4. RESULTADOS
4.5 La cutícula en los frutos carnosos
4.5.4 Genes implicados en la biosíntesis de la cutícula en cítricos, manzanas, tomates y
Now that we have run some scans, our database should be populated with some initial data
so now is a good time to cover how to pull information from the Metasploit database.
hosts
The "hosts" run without any parameters will list all of the hosts in the database.
msf > hostsHosts =====
address address6 arch comm comments created_at info mac name os_flavor os_lang os_name os_sp purpose state updated_at svcs vulns workspace
--- --- ---- ---- --- --- ---- --- ---- --- --- --- --- --- --- --- ---- --- ---
192.168.69.100 Tue Nov 23 07:43:55 UTC
2010 00:0C:29:DE:1A:00 alive Tue Nov 23 07:43:55 UTC 2010 4 0 default
192.168.69.105 Tue Nov 23 07:43:55 UTC
2010 00:0C:29:9A:FC:E0 alive Tue Nov 23 07:43:55 UTC 2010 4 0 default
192.168.69.110 Tue Nov 23 07:43:55 UTC
2010 00:0C:29:69:9C:44 alive Tue Nov 23 07:43:55 UTC 2010 6 0 default
192.168.69.125 Tue Nov 23 07:43:55 UTC
2010 00:0C:29:F5:00:71 alive Tue Nov 23 07:43:55 UTC 2010 1 0 default
192.168.69.130 Tue Nov 23 07:43:55 UTC
2010 00:0C:29:6E:26:BB alive Tue Nov 23 07:43:55 UTC 2010 14 0 default
192.168.69.135 Tue Nov 23 07:43:55 UTC
2010 00:0C:29:AC:BC:A5 alive Tue Nov 23 07:43:55 UTC 2010 12 0 default
192.168.69.140 Tue Nov 23 07:43:56 UTC
2010 alive Tue Nov 23 07:43:56 UTC 2010 1 0 default
192.168.69.141 Tue Nov 23 07:43:56 UTC
2010 00:0C:29:F3:40:70 alive Tue Nov 23 07:43:56 UTC 2010 12 0 default
192.168.69.142 Tue Nov 23 07:43:56 UTC
2010 00:0C:29:57:63:E2 alive Tue Nov 23 07:43:56 UTC 2010 14 0 default
192.168.69.143 Tue Nov 23 07:43:56 UTC
2010 00:0C:29:32:29:79 alive Tue Nov 23 07:43:56 UTC 2010 11 0 default
192.168.69.146 Tue Nov 23 07:43:56 UTC
2010 00:0C:29:97:C4:27 alive Tue Nov 23 07:43:56 UTC 2010 2 0 default
192.168.69.171 Tue Nov 23 07:43:56 UTC
2010 00:0C:29:EC:23:47 alive Tue Nov 23 07:43:56 UTC 2010 6 0 default
192.168.69.173 Tue Nov 23 07:43:57 UTC
2010 00:0C:29:45:7D:33 alive Tue Nov 23 07:43:57 UTC 2010 3 0 default
192.168.69.175 Tue Nov 23 07:43:57 UTC
2010 00:0C:29:BB:38:53 alive Tue Nov 23 07:43:57 UTC 2010 4 0 default
192.168.69.199 Tue Nov 23 07:43:57 UTC
2010 00:0C:29:58:09:DA alive Tue Nov 23 07:43:57 UTC 2010 4 0 default
192.168.69.50 Tue Nov 23 07:43:55 UTC
2010 00:0C:29:2A:02:5B alive Tue Nov 23 07:43:55 UTC 2010 3 0 default
We can also further narrow down the output to display only the columns we are interested
in.
msf > hosts -c address,state,svcs Hosts ===== address state svcs --- --- ---- 192.168.69.100 alive 4 192.168.69.105 alive 4 192.168.69.110 alive 6 192.168.69.125 alive 1 192.168.69.130 alive 14 192.168.69.135 alive 12 192.168.69.140 alive 1 192.168.69.141 alive 12 192.168.69.142 alive 14 192.168.69.143 alive 11 192.168.69.146 alive 2 192.168.69.171 alive 6 192.168.69.173 alive 3 192.168.69.175 alive 4 192.168.69.199 alive 4 192.168.69.50 alive 3
We can also limit the output to a single host.
msf > hosts -a 192.168.69.50 -c address,mac,svcs Hosts ===== address mac svcs --- --- ---- 192.168.69.50 00:0C:29:2A:02:5B 3 msf >
notes
Running "notes" will output the notes that Metasploit has for each host. This is where you
will find the results of your Nmap scan, along with lots of other valuable information. Like the
hosts command, you can filter the information to display only the notes about a single host.
