• Revista PROGRAMAR: Já está disponível a edição #53 da revista programar. Faz já o download aqui!

herakty

WMAP Web Application scanning framework for Metasploit 3

1 mensagem neste tópico

Introduction

WMAP is a general purpose web application scanning framework for Metasploit 3. The architecture is simple and its simplicity is what makes it powerful. It's a different approach compared to other open source alternatives and commercial scanners, as WMAP is not build around any browser or spider for data capture and manipulation.

isto é uma cena brutal que adiciona o vector Web (HTTP porto 80) à poderosa framework metasploit... o metasploit com todos os seus projectos integrados e agora até integras no Nexxus que é um vulnerability scanner... onde automaticamente é descoberta a vulnerabilidade e iniciado o exploit, como faz o Core Impact que é um ferrari carissimo...

brutal mesmo... e pode-se descobrir o problema no site e usa-lo com a frameworks metasploit e criar uma shell remota através de uma simples falha num site...

Overview¶

In the WMAP design, the attack proxy acts as a data gathering tool. All traffic between the client(s) (i.e. favorite browser and/or spider) will be stored in the MSF database. (See figure.)

[CLIENT] ----- [ATTACK PROXY] ----- [TARGET]

                      |                ^

              [METASPLOIT DB]          |

                      |                |

            [MSF 3 - WMAP SCANNER]      |

            [MSF 3 - WMAP MODULES] -----+

WMAP is a Metasploit plugin and will interact with the database, reading all gathered traffic, processing it and launching the different tests implemented as modules. As WMAP Modules are MSF Modules they can be easily implemented, and can be run manually from the command line or automatically via WMAP. As you may see this simple architecture allows you to have different distributed clients and even different proxies all storing data to the

central repository. Remember everything is based on Metasploit, the test modules are implemented as auxiliary modules and they can interact with any other MSF component including the database, exploits and plugins.

msf > wmap_run -t
[*] Loaded auxiliary/admin/http/tomcat_administration ...
[*] Loaded auxiliary/admin/http/tomcat_manager ...
[*] Loaded auxiliary/scanner/http/frontpage_login ...
[*] Loaded auxiliary/scanner/http/options ...
[*] Loaded auxiliary/scanner/http/version ...
[*] Loaded auxiliary/scanner/http/wmap_cert ...
[*] Loaded auxiliary/scanner/http/wmap_robots_txt ...
[*] Loaded auxiliary/scanner/http/wmap_soap_xml ...
[*] Loaded auxiliary/scanner/http/wmap_ssl ...
[*] Loaded auxiliary/scanner/http/wmap_svn_scanner ...
[*] Loaded auxiliary/scanner/http/wmap_verb_auth_bypass ...
[*] Loaded auxiliary/scanner/http/wmap_vhost_scanner ...
[*] Loaded auxiliary/scanner/http/wmap_webdav_internal_ip ...
[*] Loaded auxiliary/scanner/http/wmap_webdav_scanner ...
[*] Loaded auxiliary/scanner/http/wmap_webdav_website_content ...
[*] Loaded auxiliary/scanner/http/ms09_020_webdav_unicode_bypass ...
[*] Loaded auxiliary/scanner/http/wmap_backup_file ...
[*] Loaded auxiliary/scanner/http/wmap_brute_dirs ...
[*] Loaded auxiliary/scanner/http/wmap_copy_of_file ...
[*] Loaded auxiliary/scanner/http/wmap_dir_listing ...
[*] Loaded auxiliary/scanner/http/wmap_dir_scanner ...
[*] Loaded auxiliary/scanner/http/wmap_dir_webdav_unicode_bypass ...
[*] Loaded auxiliary/scanner/http/wmap_file_same_name_dir ...
[*] Loaded auxiliary/scanner/http/wmap_files_dir ...
[*] Loaded auxiliary/scanner/http/wmap_prev_dir_same_name_file ...
[*] Loaded auxiliary/scanner/http/wmap_replace_ext ...
[*] Loaded auxiliary/scanner/http/writable ...
[*] Loaded auxiliary/scanner/http/wmap_blind_sql_query ...
[*] Loaded auxiliary/scanner/http/wmap_error_sql_injection ...

ADMINISTRADORES E PROGRAMADORES... tenham muita atenção à segurança quando programam... isto está a atingir um nível brutal em que já não se pode estar de fora... e atenção que certos servidores não são o alvo interessante, mas uma parte no caminho até... e não querem ver o vosso servidor ser um ponto de ataque de crakers pois não?

http://www.metasploit.com/redmine/projects/framework/wiki/WMAP

teckV

0

Partilhar esta mensagem


Link para a mensagem
Partilhar noutros sites

Crie uma conta ou ligue-se para comentar

Só membros podem comentar

Criar nova conta

Registe para ter uma conta na nossa comunidade. É fácil!


Registar nova conta

Entra

Já tem conta? Inicie sessão aqui.


Entrar Agora