A los pentesters/investigadores de seguridad les toma mucho tiempo descubrir vulnerabilidades en sitios web, no obstante, actualmente hay muchas herramientas y técnicas para descubrir errores en cualquier URL, útiles para muchas fases de pentesting, afirman expertos en hacking ético.
El pentesting siempre comienza con la fase de recopilación de información, y acorde a los especialistas en hacking ético del Instituto Internacional de Seguridad Cibernética (IICS), esta fase se ha convertido en un proceso automatizado, que requiere de herramientas para buscar puertos y servicios abiertos. A continuación le mostraremos un robot de automatización empleado para encontrar vulnerabilidades en diferentes sistemas de gestión de contenido (CMS).
Con Vulnx es posible encontrar vulnerabilidades en múltiples CMS para la exploración de dominios, puertos, direcciones IP, país, región, entre otros datos. Acorde a especialistas, esta herramienta está diseñada para automatizar cualquier prueba de penetración.
Para las pruebas hemos usado Kali Linux 2018.2. Asegúrese de que python3 esté instalado.
- Escriba sudo apt-get update
- Escriba sudo apt-get install python3
- Escriba git clone https://ift.tt/2Lk0sID
root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/anouarbensaad/vulnx.git Cloning into 'vulnx'… remote: Enumerating objects: 35, done. remote: Counting objects: 100% (35/35), done. remote: Compressing objects: 100% (28/28), done. remote: Total 1034 (delta 13), reused 17 (delta 7), pack-reused 999 Receiving objects: 100% (1034/1034), 505.30 KiB | 410.00 KiB/s, done. Resolving deltas: 100% (609/609), done.
- Escriba cd vulnx /
- Escriba ls
root@kali:/home/iicybersecurity/Downloads# cd vulnx/ root@kali:/home/iicybersecurity/Downloads/vulnx# ls CHANGELOG.md common docker LICENSE README.md shell vulnx.py cli.py config install.sh modules requirements.txt update.sh
- Escriba ./install.sh
root@kali:/home/iicybersecurity/Downloads/vulnx# ./install.sh ===== VULNX INSTALL ===== [+] Vulnx Will Be Installed In Your System [+] Installing python3... Reading package lists... Done Building dependency tree Reading state information... Done python3 is already the newest version (3.7.3-1). 0 upgraded, 0 newly installed, 0 to remove and 664 not upgraded. Requirement already satisfied: requests in /usr/lib/python2.7/dist-packages (from -r ./requirements.txt (line 1)) (2.21.0) Collecting bs4 (from -r ./requirements.txt (line 2)) Downloading https://files.pythonhosted.org/packages/10/ed/7e8b97591f6f456174139ec089c769f89a94a1a4025fe967691de971f314/bs4-0.0.1.tar.gz Requirement already satisfied: beautifulsoup4 in /usr/lib/python2.7/dist-packages (from bs4->-r ./requirements.txt (line 2)) (4.8.0) Building wheels for collected packages: bs4 Running setup.py bdist_wheel for bs4 ... done Stored in directory: /root/.cache/pip/wheels/a0/b0/b2/4f80b9456b87abedbc0bf2d52235414c3467d8889be38dd472 Successfully built bs4 Installing collected packages: bs4 Successfully installed