nfivemat 1.2.1\r\nrkelly-remix 0.0.6\r\njsobfu 0.2.1\r\njson 1.8.2\r\nmetasploit-concern 1.0.0\r\nmetasploit-model 1.0.0\r\npg 0.18.1\r\npg_array_parser 0.0.9\r\npostgres_ext 2.4.1\r\nrecog 1.0.29\r\nmetasploit_data_models 1.0.1\r\nrubyntlm 0.5.0\r\nrubyzip 1.1.7\r\nmetasploit-credential 1.0.0\r\nmetasploit-payloads 0.0.5\r\nmsgpack 0.5.11\r\npacketfu 1.1.9\r\nrb-readline-r7 0.5.2.0\r\nrobots 0.10.1\r\nsqlite3 1.3.10\r\nmetasploit-framework 4.11.0.pre.dev from source at .\r\nmetasploit-framework-db 4.11.0.pre.dev from source at .\r\nnetwork_interface 0.0.1\r\npcaprub 0.12.0\r\nmetasploit-framework-pcap 4.11.0.pre.dev from source at .\r\nmethod_source 0.8.2\r\nslop 3.6.0\r\npry 0.10.1\r\nredcarpet 3.2.3\r\nrspec-core 2.99.2\r\nrspec-mocks 2.99.3\r\nrspec 2.99.0\r\nrspec-collection_matchers 1.1.2\r\nrspec-rails 2.99.0\r\nshoulda-matchers 2.8.0\r\nsimplecov-html 0.9.0\r\nsimplecov 0.9.2\r\ntimecop 0.7.3\r\nyard 0.8.7.6\r\n<\/pre>\n<\/p>\n
\u3044\u3063\u305f\u3093\u8d77\u52d5\u3055\u305b\u3066\u307f\u307e\u3057\u305f\u3002\u3082\u3061\u308d\u3093\u307e\u3060\u4f7f\u3048\u307e\u305b\u3093\u306e\u3067\u3001DB\u3092\u7528\u610f\u3057\u307e\u3059\u3002
\nPostgres\u3092\u4f7f\u3044\u307e\u3059\u3002<\/p>\n
\r\nmsf > search easy\r\n[!] Database not connected or cache not built, using slow search\r\n^C[-] Error while running command search:\r\n<\/pre>\n<\/p>\n
\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u5909\u66f4\u3084\u3001DB\u306e\u4f5c\u6210\u3092\u304a\u3053\u306a\u3044\u307e\u3059\u3002<\/p>\n
\r\nuser@deb:~$ sudo vi \/etc\/postgresql\/9.4\/main\/pg_hba.conf\r\n    #local   all             all                                     peer\r\n    local   all             all                                     md5\r\n\r\nuser@deb:~$ sudo cp \/opt\/metasploit-framework\/config\/database.yml.example \/opt\/metasploit-framework\/database.yml\r\n\r\nuser@deb:~$ sudo systemctl restart postgresql.service\r\n\r\nuser@deb:~$ echo 'export MSF_DATABASE_CONFIG=\/opt\/metasploit-framework\/database.yml' >> ~\/.bashrc\r\n<\/pre>\n<\/p>\n
\r\nuser@deb:~$ sudo su postgres\r\npostgres@deb:\/home\/user$ createuser metas -P\r\n\u65b0\u3057\u3044\u30ed\u30fc\u30eb\u306e\u305f\u3081\u306e\u30d1\u30b9\u30ef\u30fc\u30c9:\r\n\u3082\u3046\u4e00\u5ea6\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\uff1a\r\npostgres@deb:\/home\/user$ createdb metas\r\npostgres@deb:\/home\/user$ exit\r\n<\/pre>\n<\/p>\n
\r\n\/opt\/metasploit-framework\/database.yml\r\nproduction:\r\n adapter: postgresql\r\n database: metas\r\n username: metas\r\n password: metas\r\n host: 127.0.0.1\r\n port: 5432\r\n pool: 75\r\n timeout: 5\r\n \r\nuser@deb:~$ sudo systemctl restart postgresql.service\r\n<\/pre>\n<\/p>\n
\u3067\u306f\u3001\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n
\r\nuser@deb:~$ msfconsole\r\n\r\n\r\nmsf > db_connect metas:metas@localhost:5432\/metas\r\n[*] Rebuilding the module cache in the background...\r\nmsf >\r\nmsf > db_status\r\n[*] postgresql connected to metas\r\nmsf >\r\n<\/pre>\n<\/p>\n
