Bunun i\u00e7in yapman\u0131z gereken \u015fey 80 portu a\u00e7\u0131k olan IP\u2019leri belirlemektir. A\u015fa\u011f\u0131daki nmap komutu ile bu i\u015flemi h\u0131zl\u0131 bir \u015fekilde ger\u00e7ekle\u015ftirebilirsiniz.<\/span><\/div>\n\u00a0<\/b><\/p>\n\n
\n\n <\/colgroup>\n\n\n\nnmap -p80 –open 192.168.0.0\/24<\/span><\/div>\nStarting Nmap 6.46 ( http:\/\/nmap.org ) at 2015-05-11 21:27 EEST<\/span><\/div>\nNmap scan report for 192.168.0.1<\/span><\/div>\nHost is up (0.094s latency).<\/span><\/div>\nPORT \u00a0\u00a0STATE SERVICE<\/span><\/div>\n80\/tcp open \u00a0http<\/span><\/div>\nNmap scan report for <\/span>192.168.0.22<\/span><\/div>\nHost is up (0.00072s latency).<\/span><\/div>\nPORT \u00a0\u00a0STATE SERVICE<\/span><\/div>\n80\/tcp open \u00a0http<\/span><\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n\u00a0<\/b><\/p>\nBurada 192.168.0.22 IP adresinin 80 portunun a\u00e7\u0131k oldu\u011fu g\u00f6r\u00fclmektedir. Bu IP adresine browser \u00fczerinden eri\u015ferek login paneline \u00f6n tan\u0131ml\u0131 ya da basit parola denemeleri yap\u0131labilir. Bunu manuel olarak yapmak biraz zahmetli olaca\u011f\u0131ndan nmap\u2019in http-default-accounts scriptini kullanmak size h\u0131z ve zaman kazand\u0131racakt\u0131r. Bu script, ilgili portta hizmet veren login paneline kaba kuvvet sald\u0131r\u0131s\u0131 yapacakt\u0131r ve giri\u015f bilgilerini bulabilirse size bunu s\u00f6yleyecektir. A\u015fa\u011f\u0131daki \u00f6rnek kullan\u0131mda bu durum g\u00f6sterilmi\u015ftir.<\/span><\/div>\n\u00a0<\/b><\/p>\n\n \n\n <\/colgroup>\n\n\n\nnmap –script http-default-accounts -p80 192.168.0.22<\/span><\/div>\nStarting Nmap 6.46 ( http:\/\/nmap.org ) at 2015-05-11 21:33 EEST<\/span><\/div>\nNmap scan report for 192.168.0.22<\/span><\/div>\nHost is up (0.00037s latency).<\/span><\/div>\nPORT \u00a0\u00a0STATE SERVICE<\/span><\/div>\n80\/tcp open \u00a0http<\/span><\/div>\n|_http-default-accounts: [Apache Tomcat] credentials found -> admin:admin Path:\/manager\/html\/<\/span><\/div>\nNmap done: 1 IP address (1 host up) scanned in 14.54 seconds<\/span><\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n\u00a0<\/b><\/p>\nBuradan anla\u015f\u0131laca\u011f\u0131 \u00fczere hedef sistemde Tomcat uygulamas\u0131 \u00e7al\u0131\u015fmaktad\u0131r ve yap\u0131land\u0131rma hatas\u0131ndan kaynakl\u0131 olarak \u00a0\u00f6n tan\u0131ml\u0131 giri\u015f bilgileri ile b\u0131rakl\u0131lm\u0131\u015ft\u0131r. Bu ad\u0131mdan sonra elde edilen bilgiler ile Tomcat y\u00f6netim arabirimine girerek sisteme casus yaz\u0131l\u0131m at\u0131labilir ve i\u015fletim sistemi baz\u0131nda komut \u00e7al\u0131\u015ft\u0131r\u0131labilir.<\/span><\/div>\n\u00a0<\/b><\/p>\n\u00d6rnek olarak, web arabiriminden uygulamaya casus yaz\u0131l\u0131m y\u00fcklendikten sonra test ad\u0131nda bir kullan\u0131c\u0131 a\u015fa\u011f\u0131daki gibi eklenmi\u015ftir.<\/span><\/div>\n<\/span><\/div>\n\u00a0<\/b><\/p>\nDaha sonras\u0131nda bu kullan\u0131c\u0131ya lokal admin haklar\u0131 verilerek Administrators grubuna dahil edilebilir. <\/span><\/div>\n\u00a0<\/b><\/p>\n<\/span><\/div>\nSon olarak, art\u0131k makineye uzak masa\u00fcst\u00fc ba\u011flant\u0131s\u0131 yapabilir ve meterpreter oturumu elde etmek i\u00e7in istenilen herhangi bir zararl\u0131 yaz\u0131l\u0131m \u00e7al\u0131\u015ft\u0131r\u0131labilir.<\/span><\/div>\n <\/p>\n","protected":false},"excerpt":{"rendered":" [ad_1] \u0130nternet \u00fczerinden ya da yerel a\u011fdan yap\u0131lan s\u0131zma testlerinde, i\u015fletim sistemi ya da \u00fc\u00e7\u00fcnc\u00fc parti yaz\u0131l\u0131mlar\u0131n g\u00fcncelleme eksikleri, web…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","footnotes":""},"categories":[6,1,9,10,7,4],"tags":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6BM7I-7o","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/458"}],"collection":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/comments?post=458"}],"version-history":[{"count":0,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/458\/revisions"}],"wp:attachment":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media?parent=458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/categories?post=458"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/tags?post=458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} | |