bs4-0.0.1 [+] Checking directories... [+] Installing ... [+] Creating Symbolic Link ... [+] Tool Successfully Installed And Will Start In 5s! [+] You can execute tool by typing vulnx .:. .:, xM; XK. dx' .lO. do ,0. .c.lN' , '. .k0.:' xMMk;d;''cOM0kWXl,',locMMX. .NMK. :WMMMMMMMx dMMc lMMO lWMMMMMMMMMO. lMMO cWMxxMMMMMMMMMMMMKlWMk .xWMMMMMMMMMMMMMMM0, .,OMd,,,;0MMMO,. .l0O.VXVXOX.VXVX0MOVXVX.0Kd, lWMMO0VXVX0OX.VXVXlVXVX.VXNMMO .MMX;.N0VXVX00X.VXVXVX0.0M:.OMMl .OXc ,MMOVXVX0VX .VXVX00MMo ,0X' 0x. :XMMMkVXVX.XO.VXVXdMMMWo. :X' .d 'NMMMMMMkVXVX..VXVX0.XMMMMWl ;c 'NNoMMMMMMxVXVXVXVXVX0.XMMk0Mc .NMx OMMMMMMdVXVXVXlVXVX.NW.;MMc :NMMd .NMMMMMMdVXVXdMd,,,,oc ;MMWx .0MN, 'XMMMMMMoVXoMMMMMMWl 0MW, .0. .xWMMMMM:lMMMMMM0, kc ,O. .:dOKXXXNKOxc. do '0c -VulnX- ,Ol ;. :. # Coded By Anouar Ben Saad - @anouarbensaad
- Escriba chmod 755 require.txt vulnx.py
root@kali:/home/iicybersecurity/Downloads/vulnx# chmod 755 requiremnets.txt vulnx.py
- Escriba python3 vulnx.py –help
root@kali:/home/iicybersecurity/Downloads/vulnx# python3 vulnx.py --help .:. .:, xM; XK. dx' .lO. do ,0. .c.lN' , '. .k0.:' xMMk;d;''cOM0kWXl,',locMMX. .NMK. :WMMMMMMMx dMMc lMMO lWMMMMMMMMMO. lMMO cWMxxMMMMMMMMMMMMKlWMk .xWMMMMMMMMMMMMMMM0, .,OMd,,,;0MMMO,. .l0O.VXVXOX.VXVX0MOVXVX.0Kd, lWMMO0VXVX0OX.VXVXlVXVX.VXNMMO .MMX;.N0VXVX00X.VXVXVX0.0M:.OMMl .OXc ,MMOVXVX0VX .VXVX00MMo ,0X' 0x. :XMMMkVXVX.XO.VXVXdMMMWo. :X' .d 'NMMMMMMkVXVX..VXVX0.XMMMMWl ;c 'NNoMMMMMMxVXVXVXVXVX0.XMMk0Mc .NMx OMMMMMMdVXVXVXlVXVX.NW.;MMc :NMMd .NMMMMMMdVXVXdMd,,,,oc ;MMWx .0MN, 'XMMMMMMoVXoMMMMMMWl 0MW, .0. .xWMMMMM:lMMMMMM0, kc ,O. .:dOKXXXNKOxc. do '0c -VulnX- ,Ol ;. :. # Coded By Anouar Ben Saad - @anouarbensaad usage: vulnx.py [-h] [-u URL] [-D DORKS] [-o OUTPUT] [-t TIMEOUT] [-c {user,themes,version,plugins,all}] [--threads NUMTHREAD] [-n NUMBERPAGE] [-i INPUT_FILE] [-l {wordpress,prestashop,joomla,lokomedia,drupal,all}] [-p SCANPORTS] [-e] [--it] [-w] [-d] [--dns] OPTIONS: -h, --help show this help message and exit -u URL, --url URL url target to scan -D DORKS, --dorks DORKS search webs with dorks -o OUTPUT, --output OUTPUT specify output directory -t TIMEOUT, --timeout TIMEOUT http requests timeout -c {user,themes,version,plugins,all}, --cms-info {user,themes,version,plugins,all} search cms info[themes,plugins,user,version..] --threads NUMTHREAD number of threads -n NUMBERPAGE, --number-pages NUMBERPAGE search dorks number page limit -i INPUT_FILE, --input INPUT_FILE specify input file of domains to scan -l {wordpress,prestashop,joomla,lokomedia,drupal,all}, --dork-list {wordpress,prestashop,joomla,lokomedia,drupal,all} list names of dorks exploits -p SCANPORTS, --ports SCANPORTS ports to scan -e, --exploit searching vulnerability & run exploits --it interactive mode. -w, --web-info web informations gathering -d, --domain-info subdomains informations gathering --dns dns informations gatherings
- Escriba python3 vulnx.py -u http://hack.me –dns -d -w -e –output ./hack.me
- –dns se usa para recopilar información dns
