面白そうなペネトレーションツールがあったのでCentOS 7にインストールしてみました。
pythonで作成された簡易ペネトレーションツール BLACKBOxです。
ペネトレーションテスト
https://ja.wikipedia.org/wiki/ペネトレーションテスト
ネットワークに接続されているコンピュータシステムに対し、実際に既知の技術を用いて侵入を試みることで、システムに脆弱性がないかどうかテストする手法のこと。侵入実験または侵入テストとも言われる。
BLACKBOx – Simple Pen-Testing Framework
http://anonhq.com/blackbox-simple-pen-testing-framework/
darkeyepy/blackbox
https://github.com/darkeyepy/blackbox.git
本格的なツールとしてはKali Linuxが有名です。
上記紹介サイトではDebian系ですがCentOS 7でも動作しそうなので挑戦してみました。
【環境】
CentOS Linux release 7.2.1511 (Core)
Kernel:3.10.0-327.36.2.el7.x86_64
- BLACKBOxに必要なプログラムインストール
- pip upgrade
- pexpect module install
- BLACKBOx ダウンロード
- install
- 使用方法
すでにptyhonはインストールされているので必要なプログラムを追加します。
ちなみにCentOS 7のデフォルトはPython 2.7.5になります。
1 2 |
# python -V Python 2.7.5 |
python-passlib,python-pipはepel repoになりますので無い場合は事前にインストールして下さい。
1 |
# yum -y install epel-release |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# yum -y install python-passlib python-pip Loaded plugins: fastestmirror epel/x86_64/metalink | 4.0 kB 00:00:00 epel | 4.3 kB 00:00:00 (1/3): epel/x86_64/group_gz | 170 kB 00:00:00 (2/3): epel/x86_64/primary_db | 4.3 MB 00:00:01 (3/3): epel/x86_64/updateinfo | 625 kB 00:00:03 Loading mirror speeds from cached hostfile * base: ftp.tsukuba.wide.ad.jp * epel: ftp.jaist.ac.jp * extras: ftp.tsukuba.wide.ad.jp * updates: ftp.riken.jp Resolving Dependencies --> Running transaction check ---> Package python-passlib.noarch 0:1.6.2-2.el7 will be installed ---> Package python-pip.noarch 0:7.1.0-1.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================= Package Arch Version Repository Size ========================================================================================================= Installing: python-passlib noarch 1.6.2-2.el7 epel 480 k python-pip noarch 7.1.0-1.el7 epel 1.5 M Transaction Summary ========================================================================================================= Install 2 Packages Total download size: 2.0 M Installed size: 9.3 M Downloading packages: warning: /var/cache/yum/x86_64/7/epel/packages/python-passlib-1.6.2-2.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY Public key for python-passlib-1.6.2-2.el7.noarch.rpm is not installed (1/2): python-passlib-1.6.2-2.el7.noarch.rpm | 480 kB 00:00:00 (2/2): python-pip-7.1.0-1.el7.noarch.rpm | 1.5 MB 00:00:00 --------------------------------------------------------------------------------------------------------- Total 1.5 MB/s | 2.0 MB 00:00:01 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 Importing GPG key 0x352C64E5: Userid : "Fedora EPEL (7) <epel@fedoraproject.org>" Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5 Package : epel-release-7-6.noarch (@extras) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : python-passlib-1.6.2-2.el7.noarch 1/2 Installing : python-pip-7.1.0-1.el7.noarch 2/2 Verifying : python-pip-7.1.0-1.el7.noarch 1/2 Verifying : python-passlib-1.6.2-2.el7.noarch 2/2 Installed: python-passlib.noarch 0:1.6.2-2.el7 python-pip.noarch 0:7.1.0-1.el7 Complete! |
1 2 3 4 5 6 7 8 9 10 11 |
# pip install --upgrade pip You are using pip version 7.1.0, however version 8.1.2 is available. You should consider upgrading via the 'pip install --upgrade pip' command. Collecting pip Downloading pip-8.1.2-py2.py3-none-any.whl (1.2MB) 100% |################################| 1.2MB 445kB/s Installing collected packages: pip Found existing installation: pip 7.1.0 Uninstalling pip-7.1.0: Successfully uninstalled pip-7.1.0 Successfully installed pip-8.1.2 |
1 2 3 4 5 6 7 8 |
# pip install pexpect Collecting pexpect Downloading pexpect-4.2.1-py2.py3-none-any.whl (55kB) 100% |################################| 61kB 1.1MB/s Collecting ptyprocess>=0.5 (from pexpect) Downloading ptyprocess-0.5.1-py2.py3-none-any.whl Installing collected packages: ptyprocess, pexpect Successfully installed pexpect-4.2.1 ptyprocess-0.5.1 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# git clone https://github.com/darkeyepy/blackbox.git Cloning into 'blackbox'... remote: Counting objects: 428, done. remote: Compressing objects: 100% (24/24), done. remote: Total 428 (delta 13), reused 0 (delta 0), pack-reused 404 Receiving objects: 100% (428/428), 89.95 KiB | 0 bytes/s, done. Resolving deltas: 100% (226/226), done. # cd blackbox/ # ll total 112 -rw-r--r--. 1 root root 20202 Oct 1 11:14 COPYING -rw-r--r--. 1 root root 1502 Oct 1 11:14 README.md -rw-r--r--. 