445 Tcp Open Microsoft Ds Metasploit
Author: Joe Barr
Metasploit LLC released version 3.0 of the Metasploit Framework (MSF), the popular penetration testing project, late last month. Version 3.0 is a complete rewrite of the previous tools using primarily the Ruby programming language; versions 1 and 2 were written primarily in Perl. Also new are an experimental GUI, and perhaps the crowning jewel of the release, the db_autopwn module, which automates exploit discovery and execution.MSF is designed for automated penetration testing. To that end, it keeps a stable of exploits known to work against specific targets: various releases of Windows, Linux, BSD, generic Unix, and Mac OS. It also runs on many of those same platforms, and has even been seen on a Nokia N800 handheld.Using the Metasploit Database. Johan Grotherus. August 28, 2015 Views: 10726. Begin Learning Cyber Security for FREE Now! 192.168.1.3 445 tcp microsoft-ds open 192.168.1.3 548 tcp afp open 192.168.1.3 5009 tcp airport-admin open 192.168.1.3 139 tcp netbios-ssn open. What is the Microsoft-ds service? I just installed Firestarter on my machine, got it up and running and found that there was a Microsoft-ds service trying to get into my system on port 445. If you map a drive to a Win2k/XP machine that isn't using NetBIOS over TCP/IP, you'll connect via port 445. If that interface the firewall is running.
MSF was originally developed by H. D. Moore. Matt Miller and a small number of other developers joined Moore in developing the 2.0 release. The developers formed Metasploit LLC last year for the purpose of “preventing commercial abuse and ensuring the longevity of the project.” Metasploit LLC owns all rights to the Metasploit software, domains, and trademarks. MSF is licensed under the Metasploit Framework License, which has not been approved by the OSI nor ruled a free software license by the FSF.
The current development version of MSF — revision 4701 from svn — comes with 190 exploits and more than 100 payloads. Think of an exploit as the weapon that gets you in the door, and a payload as ammunition; payloads contain the instructions on what to do once you get inside. For a walkthrough of a specific exploit and payload usage from msfconsole, see our review of the 2.6 release.
Installing and using db_autoPwn
In order to use the db_autopwn module, you have to install some extras for database support. You can choose MySQL, Postgres, or SQLite database managers. I installed MSF on Ubuntu 7.04 Feisty Fawn and chose SQLite3 for my database engine.
There are platform-specific installation instructions online, and Moore has put up an excellent guide to using db_autopwn on the Metsploit blog. For those of you using Ubuntu 7.04 and SQLite3, here’s an abbreviated list of the steps you can take to install the latest development version of MFS, plus everything you need to run db_autopwn.
- Install Subversion.
- Install MSF from svn.
- Install Ruby and related packages.
- Install RubyGems.
- Install Ruby on Rails (
gem install rails
) and answer Y to all. - Install libgtk2-ruby, libglade2-ruby, sqlite3.
- Install libsqlite3-ruby1.8 and libdbd-sqlite3-ruby1.8.
- Install Nmap.
If all is correctly installed, you will be able to use the db commands from msfconsole, including one command that will execute Nmap and automatically record its results in the database. If you prefer, you can run Nmap by itself and import the XML file of the results of the scan. Ditto for Nessus scans output in its NBE format.
The next thing you need to do is create a database. Enter the subdirectory for MSF that was created by svn, and enter the following command: sudo ./msfconsole
. Once msfconsole loads, the next two commands will load the database driver and create the needed database:
To check that all is well to this point, enter help
at the MSF console, and a list of all available commands should appear, with all the database-related commands at the top of that list:
Moore suggests running db_autopwn at this point with no arguments to get a feel for what you can ask it to do. Here’s how it responds:
And while you are still in “getting to know you” mode, you might try the show
command as well. It lists all the exploits, payloads, auxiliary Ruby scripts, and plugins — like the one that allows it to work with SQLite3 — known to the framework. Moore defines auxiliaries as “anything not an exploit,” and cites discovery scripts, fuzzers, DOS (Denial of Service), and administrative attacks as examples.
