{"id":919,"date":"2015-06-29T19:24:45","date_gmt":"2015-06-29T18:24:45","guid":{"rendered":"http:\/\/under12oot.noblogs.org\/?p=919"},"modified":"2015-06-30T15:48:14","modified_gmt":"2015-06-30T14:48:14","slug":"fimap-e-metasploitable-2","status":"publish","type":"post","link":"https:\/\/under12oot.noblogs.org\/?p=919","title":{"rendered":"Fimap e Metasploitable 2"},"content":{"rendered":"<p>Con il corso <em>cyber-fu<\/em> ci stiamo dilettando nell&#8217;exploitation della <em>sempreverde<\/em> metasploitable 2 versione Linux. Oggi facendo passare il menu mi son ricordato del buon vecchio <em>fimap<\/em>, un tool veramente ben fatto, completo e che non tradisce mai&#8230;<\/p>\n<p>Peccato che le RFI\/LFI stiano via via diventando sempre meno trovabili, ma con metasploitable abbiamo la possiblit\u00e0 di divertirci ancora un pochetto.<\/p>\n<p>Qui una piccola <em>guida <\/em> su come usare fimap per attaccare Metasploitable e dire &#8220;Pwned!&#8221; (poverina&#8230;.)<\/p>\n<p>&nbsp;<\/p>\n<div id=\"attachment_932\" style=\"width: 310px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/1a.png\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-932\" class=\"wp-image-932 size-medium\" src=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/1a-300x169.png\" alt=\"\" width=\"300\" height=\"169\" srcset=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/1a-300x169.png 300w, https:\/\/under12oot.noblogs.org\/files\/2015\/06\/1a-1024x578.png 1024w, https:\/\/under12oot.noblogs.org\/files\/2015\/06\/1a.png 1360w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><p id=\"caption-attachment-932\" class=\"wp-caption-text\">fimap scan<\/p><\/div>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>cominciamo con istruire fimap affinche compia una scansione ricorsiva (-H) , sul target (-u) con profondit\u00e0 (-d ) e salvi i link in un file esterno\u00a0 (-w) .<\/p>\n<p>&nbsp;<\/p>\n<p>Il processo \u00e8 abbastanza breve e alla fine otterremo un file in cui andremo a cercare le vulnerabilit\u00e0 ( -m -l)<\/p>\n<div id=\"attachment_921\" style=\"width: 310px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/2.png\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-921\" class=\"wp-image-921 size-medium\" src=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/2-300x169.png\" alt=\"link\" width=\"300\" height=\"169\" srcset=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/2-300x169.png 300w, https:\/\/under12oot.noblogs.org\/files\/2015\/06\/2-1024x578.png 1024w, https:\/\/under12oot.noblogs.org\/files\/2015\/06\/2.png 1360w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><p id=\"caption-attachment-921\" class=\"wp-caption-text\">link<\/p><\/div>\n<p>&nbsp;<\/p>\n<p>Come potevamo immaginare i bug sono molti, anche se non mi aspettavo 384 risultati!!<\/p>\n<p>&nbsp;<\/p>\n<div id=\"attachment_922\" style=\"width: 310px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/3.png\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-922\" class=\"wp-image-922 size-medium\" src=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/3-300x169.png\" alt=\"Selezione\" width=\"300\" height=\"169\" srcset=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/3-300x169.png 300w, https:\/\/under12oot.noblogs.org\/files\/2015\/06\/3-1024x578.png 1024w, https:\/\/under12oot.noblogs.org\/files\/2015\/06\/3.png 1360w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><p id=\"caption-attachment-922\" class=\"wp-caption-text\">output<\/p><\/div>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<div id=\"attachment_923\" style=\"width: 310px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/4.png\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-923\" class=\"wp-image-923 size-medium\" src=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/4-300x169.png\" alt=\"Selezione\" width=\"300\" height=\"169\" srcset=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/4-300x169.png 300w, https:\/\/under12oot.noblogs.org\/files\/2015\/06\/4-1024x578.png 1024w, https:\/\/under12oot.noblogs.org\/files\/2015\/06\/4.png 1360w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><p id=\"caption-attachment-923\" class=\"wp-caption-text\">Selezione<\/p><\/div>\n<p>&nbsp;<\/p>\n<p>Ora con la flag -x richiamiamo tutte le scansioni eseguita da fimap, selezioniamo il nostro target, dove vogliamo eseguire l&#8217;attacco e il tipo di shell che vogliamo che ci venga reversata&#8230;<\/p>\n<p>&nbsp;<\/p>\n<p>Apriamo un altro terminale con una sessione di netcat e voil\u00e0!!