CONCLUSIONES Y RECOMENDACIONES - Planeación de clase En esta fase trabajamos junto con el docen

Fase 3: Planeación de clase En esta fase trabajamos junto con el docente que orienta el área en la planeación de una de sus clases Como investigadores

4. CONCLUSIONES Y RECOMENDACIONES

Whether you are performing a pen-test as part of a team or are working on your own, you will want to be able to store your results for quick reference, share your data with your team, and assist with writing your final report. An excellent tool for performing all of the above is the dradis framework. Dradis is an open source framework for sharing information during security assessments and can be found here. The dradis framework is being actively developed with new features being added regularly.

Dradis is far more than just a mere note-taking application. Communicating over SSL, it can import Nmap and Nessus result files, attach files, generate reports, and can be extended to connect with external systems (e.g. vulnerability database). In back|track4 you can issue the following command: root@bt4: apt-get install dradis

Once the framework has installed we can now go to the directory and start the server.

root@bt4: cd /pentest/misc/dradis/server root@bt4: ruby ./script/server

=> Booting WEBrick...

=> Rails application started on https://localhost:3004 => Ctrl-C to shutdown server; call with --help for options [2009-08-29 13:40:50] INFO WEBrick 1.3.1

[2009-08-29 13:40:50] INFO ruby 1.8.7 (2008-08-11) [i486-linux] [2009-08-29 13:40:50] INFO

---<< Back|Track <<--- [2009-08-29 13:40:50] INFO WEBrick::HTTPServer#start: pid=8881 port=3004 At last, we are ready to open the dradis web interface. Navigate to https://localhost:3004 (or use the IP address), accept the certificate warning, enter a new server password when prompted, and login using the password set in the previous step. Note that there are no usernames to set so on login, you can use whichever login name you like. If all goes well, you will be presented with the main dradis workspace.

On the left-hand side you can create a tree structure. Use it to organise your information (eg: Hosts, Subnets, Services, etc). On the right-hand you can add the relevant information to each element (think notes or attachments).

Prior to starting the dradis console, you will need to edit the file "dradis.xml" to reflect the username and password you set when initially running the server. This file can be located under back|track4 under "/pentest/misc/dradis/client/conf".

You can now launch the dradis console by issuing the following command from the "/pentest/misc/dradis/client/" directory:

root@bt4:/pentest/misc/dradis/client# ruby ./dradis.rb event(s) registered: [:exception]

Registered observers:

---<< Back|Track <<--- dradis>

You can find more information on the Dradis Framework Project Site.

Port Scanning

Although we have already set up and configured dradis to store our notes and findings, it is still good practice to create a new database from within Metasploit as the data can still be useful to have for quick retrieval and for use in certain attack scenarios.

msf > db_create

[*] Creating a new database instance... [*] Successfully connected to the database [*] File: /root/.msf3/sqlite3.db

msf > load db_tracker

[*] Successfully loaded plugin: db_tracker msf > help

...snip...

Database Backend Commands =========================

Command Description --- ---

db_add_host Add one or more hosts to the database db_add_note Add a note to host

db_add_port Add a port to host

db_autopwn Automatically exploit everything db_connect Connect to an existing database db_create Create a brand new database

db_del_host Delete one or more hosts from the database db_del_port Delete one port from the database

db_destroy Drop an existing database

db_disconnect Disconnect from the current database instance db_driver Specify a database driver

db_hosts List all hosts in the database

db_import_amap_mlog Import a THC-Amap scan results file (-o -m) db_import_nessus_nbe Import a Nessus scan result file (NBE) db_import_nessus_xml Import a Nessus scan result file (NESSUS) db_import_nmap_xml Import a Nmap scan results file (-oX) db_nmap Executes nmap and records the output automatically

db_notes List all notes in the database db_services List all services in the database

db_vulns List all vulnerabilities in the database msf >

We can use the 'db_nmap' command to run an Nmap scan against our targets and have the scan results stored in the newly created database however, Metasploit will only create the xml output file as that is the format that it uses to populate the database whereas dradis can import either the grepable or normal output. It is always nice to have all three Nmap outputs (xml, grepable, and normal) so we can run the Nmap scan using the '-oA' flag to generate the three output files then issue the 'db_import_nmap_xml' command to populate the Metasploit database.

---<< Back|Track <<--- If you don't wish to import your results into dradis, simply run Nmap using 'db_nmap' with the options you would normally use, omitting the output flag. The example below would then be "db_nmap -v -sV 192.168.1.0/24".

msf > nmap -v -sV 192.168.1.0/24 -oA subnet_1 [*] exec: nmap -v -sV 192.168.1.0/24 -oA subnet_1

Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-13 19:29 MDT NSE: Loaded 3 scripts for scanning.

Initiating ARP Ping Scan at 19:29 Scanning 101 hosts [1 port/host] ...

Nmap done: 256 IP addresses (16 hosts up) scanned in 499.41 seconds Raw packets sent: 19973 (877.822KB) | Rcvd: 15125 (609.512KB)

With the scan finished, we will issue the 'db_import_nmap_xml' command to import the Nmap xml file.

msf > db_import_nmap_xml subnet_1.xml

Results of the imported Nmap scan can be viewed via the 'db_hosts' and 'db_services' commands: msf > db_hosts

[*] Time: Thu Aug 13 19:39:05 -0600 2009