{"id":382,"date":"2015-07-20T02:00:17","date_gmt":"2015-07-19T23:00:17","guid":{"rendered":"https:\/\/furkansandal.com\/sitesunucu\/?p=382"},"modified":"2015-07-20T02:00:17","modified_gmt":"2015-07-19T23:00:17","slug":"sizma-testlerinde-armitage-nasil-kullanilir","status":"publish","type":"post","link":"https:\/\/furkansandal.com\/sizma-testlerinde-armitage-nasil-kullanilir\/","title":{"rendered":"S\u0131zma Testlerinde Armitage Nas\u0131l Kullan\u0131l\u0131r ?"},"content":{"rendered":"
\n
\n

S\u0131zma Testlerinde Armitage Nas\u0131l Kullan\u0131l\u0131r ?<\/h2>\n

Armitage, metasploit tabanl\u0131 olmas\u0131na kar\u015f\u0131n ip \u00fczerinden exploitleri test eder. Sizlere detayl\u0131 bi\u00e7imde a\u00e7\u0131klamas\u0131n\u0131 yapay\u0131m, Armitage, arka planda metasploit framework ve nmap ara\u00e7lar\u0131n\u0131 kullanan, metasploitin aray\u00fcz\u00fc diyebilece\u011fimiz bir ara\u00e7t\u0131r. H\u0131zl\u0131 tarama ve rastgele exploit deneyebilir. Deneyimli pentesterlar metasploit framework\u00fc armitage yerine konsoldan kullan\u0131rlar. Bunun ba\u015fl\u0131ca sebebi, \u00e7ok sistem belle\u011fi kullanmas\u0131, kilitlenebilmesi ve baz\u0131 i\u015flemleri otomatik yapt\u0131\u011f\u0131 i\u00e7in kontrol\u00fcn zor olmas\u0131 olarak \u00f6zetlenebilir.<\/b><\/span><\/p>\n

\u00d6ncelikler terminal’e girip, \u015fu komutlar\u0131 vermemiz gerekiyor.<\/p>\n