Putting it to the test
Counting the Linksys router, I have three Linux boxes on my LAN. I decided to turn MSF 3.0 loose on them. I began by reconnoitering the lanscape, using the db_nmap command to look at every system on the LAN:
I confirmed those hosts were in the database using the db_hosts command, then tried the db_services command as well. Here’s what I got back:
Note that the db_autopwn command by default will attack every host in the database, so if you wish to exclude some of them, you must either remove them or use the include/exclude range options shown above following the bare db_autopwn command.
Next, I asked db_autopwn to check for vulnerabilities. As you can see below, it found none that it had the tools to exploit.
Dream Theater - The Majesty Demos 1985 - 1986 [will post at 1 September 2013] Original Release Date: June 1, 1986 (2003 through YtseJam Records) Bitrate 320 kbps Track List: 01. Dream theater falling into infinity tour paris.
I suppose that’s good for my security, but disappointing for other reasons. I used the info
command at the console to take a closer look at the few Linux exploits available to see if I could find a vulnerable package to install. The linux/proxy/squid_ntlm_authenticate exploit looked promising:
But, alas, even after installing and running Squid, I could not exploit the system.
About the GUI and other interfaces
Click to enlarge |
In addition to the console, MSF offers a command-line interface to provide easy scripting and automation of penetration testing, and a Web interface as well. I didn’t play with either of those, but I did take a look at the experimental GUI, which is currently in development.
To start it, I entered sudo ./msfgui
in the framework directory where previously I had entered sudo ./msfconsole
. An empty frame appeared almost immediately, and about 10 seconds later it was completely loaded, showing drop-down menus for all the exploits, payloads, auxiliary, and other modules it knew about.
While playing with the GUI, I learned that I could display information about any of the items mentioned above by clicking first on the icon to expand one of the categories, then clicking on the item I was interested in. The pane immediately below the menu list then displayed all the information about the item selected.
More experimentation revealed that a right-click on a selected item brings up another icon which will execute the selected item if you click it. What I haven’t discovered yet is how to set information about the targets: IP addresses, ports, and payload arguments. I’m told on the mailing-list, however, that it can be done.
Note: Fabrice Mourron, the msfgui developer, helped me locate the problem I was having in executing msfgui. He tracked it down to the old, buggy version of libgtk2-ruby in the Ubuntu 7.04 repositories. Not only that, he created a new online demo of msfgui in action, showing the msdns_zonename exploit.
Documentation and support
A nicely done MSF 3.0 User Guide is available in PDF format. Also available from that same page is a Developer Guide and documentation on various APIs. If after reading them you still have questions, send a blank email to framework-subscribe@metasploit.com to subscribe to the project’s mailing list, or browse the list’s archive.
Conclusion
MSF 3.0 is a big step forward toward automating security testing. Not only is it more powerful than ever before, especially with the db_autopwn feature, but the experimental GUI makes it easier to use.
Open Microsoft Office
Most of the exploits that come with MSF 3.0 are at least slightly dated. That’s probably a good thing, because otherwise it would probably do more harm than good. But it is still a loaded gun, and there are still lots of systems on the Internet that are vulnerable to its exploits. With MSF 3.0 they can be cracked in a heartbeat by a casual user.
Imagine a hat of the black persuasion, armed with a database full of zero-day exploits and a case of payloads with bad intentions, scanning subnets for potential victims and then plucking them like low-hanging fruit from behind msfconsole. Not a pretty picture. On the other hand, imagine security pros able to verify patches and conduct their own penetration testing to find the cracks before the bad guys.
MSF 3.0 is a powerful tool that can be used for good or evil. Use it to test your systems’ security before someone else tries to.
Category:
Open Tcp Port 445
- Security