<\/p>\n<div id=\"attachment_924\" style=\"width: 310px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/5.png\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-924\" class=\"wp-image-924 size-medium\" src=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/5-300x169.png\" alt=\"Spawn shell\" width=\"300\" height=\"169\" srcset=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/5-300x169.png 300w, https:\/\/under12oot.noblogs.org\/files\/2015\/06\/5-1024x578.png 1024w, https:\/\/under12oot.noblogs.org\/files\/2015\/06\/5.png 1360w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><p id=\"caption-attachment-924\" class=\"wp-caption-text\">Spawn shell<\/p><\/div>\n<p>&nbsp;<\/p>\n<p>echo &#8220;Pwned!&#8221;<\/p>\n<div id=\"attachment_925\" style=\"width: 310px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/6.png\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-925\" class=\"wp-image-925 size-medium\" src=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/6-300x169.png\" alt=\"\u00e8 nostra!\" width=\"300\" height=\"169\" srcset=\"https:\/\/under12oot.noblogs.org\/files\/2015\/06\/6-300x169.png 300w, https:\/\/under12oot.noblogs.org\/files\/2015\/06\/6-1024x578.png 1024w, https:\/\/under12oot.noblogs.org\/files\/2015\/06\/6.png 1360w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><p id=\"caption-attachment-925\" class=\"wp-caption-text\">\u00e8 nostra!<\/p><\/div>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>Anche sto giro \u00e8 finito, se ne trovate altre fate sap\u00e8!!!<\/p>\n<p>Daje!!<\/p>\n<p>&nbsp;<\/p>\n<p><em>noyse<\/em><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Con il corso cyber-fu ci stiamo dilettando nell&#8217;exploitation della sempreverde metasploitable 2 versione Linux. Oggi facendo passare il menu mi son ricordato del buon vecchio fimap, un tool veramente ben fatto, completo e che non tradisce mai&#8230; Peccato che le RFI\/LFI stiano via via diventando sempre meno trovabili, ma con metasploitable abbiamo la possiblit\u00e0 di [&hellip;]<\/p>\n","protected":false},"author":5820,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[172,174,173],"class_list":["post-919","post","type-post","status-publish","format-standard","hentry","category-howto","tag-fimap","tag-metasploitable2","tag-rfilfi"],"_links":{"self":[{"href":"https:\/\/under12oot.noblogs.org\/index.php?rest_route=\/wp\/v2\/posts\/919","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/under12oot.noblogs.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/under12oot.noblogs.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/under12oot.noblogs.org\/index.php?rest_route=\/wp\/v2\/users\/5820"}],"replies":[{"embeddable":true,"href":"https:\/\/under12oot.noblogs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=919"}],"version-history":[{"count":9,"href":"https:\/\/under12oot.noblogs.org\/index.php?rest_route=\/wp\/v2\/posts\/919\/revisions"}],"predecessor-version":[{"id":935,"href":"https:\/\/under12oot.noblogs.org\/index.php?rest_route=\/wp\/v2\/posts\/919\/revisions\/935"}],"wp:attachment":[{"href":"https:\/\/under12oot.noblogs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=919"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/under12oot.noblogs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=919"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/under12oot.noblogs.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=919"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}