Metasploit自定义FTP扫描模块——超详细

最新推荐文章于 2023-06-08 11:29:15 发布

我重来不说话

最新推荐文章于 2023-06-08 11:29:15 发布

阅读量998

点赞数 1

分类专栏：精通Metasploit学习笔记文章标签： metasploit kali linux ftp 渗透测试

本文链接：https://blog.csdn.net/qq_19623861/article/details/116503743

版权

精通Metasploit学习笔记专栏收录该内容

41 篇文章 30 订阅

订阅专栏

文章目录

前言
一、metasploit框架的体系结构
二、了解现有模块
三、自定义FTP扫描程序模块
总结

前言

开发metasploit自定义模块，了解现有模块机制

一、metasploit框架的体系结构

metasploit基础库文件

基础库文件名称	用途
Ruby扩展（REX）	处理几乎所有的核心功能
MSF核心	提供基本的API和框架的实际核心
MSF基础	对模块提供API

模块类型

模块类型	功能
攻击载荷模块	在成功渗透目标后建立从主机发起到目标、从目标发起到主机的连接或执行特定的任务
辅助模块	执行信息收集、数据库特征识别、目标网络扫描、对服务的查找和列举
编码器模块	用来对攻击向量和攻击载荷进行加密、借此躲避防火墙等避毒软件的检测
NOP	实现指令的对齐，提高渗透的稳定性
渗透模块	触发一个系统漏洞的实际代码

相关目录（metasploit-framework目录下）

目录	用途
lib	核心和灵魂，包含所有重要库文件
modules	包含所有模块
tools	包含了用于辅助渗透测试的命令行程序
plugins	包含了所有用于扩展metasploit功能的插件
scripts	包含了metasploit和其他各种脚本

二、了解现有模块

分析简单的http扫描模块

──(root💀kali)-[/usr/…/modules/auxiliary/scanner/http]
└─# cat http_version.rb 
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary	#定义类的用途

  # Exploit mixins should be called first	#调用类
  include Msf::Exploit::Remote::HttpClient	#/lib/msf/core/exploit/remote/httpclient.rb
  include Msf::Auxiliary::WmapScanServer	#/lib/msf/core/auxiliary/wmapsanserver.rb
  # Scanner mixin should be near last
  include Msf::Auxiliary::Scanner	#/lib/msf/core/auxiliary/scanner.rb

  def initialize	#初始化该模块的基本参数
    super(
      'Name'        => 'HTTP Version Detection',
      'Description' => 'Display version information about each system.',
      'Author'      => 'hdm',
      'License'     => MSF_LICENSE
    )

    register_wmap_options({
        'OrderID' => 0,
        'Require' => {},
      })
  end

  # Fingerprint a single host
  def run_host(ip)	#扫描功能的具体实现
    begin
      connect	#建立连接
      res = send_request_raw({ 'uri' => '/', 'method' => 'GET' })	#像目标发送原始的http请求
      fp = http_fingerprint(:response => res)	#将http响应解析位可以使用的变量并赋值
      print_good("#{ip}:#{rport} #{fp}") if fp
      report_service(:host => rhost, :port => rport, :sname => (ssl ? 'https' : 'http'), :info => fp)	
    rescue ::Timeout::Error, ::Errno::EPIPE	#模块超时后，处理异常
    ensure
      disconnect
    end
  end
end

三、自定义FTP扫描程序模块

1.编写代码

──(root💀kali)-[/usr/share/metasploit-framework]
└─# cat modules/auxiliary/scanner/ftp/ftp_version_by_xz21.rb
##
# Author xz21
# Date 2021-05-08
# Description 自定义FTP发现模块，用于主动发现目标机所在C段网络的FTP服务器，并主动进行自动化渗透
##
require 'msf/core'
#以下需要大小写分明
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Ftp
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Report
# 初始化信息
def initialize
super(
  'Name'        => 'ftp version scanner',
  'Description' => 'detect ftp version from the target',
  'Author'      => 'xz21',
  'License'     => MSF_LICENSE
  )
  register_options(
    [
      Opt::RPORT(21),
    ])
end
#程序入口
def run_host(target_host)	#对每台主机扫描
  connect(ture,false)	#连接
  if(banner)
  print_status("#{rhost} is running #{banner}")
  report_service(:host=>rhost, :port=>rport, :name=>"ftp",:info=>banner)	#将服务和相关细节添加到数据库中
  end
disconnect
end