\u3000\u3000
\n\u30d3\u30eb\u30c9\u304c\u59cb\u307e\u308a\u307e\u3057\u305f\u3002
\n\u3057\u3070\u3089\u304f\u3057\u3066\u304b\u3089\u691c\u7d22\u3092\u304b\u3051\u3066\u307f\u308b\u3068\u3001\u3058\u308f\u3058\u308f\u3068\u30c7\u30fc\u30bf\u304c\u6e9c\u307e\u3063\u3066\u304d\u305f\u3088\u3046\u3067\u3059\u3002<\/p>\n
\r\nmsf > search easy\r\n[!] Database not connected or cache not built, using slow search\r\n\r\nMatching Modules\r\n================\r\n\r\n   Name                                                            Disclosure Date  Rank       Description\r\n   ----                                                            ---------------  ----       -----------\r\n   auxiliary\/admin\/http\/wp_easycart_privilege_escalation           2015-02-25       normal     WordPress WP EasyCart Plugin Privilege Escalation\r\n   auxiliary\/dos\/windows\/ftp\/xmeasy560_nlst                        2008-10-13       normal     XM Easy Personal FTP Server 5.6.0 NLST DoS\r\n   auxiliary\/dos\/windows\/ftp\/xmeasy570_nlst                        2009-03-27       normal     XM Easy Personal FTP Server 5.7.0 NLST DoS\r\n   auxiliary\/scanner\/mssql\/mssql_schemadump                                         normal     MSSQL Schema Dump\r\n   auxiliary\/server\/capture\/smb                                                     normal     Authentication Capture: SMB\r\n   exploit\/linux\/misc\/accellion_fta_mpipe2                         2011-02-07       excellent  Accellion File Transfer Appliance MPIPE2 Command Execution\r\n   exploit\/unix\/webapp\/wp_easycart_unrestricted_file_upload        2015-01-08       excellent  WordPress WP EasyCart Unrestricted File Upload\r\n   exploit\/windows\/browser\/hp_easy_printer_care_xmlcachemgr        2012-01-11       great      HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution\r\n   exploit\/windows\/browser\/hp_easy_printer_care_xmlsimpleaccessor  2011-08-16       great      HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution\r\n<\/pre>\n<\/p>\n
\u3067\u306f\u6e96\u5099\u304c\u6574\u3044\u307e\u3057\u305f\u306e\u3067\u3001\u5b9f\u9a13\u3057\u3066\u307f\u307e\u3059\u3002
\n\u30b9\u30bf\u30f3\u30c9\u30a2\u30ed\u30fc\u30f3\u306b\u3057\u3088\u3046\u3068\u601d\u3063\u3066\u3001LAN\u30b1\u30fc\u30d6\u30eb\u3092\u5f15\u3063\u3053\u629c\u3044\u305f\u3093\u3067\u3059\u304c\u3001LAN\u30b1\u30fc\u30d6\u30eb\u304c\u53e4\u304f\u306a\u3063\u3066\u3044\u305f\u306e\u304b\u3001\u629c\u3044\u305f\u62cd\u5b50\u306b\u5272\u308c\u3066\u3057\u307e\u3044\u307e\u3057\u305f\u301c\uff3c(^o^)\uff0f<\/p>\n
\u6c17\u3092\u53d6\u308a\u76f4\u3057\u3066\u5b9f\u9a13\u3067\u3042\u308a\u307e\u3059\u3002\u3060\u3044\u3058\u3087\u3076\u3001\u307e\u3060\u4f7f\u3048\u307e\u3059\u305e\u3002<\/p>\n
\u30da\u30cd\u30c8\u30ec\u30fc\u30b7\u30e7\u30f3\u30c6\u30b9\u30c8<\/h4>\n