msf > notes -a 192.168.69.135[*] Time: Tue Nov 23 07:43:55 UTC 2010 Note: host=192.168.69.135 type=host.os.nmap_fingerprint data={:os_version=>"2.6.X",
:os_accuracy=>"100", :os_match=>"Linux 2.6.9 - 2.6.31", :os_vendor=>"Linux", :os_family=>"Linux"}
[*] Time: Tue Nov 23 07:43:56 UTC 2010 Note: host=192.168.69.135 type=host.last_boot data={:time=>"Sun Nov 21 23:23:54 2010"}
[*] Time: Tue Nov 23 07:54:48 UTC 2010 Note: host=192.168.69.135service=smb type=smb.fingerprint data={:os_flavor=>"Unix", :os_name=>"Unknown",
:os_sp=>"Samba 3.0.20-Debian"} msf >
services
The "services" command will, as you can imagine, display the identified services on the
target machines. This is the information that will provide us with valuable information with
respect to what targets merit further attack.
msf > services Services
========
created_at info name port proto state updated_at Host
Workspace
--- ---- ---- ---- --- --- --- ----
---
Tue Nov 23 07:43:55 UTC 2010 Microsoft Windows RPC msrpc 135 tcp open Tue Nov 23 07:43:55 UTC 2010
192.168.69.100 default
Tue Nov 23 07:43:55 UTC 2010 netbios-ssn 139 tcp open Tue Nov 23 07:43:55 UTC 2010
192.168.69.100 default
Tue Nov 23 07:43:55 UTC 2010 Windows XP Service Pack 2 (language: English) (name:V-XPSP2-TEMPLAT) (domain:WORKGROUP) smb 445 tcp open Tue Nov 23 07:54:50 UTC 2010 192.168.69.100 default
...snip...
Tue Nov 23 07:43:55 UTC 2010 lighttpd 1.4.26 ip 80 tcp open Tue Nov 23 07:55:42 UTC 2010
192.168.69.50 default
Tue Nov 23 07:43:55 UTC 2010 Samba smbd 3.X workgroup: WORKGROUP netbios-ssn 139 tcp open Tue Nov 23 07:43:55 UTC 2010
192.168.69.50 default
Tue Nov 23 07:43:55 UTC 2010 Unix Samba 3.0.37 (language: Unknown)
(domain:WORKGROUP) smb 445 tcp open Tue Nov 23 07:54:41 UTC 2010 192.168.69.50 default msf >
We also have the option of narrowing down the information on our target. Passing "-h" will
display the available options.
msf > services -h
Usage: services [-h|--help] [-u|--up] [-a ] [-r ] [-p ] [-n ] -a Search for a list of addresses
-c Only show the given columns
-h,--help Show this help information -n Search for a list of service names -p Search for a list of ports
-r Only show [tcp|udp] services
Available columns: created_at, info, name, port, proto, state, updated_at msf >
We can filter down the output all the way down to a particular TCP port that we are looking
for.
msf > services -a 192.168.69.135 -c info -p 445 -r tcp Services ======== info Host Workspace ---- ---- ---Unix Samba 3.0.20-Debian (language: Unknown) (domain:WORKGROUP) 192.168.69.135 default
msf >
vulns
Running "vulns" will list all of the vulnerabilities stored in the database, matched to each
target. It will also list the appropriate references if available.
msf > vulns -h
[*] Time: Tue Nov 23 09:09:19 UTC 2010 Vuln: host=192.168.69.50 name=NSS- refs=
[*] Time: Tue Nov 23 09:09:20 UTC 2010 Vuln: host=192.168.69.50 port=445 proto=tcp name=NSS-26920 refs=CVE-1999-0519,CVE-1999-0520,CVE-2002-
1117,BID-494,OSVDB-299
[*] Time: Tue Nov 23 09:09:21 UTC 2010 Vuln: host=192.168.69.50 port=445 proto=tcp name=NSS-26919 refs=CVE-1999-0505
...snip...
[*] Time: Tue Nov 23 09:18:54 UTC 2010 Vuln: host=192.168.69.1 name=NSS- 43067 refs=
[*] Time: Tue Nov 23 09:18:54 UTC 2010 Vuln: host=192.168.69.1 name=NSS- 45590 refs=
[*] Time: Tue Nov 23 09:18:54 UTC 2010 Vuln: host=192.168.69.1 name=NSS- 11936 refs=
msf >
creds
During post-exploitation of a host, gathering user credentials is an important activity in order
to further penetrate a target network. As we gather sets of credentials, we can add them to
our database with the "creds -a" command and list them later by running "creds".
msf > creds -a 192.168.69.100 445 Administrator
7bf4f254b222bb24aad3b435b51404ee:2892d26cdf84d7a70e2eb3b9f05c425e::: [*] Time: Tue Nov 23 09:28:24 UTC 2010 Credential: host=192.168.69.100 port=445 proto=tcp sname=192.168.69.100 type=password user=Administrator pass=7bf4f254b222bb24aad3b435b51404ee:2892d26cdf84d7a70e2eb3b9f05c425e::: active=true
msf > creds
[*] Time: Tue Nov 23 09:28:24 UTC 2010 Credential: host=192.168.69.100 port=445 proto=tcp sname=192.168.69.100 type=password user=Administrator pass=7bf4f254b222bb24aad3b435b51404ee:2892d26cdf84d7a70e2eb3b9f05c425e::: active=true
[*] Found 1 credential. msf >