{"id":243,"date":"2020-04-17T21:25:44","date_gmt":"2020-04-17T21:25:44","guid":{"rendered":"http:\/\/blog.thepragmatic.xyz\/?p=243"},"modified":"2024-03-02T04:37:21","modified_gmt":"2024-03-02T04:37:21","slug":"pruebas-de-intrusion-con-metasploit-framework","status":"publish","type":"post","link":"https:\/\/blog.thepragmatic.xyz\/?p=243","title":{"rendered":"Pruebas de intrusi\u00f3n con Metasploit Framework"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Carretazo<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>\u00bfPor qu\u00e9 es tan famoso este framework?<\/strong><\/p>\n\n\n\n<ul><li>Recolecci\u00f3n de informaci\u00f3n<\/li><li>Scanning<\/li><li>An\u00e1lisis de  Vulnerabilidades<\/li><li>Explotaci\u00f3n<\/li><li>Post-Explotaci\u00f3n<\/li><\/ul>\n\n\n\n<p><strong>Arquitectura de la aplicaci\u00f3n<\/strong><\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/www.offsec.com\/wp-content\/uploads\/2015\/04\/msfarch2.png\" alt=\"Metasploit Architecture Info-Graphic\"\/><figcaption>Tomado de: <a href=\"https:\/\/www.offsec.com\/metasploit-unleashed\/metasploit-architecture\/\" data-type=\"URL\" data-id=\"https:\/\/www.offsec.com\/metasploit-unleashed\/metasploit-architecture\/\">https:\/\/www.offsec.com\/metasploit-unleashed\/metasploit-architecture\/<\/a><\/figcaption><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>Interfaces de Metasploit<\/strong><\/p>\n\n\n\n<p>Para este framework existen varias interfaces, cada una con sus ventajas y desaveniencias. Algunas de estas son:<\/p>\n\n\n\n<ul><li>msfconsole<\/li><li>armitage<\/li><li>WEBUI<\/li><li>msfcli<\/li><\/ul>\n\n\n\n<p><strong>Comandos de la MSFconsole (Nivel Core y Base de Datos)<\/strong><\/p>\n\n\n\n<p><em>Nivel de base de datos<\/em><\/p>\n\n\n\n<ul><li>db_status<\/li><li>hosts<\/li><li>services<\/li><li>db_import<\/li><li>creds<\/li><li>db_nmap<\/li><li>vulns <\/li><\/ul>\n\n\n\n<p><em>Nivel de base de <\/em>core<\/p>\n\n\n\n<ul><li>search<\/li><li>show<\/li><li>use<\/li><li>set<\/li><li>unset<\/li><li>back<\/li><li>banner<\/li><li>info<\/li><li>check<\/li><li>exploit<\/li><li>sessions<\/li><li>jobs<\/li><li>run<\/li><li>background<\/li><\/ul>\n\n\n\n<p>Los modulos auxiliares<\/p>\n\n\n\n<p>Suministran valor agregado y mas funcionalidades al framework Metasploit durante un pentesting. Dentro de estos modulos se pueden encontrar herramientas relacionadas con actividades tales como:<\/p>\n\n\n\n<p>-Scanning, An\u00e1lisis de vulnerabilidades, ataques de tipo diccionario, Denegaci\u00f3n de servicio, fuerza bruta, password cracking etc.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>Los m\u00f3dulos auxiliares <strong>no retornan una shell y explotaci\u00f3n directa<\/strong> en el nodo auditado, pero son  de gran utilidad.<\/p><\/blockquote>\n\n\n\n<p>Los m\u00f3dulos auxiliares no son exploits como tal, son piezas de software codificado para realizar las tareas del pentesting. <\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>Instalaci\u00f3n o Despliegue<\/strong><\/p>\n\n\n\n<p><em>Si utilizas Kali Linux<\/em><\/p>\n\n\n\n<p><code>service postgresql start<\/code><\/p>\n\n\n\n<p><code>service postgreesql status<\/code><\/p>\n\n\n\n<p><code>msfdb init<\/code><\/p>\n\n\n\n<p>Despu\u00e9s de ejecutar los comandos anteriores se tiene acceso a la msfconsole<\/p>\n\n\n\n<p><code>msfconsole<\/code><\/p>\n\n\n\n<p>M\u00f3dulos<\/p>\n\n\n\n<p>cd \/usr\/share\/metasploit-framework\/modules<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><em>Si utilizas Windows<\/em>.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.metasploit.com\/download\">https:\/\/www.metasploit.com\/download<\/a><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>Demo<\/strong><\/p>\n\n\n\n<p>Banner<\/p>\n\n\n\n<p>Hosts<\/p>\n\n\n\n<p>Services<\/p>\n\n\n\n<p>Creds<\/p>\n\n\n\n<p>hosts -d (Borrar la bd para que quede limpia)<\/p>\n\n\n\n<p>(Comandos muy \u00fatiles para pruebas de penetraci\u00f3n a grandes infraestructuras, es mejor tener almacenados en una base de datos los datos relacionados a nodos, servicios y credenciales en caso de tenerse.)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Carretazo \u00bfPor qu\u00e9 es tan famoso este framework? Recolecci\u00f3n de informaci\u00f3n Scanning An\u00e1lisis de Vulnerabilidades Explotaci\u00f3n Post-Explotaci\u00f3n Arquitectura de la aplicaci\u00f3n [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":246,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.thepragmatic.xyz\/index.php?rest_route=\/wp\/v2\/posts\/243"}],"collection":[{"href":"https:\/\/blog.thepragmatic.xyz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.thepragmatic.xyz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.thepragmatic.xyz\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.thepragmatic.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=243"}],"version-history":[{"count":24,"href":"https:\/\/blog.thepragmatic.xyz\/index.php?rest_route=\/wp\/v2\/posts\/243\/revisions"}],"predecessor-version":[{"id":2812,"href":"https:\/\/blog.thepragmatic.xyz\/index.php?rest_route=\/wp\/v2\/posts\/243\/revisions\/2812"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.thepragmatic.xyz\/index.php?rest_route=\/wp\/v2\/media\/246"}],"wp:attachment":[{"href":"https:\/\/blog.thepragmatic.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.thepragmatic.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.thepragmatic.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}