\u5bfe\u8c61\u306e\u30b5\u30fc\u30d0\u30fc\u3067\u3059\u304c\u3001\u4ee5\u524d\u306brsync\u3092\u4f7f\u3063\u3066VPS\u306e\u74b0\u5883\u3068\u540c\u3058\u30d5\u30a1\u30a4\u30eb\u69cb\u6210\u306e\u4eee\u60f3\u30b5\u30fc\u30d0\u30fc\u3092\u30ed\u30fc\u30ab\u30eb\u306eVirtualBox\u3067\u4f5c\u3063\u3066\u3042\u3063\u305f\u306e\u3067\u3001\u305d\u3044\u3064\u3092\u4f7f\u3044\u305f\u3044\u3068\u601d\u3044\u307e\u3059\u3002
\n\u307e\u305a\u306f\u3086\u308b\u3081\u306eDoS\u3067\u4f7f\u3063\u305fMetasploite\u3092\u4f7f\u3063\u305f\u611f\u89e6\u3092\u8a66\u3057\u3066\u307f\u3088\u3046\u3068\u601d\u3044\u307e\u3059\uff01<\/p>\n
\r\nmsf > use dos\/http\/apache_range_dos\r\nmsf auxiliary(apache_range_dos) >\r\n\r\n<\/pre>\n<\/p>\n
\u7d30\u304b\u3044\u8a2d\u5b9a\u7b49\u306f\u98db\u3070\u3057\u3066\u5b9f\u884c\u524d\u306e\u78ba\u8a8d\u304b\u3089\u3002<\/p>\n
\r\nmsf auxiliary(apache_range_dos) > show options\r\n\r\nModule options (auxiliary\/dos\/http\/apache_range_dos):\r\n\r\n   Name     Current Setting  Required  Description\r\n   ----     ---------------  --------  -----------\r\n   Proxies                   no        A proxy chain of format type:host:port[,type:host:port][...]\r\n   RHOSTS   192.168.24.66    yes       The target address range or CIDR identifier\r\n   RLIMIT   50               yes       Number of requests to send\r\n   RPORT    80               yes       The target port\r\n   THREADS  1                yes       The number of concurrent threads\r\n   URI      \/                yes       The request URI\r\n   VHOST                     no        HTTP server virtual host\r\n\r\n\r\nAuxiliary action:\r\n\r\n   Name  Description\r\n   ----  -----------\r\n   DOS\r\n<\/pre>\n<\/p>\n
\u30ed\u30b0<\/p>\n
\r\n192.168.24.65 - - [15\/May\/2015:00:12:42 +0900] "POST \/xmlrpc.php HTTP\/1.1" 200 403 "-" "Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"\r\n192.168.24.65 - - [15\/May\/2015:00:12:44 +0900] "POST \/xmlrpc.php HTTP\/1.1" 200 403 "-" "Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"\r\n<\/pre>\n<\/p>\n
\u3053\u306e\u3088\u3046\u306a\u611f\u3058\u3067\u30ed\u30b0\u306b\u6b8b\u3063\u3066\u3044\u307e\u3059\u304c\u3001\u3086\u308b\u3044\u306e\u3067\u3001\u30ed\u30b0\u3082\u3086\u308b\u3044\u3067\u3059\u3002
\n\u64cd\u4f5c\u306b\u306a\u308c\u308b\u305f\u3081\u306e\u4f5c\u696d\u306a\u306e\u3067\u3001\u3053\u3093\u306a\u611f\u3058\u3067\u826f\u3044\u304b\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n
\u3042\u3068\u6570\u500b\u8a66\u3057\u3066\u307f\u3066\u3001Hello World\u7a0b\u5ea6\u306e\u4f7f\u3044\u65b9\u306f\u308f\u304b\u3063\u3066\u304d\u307e\u3057\u305f\u3002<\/p>\n
\u305d\u308c\u3067\u306f\uff01
\nWordpress\u306b\u5bfe\u3057\u3066\u306e\u653b\u6483\u3092\u3044\u304f\u3064\u304b\u8a66\u3057\u3066\u307f\u3088\u3046\u3068\u601d\u3044\u307e\u3059\u3002
\n\u3061\u3083\u3093\u3068\u9632\u3052\u308b\u304b\u30c9\u30ad\u30c9\u30ad\u3057\u307e\u3059\u306d\u30fb\u30fb\u3002<\/p>\n