使用msftify检查语法错误

┌──(root💀kali)-[/usr/share/metasploit-framework]
└─# tools/dev/msftidy.rb modules/auxiliary/scanner/ftp/ftp_version_by_xz21.rb                                   
modules/auxiliary/scanner/ftp/ftp_version_by_xz21.rb - [WARNING] Explicitly requiring/loading msf/core is not necessary
modules/auxiliary/scanner/ftp/ftp_version_by_xz21.rb - [INFO] No CVE references found. Please check before you land!
modules/auxiliary/scanner/ftp/ftp_version_by_xz21.rb - [WARNING] Explicitly using self.class in register_* is not necessary
modules/auxiliary/scanner/ftp/ftp_version_by_xz21.rb - [WARNING] Please use 'MetasploitModule' as the class name (you used Metasploit3)

如果出现以下场景，有对应的解决办法

──(root💀kali)-[/usr/share/metasploit-framework]
└─# tools/dev/msftidy.rb modules/auxiliary/scanner/ftp/ftp_version_by_xz21.rb
Traceback (most recent call last):
        2: from tools/dev/msftidy.rb:14:in `<main>'
        1: from /usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:in `require'
/usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:in `require': cannot load such file -- rubocop (LoadError)

解决办法，注意看最后一个报错，说的是无法加载rubocop，同理

┌──(root💀kali)-[/usr/share/metasploit-framework]
└─# gem install rubocop                                                                                                                            1 ⨯
Fetching rubocop-1.14.0.gem
Fetching ast-2.4.2.gem
Fetching regexp_parser-2.1.1.gem
.....
Done installing documentation for unicode-display_width, ast, parser, rubocop-ast, regexp_parser, rainbow, parallel, rubocop after 39 seconds
8 gems installed

出现这个即安装成功

2.运行自定义模块

编好模块进入msf中无法加载，所出现的问题：
（1）没有重新加载模块
（2）语法格式有错误

（1）没有重新加载模块

msf6 > reload_all
[*] Reloading modules from all module paths...
[-] WARNING! The following modules could not be loaded!
[-]     /usr/share/metasploit-framework/modules/auxiliary/scanner/ftp/ftp_version_by_xz21.rb
[-]     /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/exchange_enum.go
[-]     /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/onprem_enum.go
[-]     /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/host_id.go
[-] Please see /root/.msf4/logs/framework.log for details.

如果运行完命令后，还是没有加载，则是第二种

（2）语法格式有错误

根据第一步的结果的最后一句判断错误来源

[-] Please see /root/.msf4/logs/framework.log for details.

打开另一个命令行

┌──(root💀kali)-[/usr/…/modules/auxiliary/scanner/ftp]
└─# cat /root/.msf4/logs/framework.log

[05/08/2021 20:37:45] [e(0)] core: /usr/share/metasploit-framework/modules/auxiliary/scanner/ftp/ftp_version_by_xz21.rb failed to load - SyntaxError /usr/share/metasploit-framework/modules/auxiliary/scanner/ftp/ftp_version_by_xz21.rb:25: syntax error, unexpected end-of-input, expecting `end'
[05/08/2021 20:37:52] [e(0)] core: /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/onprem_enum.go failed to load - LoadError Failed to execute external Go module. Please ensure you have Go installed on your environment.
[05/08/2021 20:37:52] [e(0)] core: /usr/share/metasploit-framework/modules/auxiliary/scanner/msmail/host_id.go failed to load - LoadError Failed to execute external Go module. Please ensure you have Go installed on your environment.
Failed to execute external Go module. Please ensure you have Go installed on your environment.