1 root root 82638 Oct 1 11:14 blackbox.py -rwxr-xr-x. 1 root root 462 Oct 1 11:14 install |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# ./install Collecting requests Downloading requests-2.11.1-py2.py3-none-any.whl (514kB) 100% |################################| 522kB 2.6MB/s Installing collected packages: requests Successfully installed requests-2.11.1 Requirement already satisfied (use --upgrade to upgrade): passlib in /usr/lib/python2.7/site-packages Requirement already satisfied (use --upgrade to upgrade): pexpect in /usr/lib/python2.7/site-packages Requirement already satisfied (use --upgrade to upgrade): ptyprocess>=0.5 in /usr/lib/python2.7/site-packages (from pexpect) _____ __ _____ _____ _____ _____ _____ | __ | | | _ | | | | __ | | _ _ | __ -| |__| | --| -| __ -| | ||_'_| |_____|_____|__|__|_____|__|__|_____|_____||_,_| {2.0#Dev} help : python2 blackbox.py -h/--help Usage : python2 blackbox.py {module} --help WORKED ! NOW YOU CAN USE command! : blackbox # cd |
プログラムは/opt/blackbox/に、実行シェルは/bin/blackboxが作成されています。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
# blackbox -h _____ __ _____ _____ _____ _____ _____ | __ | | | _ | | | | __ | | _ _ | __ -| |__| | --| -| __ -| | ||_'_| |_____|_____|__|__|_____|__|__|_____|_____||_,_| {2.0#Dev} Usage : /opt/blackbox/blackbox.py {Module} -h/--help Bruteforcing : + Wordpress Bruteforce : wordpress_brute | Bruteforcing WP PANEL + Admin Page Finder : admin_brute | Find Admin Page + SSH Bruteforce : ssh_brute | Bruteforcing SSH LOGIN + FTP Bruteforce : ftp_brute | Bruteforcing FTP LOGIN Information Gathering : + Dnsinfo : dns_info | Get All Website from IP Exploit : + Joomla Rce : rce_joomla | 1.5 - 3.4.5 remote code execution + Magento Rce : rce_magento | Magento eCommerce - Remote Code Execution + PrestaShop Exploit : presta_exploit | Prestashop Multi Modules Arbitrary File Upload Exploit Dorking : + Google Dorker : google_dorker(LFI/RCE/XSS/SQLi) | Google Dorker + Bing Dorker : bing_dorker(LFI/RCE/XSS/SQLi) | Bing Dorker via IP + Scan List : scan_list(LFI/RCE/XSS/SQLi) | Scan url in list ! Cracking : + Crack Hash MD5-SHA512 : hash_killer | Crack Hash SHA1-SHA224 SHA256-SHA384 MSSQL2000-MSSQL2005 MYSQL41-ORACLE11 MYSQL323 HASHs # blackbox ssh_brute -h _____ __ _____ _____ _____ _____ _____ | __ | | | _ | | | | __ | | _ _ | __ -| |__| | --| -| __ -| | ||_'_| |_____|_____|__|__|_____|__|__|_____|_____||_,_| {2.0#Dev} Usage: /opt/blackbox/blackbox.py ssh_brute --ip [IP ADDRESS] -u/--username [USERNAME OF SSH LOGIN] -w/--wordlist [PATH OF WORDLIST] Example: /opt/blackbox/blackbox.py ssh_brute --ip 192.168.xxx.xx -u root -w password.txt Options: -h, --help show this help message and exit --ip=IP IP address Of SSH SERVER -u USERNAME, --username=USERNAME USERNAME OF SSH SERVER -w WORDLIST, --wordlist=WORDLIST WORDLIST PATH |
試しにSSH Bruteforceを検証してみます。helpにもあるようにパスワード総当りなので、パスワードリストが必要になります。
1 2 3 4 |
# cat password.txt 12345678 qwertyui password |
検証ユーザ guestを作成して実行してみます。
1 2 3 4 5 6 7 8 9 10 11 12 |
# blackbox ssh_brute --ip 192.168.1.1 -u guest -w password.txt _____ __ _____ _____ _____ _____ _____ | __ | | | _ | | | | __ | | _ _ | __ -| |__| | --| -| __ -| | ||_'_| |_____|_____|__|__|_____|__|__|_____|_____||_,_| {2.0#Dev} [+] USERNAME : guest [+] WORDLIST : password.txt [-] Error via Password : 12345678 [-] Error via Password : qwertyui [+] LOGIN SUCCESSFULLY WITH [+] Password : password |
ちなみにyumでインストールできるpexpect-2.3-11.el7.noarch.rpmはバージョンが古いので下記のエラーになります。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# ./install You are using pip version 7.1.0, however version 8.1.2 is available. You should consider upgrading via the 'pip install --upgrade pip' command. Collecting requests Downloading requests-2.11.1-py2.py3-none-any.whl (514kB) 100% |################################| 516kB 967kB/s Installing collected packages: requests Successfully installed requests-2.11.1 You are using pip version 7.1.0, however version 8.1.2 is available. You should consider upgrading via the 'pip install --upgrade pip' command. Requirement already satisfied (use --upgrade to upgrade): passlib in /usr/lib/python2.7/site-packages You are using pip version 7.1.0, however version 8.1.2 is available. You should consider upgrading via the 'pip install --upgrade pip' command. Requirement already satisfied (use --upgrade to upgrade): pexpect in /usr/lib/python2.7/site-packages Traceback (most recent call last): File "/opt/blackbox/blackbox.py", line 30, in <module> from pexpect import pxssh ImportError: cannot import name pxssh ERROR FAIL! |