- -d se usa para recopilar información del dominio
- -w se usa para recopilar información del dominio web
- -e se usa para buscar vulnerabilidades y exploits
root@kali:/home/iicybersecurity/Downloads/vulnx# python3 vulnx.py -u http://hack.me --dns -d -w -e --output ./hack.me .:. .:, xM; XK. dx' .lO. do ,0. .c.lN' , '. .k0.:' xMMk;d;''cOM0kWXl,',locMMX. .NMK. :WMMMMMMMx dMMc lMMO lWMMMMMMMMMO. lMMO cWMxxMMMMMMMMMMMMKlWMk .xWMMMMMMMMMMMMMMM0, .,OMd,,,;0MMMO,. .l0O.VXVXOX.VXVX0MOVXVX.0Kd, lWMMO0VXVX0OX.VXVXlVXVX.VXNMMO .MMX;.N0VXVX00X.VXVXVX0.0M:.OMMl .OXc ,MMOVXVX0VX .VXVX00MMo ,0X' 0x. :XMMMkVXVX.XO.VXVXdMMMWo. :X' .d 'NMMMMMMkVXVX..VXVX0.XMMMMWl ;c 'NNoMMMMMMxVXVXVXVXVX0.XMMk0Mc .NMx OMMMMMMdVXVXVXlVXVX.NW.;MMc :NMMd .NMMMMMMdVXVXdMd,,,,oc ;MMWx .0MN, 'XMMMMMMoVXoMMMMMMWl 0MW, .0. .xWMMMMM:lMMMMMM0, kc ,O. .:dOKXXXNKOxc. do '0c -VulnX- ,Ol ;. :. # Coded By Anouar Ben Saad - @anouarbensaad [Target] => http://hack.me ------------------------------------------------ [?] looking for cms [+] CMS : Lokomedia ------------------------------------------------ ------------------------------------------------ [~] Scanning Ports PORTS STATUS PROTO [?] 22 CLOSE SSH ----------------------------------------------- [~] Starting DNS dump [!] Retrieved token: 7lMSlFeGREkQtU4PxAkC9E7JuA0wsfXnLpLxG3izLIboqqtCEBFGs2YDRCIMsJLh [?] Search for DNS Servers [+] Host : ns-113.awsdns-14.com. [+] IP : 205.251.192.113 [+] AS : AMAZON-02 ---------------- [+] Host : ns-1428.awsdns-50.org. [+] IP : 205.251.197.148 [+] AS : AMAZON-02 ---------------- [+] Host : ns-1869.awsdns-41.co.uk. [+] IP : 205.251.199.77 [+] AS : AMAZON-02 ---------------- [+] Host : ns-881.awsdns-46.net. [+] IP : 205.251.195.113 [+] AS : AMAZON-02 ---------------- [?] Search for MX Records [+] Host : 1 aspmx.l.google.com. [+] IP : 172.217.197.27 [+] AS : GOOGLE ---------------- [+] Host : 10 alt3.aspmx.l.google.com. [+] IP : 64.233.184.27 [+] AS : GOOGLE ---------------- [+] Host : 10 alt4.aspmx.l.google.com. [+] IP : 172.217.218.26 [+] AS : GOOGLE ---------------- [+] Host : 5 alt1.aspmx.l.google.com. [+] IP : 64.233.186.26 [+] AS : GOOGLE ---------------- [+] Host : 5 alt2.aspmx.l.google.com. [+] IP : 209.85.202.26 [+] AS : GOOGLE ---------------- ----------------------------------------------- [~] Check Vulnerability
- Arriba se muestra el CMS de la URL objetivo. Luego se muestra el escaneo que Vulnx hizo en busca de puertos abiertos, así como los tokens asociados con el DNS
- Posteriormente, la herramienta recuperó los servidores DNS con sus respectivas direcciones IP y hosts. Dicha información básica también se puede recuperar con Nslookup
- La diferencia es que Vulnx hace una automatización para encontrar todos los servidores DNS
- Puede escanear sitios web de diferentes CMS de manera similar, afirman los expertos en
The post Cómo encontrar vulnerabilidades en sitios web CMS appeared first on Noticias de seguridad informática.
Ver Fuente
No hay comentarios.:
Publicar un comentario