1\u500b\u76ee\uff01
\n\u30bb\u30fc\u30d5\u3067\u3057\u305f\u3002<\/p>\n
\r\n> exploit\r\n\r\n[*] Started reverse handler on 192.168.24.65:4444\r\n[*] 192.168.24.63:80 - Trying unauthenticated exploitation...\r\n[*] 192.168.24.63:80 - Trying to get posts from feed...\r\n[*] 192.168.24.63:80 - Found Post POST ID 5275...\r\n[*] 192.168.24.63:80 - Injecting the PHP Code in a comment...\r\n[*] 192.168.24.63:80 - Executing the payload...\r\n[-] Exploit aborted due to failure: unknown: 192.168.24.63:80 - Comment not in post, maybe comments are moderated\r\n<\/pre>\n<\/p>\n
\u30ed\u30b0<\/p>\n
\r\n192.168.24.65 - - [15\/May\/2015:00:21:02 +0900] "GET \/ HTTP\/1.1" 200 66936 "-" "Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"\r\n192.168.24.65 - - [15\/May\/2015:00:21:09 +0900] "GET \/?feed=rss2 HTTP\/1.1" 200 6483 "-" "Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"\r\n192.168.24.65 - - [15\/May\/2015:00:21:10 +0900] "GET  HTTP\/1.1" 400 840 "-" "-"\r\n192.168.24.65 - - [15\/May\/2015:00:21:10 +0900] "GET \/?p=5275 HTTP\/1.1" 200 44146 "-" "Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"\r\n192.168.24.65 - - [15\/May\/2015:00:21:11 +0900] "POST \/wp-comments-post.php HTTP\/1.1" 302 - "-" "Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"\r\n192.168.24.65 - - [15\/May\/2015:00:21:14 +0900] "GET \/?p=5275 HTTP\/1.1" 200 44143 "-" "Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"\r\n<\/pre>\n<\/p>\n
2\u500b\u76ee\uff01
\n\u30bb\u30fc\u30d5\u3067\u3057\u305f\uff01<\/p>\n
\r\n> exploit\r\n\r\n[-] 192.168.24.63 - It doesn't appear to be vulnerable\r\n[*] Scanned 1 of 1 hosts (100% complete)\r\n[*] Auxiliary module execution completed\r\n<\/pre>\n<\/p>\n
\u30ed\u30b0<\/p>\n
\r\n192.168.24.65 - - [15\/May\/2015:00:27:07 +0900] "GET \/ HTTP\/1.1" 200 66935 "-" "Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"\r\n192.168.24.65 - - [15\/May\/2015:00:27:08 +0900] "HEAD \/ HTTP\/1.1" 200 - "-" "Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"\r\n<\/pre>\n<\/p>\n
\u30da\u30cd\u30c8\u30ec\u30fc\u30b7\u30e7\u30f3\u30c6\u30b9\u30c8\u3092\u8a66\u3057\u3066\u307f\u305f\u611f\u60f3<\/h3>\n
\u3053\u306e\u30c6\u30b9\u30c8\u306e\u826f\u3044\u3068\u3053\u308d\u306f\u3001\u30b5\u30fc\u30d0\u30fc\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u9ad8\u3081\u308b\u3060\u3051\u3067\u306a\u304f\u3066\u3001\u653b\u6483\u5074\u306e\u884c\u52d5\u304c\u30ed\u30b0\u304b\u3089\u8aad\u3081\u308b\u3088\u3046\u306b\u306a\u308b\u529b\u304c\u3064\u304f\u3053\u3068\u3067\u3059\u3002\u30c6\u30b9\u30c8\u306b\u3073\u304f\u3073\u304f\u3057\u3066\u3044\u308b\u306e\u306f\u3061\u3087\u3063\u3068\u30de\u30cc\u30b1\u3067\u3057\u305f\u304c\u3001\u30ed\u30b0\u306e\u30ea\u30fc\u30c7\u30a3\u30f3\u30b0\u30b9\u30ad\u30eb\u306e\u5411\u4e0a\u3092\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3068\u3044\u3046\u306e\u306f\u4eca\u56de\u306e\u53ce\u7a6b\u3067\u3057\u305f\u3002
