Академический Документы
Профессиональный Документы
Культура Документы
CURSO DE
AUDITORES
TURMA 2014
LABORATRIOS
CASID CIAW
LAB- 1
Laboratrio do Curso de Segurana Ofensiva
Scanning de Portas, Gerador de pacotes e
Nessus
1. NMAP
Opes Bsicas
-sT = Scaneia portas apenas do protocolo TCP.
-sU = Scaneia portas apenas do protocolo UDP.
-sS = Scaneia usando pacotes tcp com o flag SYN ativado.
-sA = Scaneia usando pacotes tcp com o flago ACK
ativado. timo para burlar a segurana de programas
firewalls e descobrir suas regras de filtragem.
-sP = Scan de ping. Varre uma grande faixa de ips usando
mensagens icmp echo request para determinar os hosts
ativos("alive") na(s) rede(s).
-P0 = No disparar o ping em scans. Serve para scannear
mquinas que bloqueiam trfego do protocolo icmp.
-O = Finger printing. Usado para obter informaes
remotas sobre o sistema operacional da vitima.
-sV = Obtm informaes do tipo de servio rodando em
uma porta especfica que esteja aceitando conexes. Essa
opo muito til para saber se uma verso antiga que
possa ser remotamente explorada com o uso de exploits
para invaso do sistema ou outros objetivos.
-p = Especifica uma faixa de portas, ou uma nica porta
de servio a ser scaneada.
-T0 at -T5
Ver:
http://www.vivaolinux.com.br/artigos/impressora.php?
codigo=13548
CASID CIAW
Sem parmetros
root@kali:~# nmap
Nmap 5.61TEST4 ( http://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
deteco de S.O
root@kali:~# nmap -O 172.16.50.40
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-06-25 18:20 BRT
Nmap scan report for 172.16.50.40
Host is up (0.0011s latency).
Not shown: 992 closed ports
PORT
STATE SERVICE
21/tcp open ftp
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
3306/tcp open mysql
Device type: general purpose
Running: Microsoft Windows 2003
OS CPE: cpe:/o:microsoft:windows_server_2003
OS details: Microsoft Windows Server 2003 SP1 or SP2
Network Distance: 2 hops
OS detection performed. Please report any incorrect results at
CASID CIAW
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 3.07 seconds
root@kali:~#
Scanning UDP
root@kali:~# nmap -sU -vv -p1-200 172.16.50.20
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-06-25 23:57 BRT
Initiating Ping Scan at 23:57
Scanning 172.16.50.20 [4 ports]
Completed Ping Scan at 23:57, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 23:57
Completed Parallel DNS resolution of 1 host. at 23:57, 0.05s elapsed
Initiating UDP Scan at 23:57
Scanning 172.16.50.20 [200 ports]
Discovered open port 123/udp on 172.16.50.20
Discovered open port 137/udp on 172.16.50.20
Completed UDP Scan at 23:57, 1.25s elapsed (200 total ports)
Nmap scan report for 172.16.50.20
Host is up (0.0041s latency).
Scanned at 2012-06-25 23:57:10 BRT for 1s
Not shown: 196 closed ports
PORT STATE
SERVICE
123/udp open
ntp
137/udp open
netbios-ns
138/udp open|filtered netbios-dgm
161/udp open|filtered snmp
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 1.43 seconds
Raw packets sent: 206 (6.089KB) | Rcvd: 199 (11.364KB)
CASID CIAW
CASID CIAW
Discovery OS - smb
root@kali:~# nmap 172.16.50.40 --script smb-os-discovery.nse
Starting Nmap 6.40 ( http://nmap.org ) at 2014-04-22 08:04 EDT
Nmap scan report for 172.16.50.40
Host is up (0.0014s latency).
Not shown: 989 closed ports
PORT
STATE SERVICE
21/tcp open ftp
53/tcp open domain
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
1028/tcp open unknown
1029/tcp open ms-lsa
3306/tcp open mysql
3389/tcp open ms-wbt-server
Host script results:
| smb-os-discovery:
| OS: Windows Server 2003 3790 Service Pack 1 (Windows Server 2003 5.2)
| OS CPE: cpe:/o:microsoft:windows_server_2003::sp1
| Computer name: cassio-trzocv4r
| NetBIOS computer name: CASSIO-TRZOCV4R
| Workgroup: WORKGROUP
|_ System time: 2014-04-22T09:04:56-03:00
Nmap done: 1 IP address (1 host up) scanned in 2.24 seconds
CASID CIAW
CASID CIAW
CASID CIAW
LAB-2
NESSUS - scanner de vulnerabilidades
http://wiki.backbox.org/index.php/Nessus
1. Download Nessus
http://www.tenable.com/products/nessus/select-your-operating-system
http://www.nessus.org/register
2. Instalar NESSUS
(32 or 64 bit version check the package name).
dpkg -i Nessus-5.2.1-debian6_amd64.deb
Link de Ativao
http://www.tenable.com/products/nessus/nessusplugins/obtain-an-activation-code
Atualizar Nessus
root@kali:/opt/nessus/bin# /opt/nessus/sbin/nessus-update-plugins
Fetching the newest updates from nessus.org...
Done. The Nessus server will start processing these plugins within a minute
root@kali:/opt/nessus/bin#
CASID CIAW
10
Verificar a atualizao
root@kali:/opt/nessus/bin# locate plugin_feed_info
/opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
/opt/nessus/var/nessus/.plugin_feed_info.inc
/opt/nessus/var/nessus/plugin_feed_info.inc
root@kali:/opt/nessus/bin# more
/opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
PLUGIN_SET = "201404221015";
PLUGIN_FEED = "HomeFeed (Non-commercial use only)";
root@kali:/opt/nessus/bin#
Escanear 172.16.50.40
CASID CIAW
11
LAB-3
2. Wireshark
Verificar se filezilla (FTP Server) est rodando no XAMPENG
CASID CIAW
12
CASID CIAW
13
CASID CIAW
14
CASID CIAW
15
CASID CIAW
16