service postgresql start\r\n\r\nservice metasploit start\r\n\r\nservice metasploit stop <\/pre>\n
 Ard\u0131ndan,<\/p>\n
Kali Linux i\u015fletim sisteminde Armitage arac\u0131n\u0131 a\u00e7mak i\u00e7in Menu > Kali Linux > Exploitation Tools > Network Exploitation > armitage yoluyla arac\u0131m\u0131z\u0131 ba\u015flatal\u0131m.
\n<\/span><\/p>\n
\"\"<\/a><\/span>
\n Arac\u0131m\u0131z a\u00e7\u0131ld\u0131. S\u0131radaki ad\u0131mlar\u0131 uyguluyoruz. \u015eimdi ise Hosts > Add Hosts ba\u015fl\u0131\u011f\u0131 alt\u0131ndan tarama ve s\u0131zma i\u015flemi ger\u00e7ekle\u015ftirece\u011fimiz sistemlerin ip adreslerini yazal\u0131m. Toplu bi\u00e7imde alt alta ip de ekleyebilirsiniz.<\/b><\/span>
\n \"\"<\/a><\/span>
\n Yukar\u0131da g\u00f6r\u00fcld\u00fc\u011f\u00fc gibi tek ip adresi girilebilece\u011fi gibi birden \u00e7ok ip adresi de girilebilir. <\/b><\/span>
\n \"\"<\/a><\/span>
\n Ekledi\u011fimiz host \u015fuan g\u00f6r\u00fcnt\u00fc olarak durmaktad\u0131r. \u015eimdi yukar\u0131da ki gibi sa\u011f t\u0131klay\u0131p Scan diyelim ve i\u015fletim sistemi, \u00e7al\u0131\u015fan uygulamalar gibi genel bir tarama yapt\u0131ral\u0131m.<\/b><\/span><\/p>\n
\"\"<\/a><\/span>
\n G\u00f6r\u00fcld\u00fc\u011f\u00fc gibi metasploitin bir\u00e7ok auxiliary mod\u00fcl\u00fc kullan\u0131larak sistem hakk\u0131nda bilgi edinildi. \u00d6rne\u011fin sistem \u00fczerinde Linux i\u015fletim sistemi \u00e7al\u0131\u015f\u0131yor. \u00dczerinde ftp, http, mysql, postgres gibi uygulamalar\u0131n \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 g\u00f6rebiliriz.<\/b><\/span><\/p>\n
\u015eimdi Attacks Men\u00fcs\u00fc alt\u0131nda Find Attacks diyerek sald\u0131rabilece\u011fimiz ataklar\u0131 ara\u015ft\u0131ral\u0131m.<\/span>
\n \"\"<\/a><\/span><\/p>\n
\"\"<\/a><\/span>
\n \u015eekil 7\u2019de g\u00f6r\u00fcld\u00fc\u011f\u00fc gibi yine auxiliary mod\u00fcller kullan\u0131larak kullan\u0131larak denenebilecek ataklar aranmaktad\u0131r.<\/b><\/span><\/p>\n
\"\"<\/a><\/span>
\n Tarama sonucunda ise kullan\u0131labilecek ataklar listelenir. \u015eimdi bulunan a\u00e7\u0131klardan java_rmi_server ata\u011f\u0131n\u0131 ger\u00e7ekle\u015ftirelim. Bunun i\u00e7in \u015eekil 8\u2019de g\u00f6r\u00fcld\u00fc\u011f\u00fc gibi Attack > misc > java_rmi_server yolu takip edilir.<\/b><\/span><\/p>\n
\"\"<\/a><\/span>
\n LHOST ve LPORT\u2019daki L ler local yani kendimizi i\u015faret eder. RHOST ve RPORT\u2019daki R ler ise hedefi i\u015faret eder. Burada gerekli ayarlamalar yap\u0131l\u0131r. Burada g\u00f6r\u00fcld\u00fc\u011f\u00fc gibi reverse connection kullan\u0131lmak istenirse e\u011fer kullan\u0131c\u0131 bize 2040 portundan ba\u011flan\u0131r. Biz ise kullan\u0131c\u0131ya 1099 portundan ba\u011flanaca\u011f\u0131z.
\nAyarlamalar\u0131 yapt\u0131ktan sonra Launch diyerek Ata\u011f\u0131 ba\u015flat\u0131yoruz.<\/b><\/span><\/p>\n
\"\"<\/a><\/span>
\n Yukar\u0131da g\u00f6r\u00fcld\u00fc\u011f\u00fc gibi kullan\u0131lan exploit ba\u015far\u0131l\u0131 bir \u015fekilde hedef sistemde \u00e7al\u0131\u015ft\u0131 ve ata\u011f\u0131m\u0131z ger\u00e7ekle\u015fmi\u015f oldu. \u00c7al\u0131\u015f\u0131p \u00e7al\u0131\u015fmad\u0131\u011f\u0131 \u015fim\u015fek \u00e7akma olay\u0131ndan anla\u015f\u0131labilir. Bize meterpeter shelli a\u00e7\u0131ld\u0131. Burada istersek meterpeter komutlar\u0131n\u0131 kullanabiliriz.<\/b><\/span><\/p>\n
\"\"<\/a><\/span>
\n Ya da yukar\u0131da oldu\u011fu gibi yine sisteme sa\u011f t\u0131klayarak, dosyalar\u0131 g\u00f6r\u00fcnt\u00fcle komutu, ekran resmi al komutu, \u00e7al\u0131\u015fan i\u015flemleri g\u00f6ster komutu gibi bir \u00e7ok komutu ger\u00e7ekle\u015ftirebiliriz.
\n\u015eimdi ise sald\u0131r\u0131lacak exploiti kendimiz de\u011fil de armitage\u2019in rastgele exploit \u00e7al\u0131\u015fmas\u0131n\u0131 isteyelim.
\nBunun i\u00e7in Attacks -> Hail Mary yolu takip edilir. Bu kullan\u0131m ger\u00e7ek bir s\u0131zma denetim testinde tavsiye edilmez. Test sistemleri i\u00e7in uygundur.<\/b><\/span>
\n \"\"<\/a><\/span><\/p>\n
\"\"<\/a><\/span>
\n Yukarda g\u00f6r\u00fcld\u00fc\u011f\u00fc gibi uygun olan exploitler bir bir denenmeye ba\u015fland\u0131. Bu i\u015flem biraz uzun s\u00fcrebilir. \u00c7al\u0131\u015ft\u0131r\u0131lan exploitlerden dolay\u0131 kar\u015f\u0131 sistemin bozulmas\u0131 ve kilitlenmesi s\u00f6z konusu olabilir.<\/b><\/span><\/p>\n
\"\"<\/a><\/span>
\n\u00a0 Yukarda g\u00f6r\u00fcld\u00fc\u011f\u00fc gibi \u00e7al\u0131\u015ft\u0131r\u0131lan exploitlerin 6 tanesi sisteme eri\u015fim sa\u011flam\u0131\u015f ve login olmu\u015flard\u0131r. <\/b><\/span><\/p>\n
\"\"<\/a><\/span>
\n Sa\u011f t\u0131klay\u0131p istenilen exploit i\u00e7in \u00e7al\u0131\u015ft\u0131r\u0131lan Shell a\u00e7\u0131labilir. E\u011fer meterpreter shelli a\u00e7\u0131lm\u0131\u015fsa yine komut yazmadan baz\u0131 i\u015flemleri sa\u011f t\u0131klayarak men\u00fc i\u00e7erisinde gezerek halledebiliriz.<\/b><\/span><\/p>\n
\"\"<\/a><\/span>
\n \u00d6rne\u011fin meterpreter shellinde Browse File komutunu \u00e7al\u0131\u015ft\u0131rarak hedef sistemdeki dosyalar\u0131 g\u00f6rebiliyoruz. Meterpreter\u2019de clearev komutu sistemde b\u0131rak\u0131lan izleri temizlemek i\u00e7in kullan\u0131l\u0131r.
\n<\/b><\/span><\/p>\n
\"\"<\/a><\/span>
\n \u0130pconfig \u2013a ile sistemdeki network interface\u2019leri g\u00f6rebiliriz.<\/b><\/span><\/p>\n<\/div>\n<\/div>\n
\u00a0\u0130yi g\u00fcnler.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"
S\u0131zma Testlerinde Armitage Nas\u0131l Kullan\u0131l\u0131r ? Armitage, metasploit tabanl\u0131 olmas\u0131na kar\u015f\u0131n ip \u00fczerinden exploitleri test eder. Sizlere detayl\u0131 bi\u00e7imde a\u00e7\u0131klamas\u0131n\u0131…<\/p>\n","protected":false},"author":1,"featured_media":374,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","footnotes":""},"categories":[6,1,9,10,7,4],"tags":[],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/07\/kali.png?fit=300%2C200&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6BM7I-6a","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/382"}],"collection":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/comments?post=382"}],"version-history":[{"count":0,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/382\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media\/374"}],"wp:attachment":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media?parent=382"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/categories?post=382"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/tags?post=382"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}