\n\u3042\u3068\u306f\u6642\u9593\u304c\u3042\u308b\u6642\u306b\u8272\u3005\u3068\u305f\u3081\u3057\u3066\u307f\u305f\u3044\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n
\u6628\u5e74\u306f\u8106\u5f31\u6027\u306e1\u5e74\u3068\u8a00\u3063\u3066\u3082\u3044\u3044\u304f\u3089\u3044\u306b\u3001\u8272\u3005\u306a\u7a2e\u985e\u306e\u653b\u6483\u304c\u3042\u308a\u307e\u3057\u305f\u304c\u3001\u30a2\u30bf\u30c3\u30af\u5074\u306e\u3053\u3068\u3082\u52c9\u5f37\u3057\u3066\u3001\u30ed\u30b0\u3092\u8aad\u3080\u529b\u3092\u3064\u3051\u3066\u3001\u30c7\u30a3\u30d5\u30a7\u30f3\u30b9\u529b\u3092\u4e0a\u3052\u3088\u3046\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n
\u30b6\u30fc\u30c3\u3068\u898b\u3066\u3053\u306e\u30ed\u30b0\u602a\u3057\u3044\u306a\u3001\u3068\u8aad\u3081\u308b\u3088\u3046\u306b\u306a\u308c\u3070\u826f\u3044\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n
\u3067\u3082\u3063\u3066\u3001\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u306fRuby\u3067\u66f8\u304b\u308c\u3066\u3044\u308b\u306e\u3067\u3001Ruby\u306e\u30b3\u30fc\u30c9\u30ea\u30fc\u30c7\u30a3\u30f3\u30b0\u3082\u3067\u304d\u308b\u3068\u3044\u3046\u4e00\u77f3\u4e09\u9ce5\u306b\u306a\u308a\u305d\u3046\u3067\u3059\u3002<\/p>\n
\u3044\u3064\u304b\u306f\u8106\u5f31\u6027\u3084\u30d0\u30b0\u306e\u4fee\u6b63\u307e\u3067\u3067\u304d\u308b\u3088\u3046\u306b\u99b4\u308c\u308b\u3068\u3044\u3044\u3067\u3059\u306d\u3002<\/p>\n
\u3067\u306f\u307e\u305f\u301c\u3002<\/p>\n
        
Tweet<\/a><\/div><\/div>\n
\n","protected":false},"excerpt":{"rendered":"
Hack\u7cfb\u306e\u30c4\u30fc\u30eb\u3068\u3044\u3046\u3068\u30a4\u30e1\u30fc\u30b8\u7684\u306b\u3082Python\u3068\u601d\u3063\u3066\u3044\u307e\u3057\u305f\u304c\u3001\u3053\u306e\u30c4\u30fc\u30eb\u306f\u3069\u3046\u3084\u3089Ruby\u306e\u3088\u3046\u3067\u3059\u3002 \u308f\u304a\u301c\u3002 \u6700\u8fd1\u4f7f\u3044\u305f\u3044\u30c4\u30fc\u30eb\u985e\u304c\u305f\u307e\u305f\u307eRuby\u3060\u3063\u305f\u3068\u3044\u3046\u3053\u3068\u304c\u3068\u3066\u3082\u591a\u3044\u306e\u3067\u5c11\u3005\u9a5a\u3044\u3066\u3044\u307e\u3059\u304c\u3001\u3053\u306e\u30d3 … “Metasploit\u3092Debian8\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u3001\u3044\u304f\u3064\u304b\u306e\u30c6\u30b9\u30c8\u3092\u3057\u3066\u307f\u307e\u3057\u305f\u3002” \u306e<\/span>\u7d9a\u304d\u3092\u8aad\u3080<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89],"tags":[],"class_list":["post-5326","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts\/5326","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5326"}],"version-history":[{"count":0,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts\/5326\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5326"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5326"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5326"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}