从日志中可以找到发生错误的结果

[05/08/2021 20:37:45] [e(0)] core: /usr/share/metasploit-framework/modules/auxiliary/scanner/ftp/ftp_version_by_xz21.rb failed to load - SyntaxError /usr/share/metasploit-framework/modules/auxiliary/scanner/ftp/ftp_version_by_xz21.rb:25: syntax error, unexpected end-of-input, expecting `end'

意思是语法错误，第25行应该位end，是有vim对模块文件编辑后，可以正常加载

附上vim基本命令，i进入插入模式，esc退出当前模式，：w保存，：q退出

vim键盘图
加载成功后就可以在msf中看到刚才编写的模块

msf6 > search auxiliary/scanner/ftp

Matching Modules
================

   #  Name                                           Disclosure Date  Rank    Check  Description
   -  ----                                           ---------------  ----    -----  -----------
   0  auxiliary/scanner/ftp/anonymous                                 normal  No     Anonymous FTP Access Detection
   1  auxiliary/scanner/ftp/bison_ftp_traversal      2015-09-28       normal  Yes    BisonWare BisonFTP Server 3.5 Directory Traversal Information Disclosure
   2  auxiliary/scanner/ftp/colorado_ftp_traversal   2016-08-11       normal  Yes    ColoradoFTP Server 1.3 Build 8 Directory Traversal Information Disclosure
   3  auxiliary/scanner/ftp/easy_file_sharing_ftp    2017-03-07       normal  Yes    Easy File Sharing FTP Server 3.6 Directory Traversal
   4  auxiliary/scanner/ftp/ftp_login                                 normal  No     FTP Authentication Scanner
   5  auxiliary/scanner/ftp/ftp_version                               normal  No     FTP Version Scanner
   6  auxiliary/scanner/ftp/konica_ftp_traversal     2015-09-22       normal  Yes    Konica Minolta FTP Utility 1.00 Directory Traversal Information Disclosure
   7  auxiliary/scanner/ftp/pcman_ftp_traversal      2015-09-28       normal  Yes    PCMan FTP Server 2.0.7 Directory Traversal Information Disclosure
   8  auxiliary/scanner/ftp/titanftp_xcrc_traversal  2010-06-15       normal  No     Titan FTP XCRC Directory Traversal Information Disclosure
   9  auxiliary/scanner/ftp/ftp_version_by_xz21                       normal  No     ftp version scanner

Interact with a module by name or index. For example info 9, use 9 or use auxiliary/scanner/ftp/ftp_version_by_xz21

msf6 >

设置好参数进行扫描

msf6 auxiliary(scanner/ftp/ftp_version_by_xz21) > set rhosts 192.168.1.106
rhosts => 192.168.1.106
msf6 auxiliary(scanner/ftp/ftp_version_by_xz21) > run

[-] 192.168.1.106:21      - Auxiliary failed: NameError undefined local variable or method `ture' for #<Msf::Modules::Auxiliary__Scanner__Ftp__Ftp_version_by_xz21::MetasploitModule:0x00005637e350a610>
Did you mean?  true
[-] 192.168.1.106:21      - Call stack:
[-] 192.168.1.106:21      -   /usr/share/metasploit-framework/modules/auxiliary/scanner/ftp/ftp_version_by_xz21.rb:19:in `run_host'
[-] 192.168.1.106:21      -   /usr/share/metasploit-framework/lib/msf/core/auxiliary/scanner.rb:121:in `block (2 levels) in run'
[-] 192.168.1.106:21      -   /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[*] Auxiliary module execution completed

到这里本人试过很多次，应该是版本的原因，无法进行扫描

总结

本文简单介绍了自定义FTP扫描模块以及了解现有模块，本人也在学习当中，仅供参考，作为学习笔记使用，欢迎一起讨论。

我重来不说话

关注

1
点赞
踩
5

收藏

觉得还不错? 一键收藏
打赏
0
评论
Metasploit自定义FTP扫描模块——超详细

文章目录前言一、metasploit框架的体系结构二、了解现有模块三、自定义FTP扫描程序模块1.编写代码2.运行自定义模块（1）没有重新加载模块（2）语法格式有错误总结前言开发metasploit自定义模块，了解现有模块机制一、metasploit框架的体系结构metasploit基础库文件基础库文件名称用途Ruby扩展（REX）处理几乎所有的核心功能MSF核心提供基本的API和框架的实际核心MSF基础对模块提供API模块类型模块类型功
复制链接

扫一扫