Hoy “Jugaremos” con Metasploit usando un contenedor, intentando ser un “White Hat” realizaremos los 10 pasos recomendados para auditorías de seguridad.

Es muy importante acordar con la empresa todos los puntos de la auditoría, paso a paso, explicar claramente que ocurrirá, avisar a sus áreas de redes y seguridad, medir el impacto de los procesos finales (ataque, vulneración de recurso, etc), finalmente obtener su “OK FIRMADO”.

* Acordar con la empresa el proceso a realizar, acordar todo el procedimiento previamente (paso a paso) y obtener su aprobación.
* Definir las herramientas a utlizar.
* Documentar todos los pasos y resultados.
* Identificar objetos a auditar. (Equipos, servicios, recursos)
* Auditar equipos/servicios/recursos.
* Identificar versiones de cada uno, S. Operativos, servicios corriendo, entornos.
* Identificar vulnerabilidades de cada uno.
* Vulnerar el objeto y documentar cada caso.
* Presentar el reporte final con las conclusiones y puntos a mejorar.

Primero realizar la instalación de una Distro Kali con Metasploit y actualizar todo.**

Creación del contenedor para este proceso, veremos que arranca y nos brinda la interfaz texto de gestión, este POST no pretende explicar como usar Metasploit, hay otros muy buenos para eso.

# docker run -t -i linuxkonsult/kali-metasploit
Unable to find image 'linuxkonsult/kali-metasploit:latest' locally
latest: Pulling from linuxkonsult/kali-metasploit
b2860afd831e: Pull complete 
340395ad18db: Pull complete 
d4ecedcfaa73: Pull complete 
3f96326089c0: Pull complete 
e5b4b7133863: Pull complete 
45f74187929d: Pull complete 
6e61dde25369: Pull complete 
96dd93da002c: Pull complete 
dae364b40b0d: Pull complete 
15b292d8b2ed: Pull complete 
22137f70898b: Pull complete 
Digest: sha256:5eb1d2568276cd89b756a87302cf6ce46bbe852de0ab77f67eb3b94a76662d93
Status: Downloaded newer image for linuxkonsult/kali-metasploit:latest
.........
Generation complete.
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $a,        |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $S`?a,     |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
 [%%%%%%%%%%%%%%%%%%%%__%%%%%%%%%%|       `?a, |%%%%%%%%__%%%%%%%%%__%%__ %%%%]
 [% .--------..-----.|  |_ .---.-.|       .,a$%|.-----.|  |.-----.|__||  |_ %%]
 [% |        ||  -__||   _||  _  ||  ,,aS$""`  ||  _  ||  ||  _  ||  ||   _|%%]
 [% |__|__|__||_____||____||___._||%$P"`       ||   __||__||_____||__||____|%%]
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| `"a,       ||__|%%%%%%%%%%%%%%%%%%%%%%%%%%]
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%|____`"a,$$__|%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%        `"$   %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
       =[ metasploit v4.16.24-dev                         ]
+ -- --=[ 1714 exploits - 973 auxiliary - 300 post        ]
+ -- --=[ 503 payloads - 40 encoders - 10 nops            ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
msf > 

Probando un Scanner de puertos Windows. (SMB)

msf > use auxiliary/scanner/smb/smb_version
msf auxiliary(scanner/smb/smb_version) > set RHOSTS 192.168.10.30
RHOSTS => 192.168.10.30
msf auxiliary(scanner/smb/smb_version) > set THREADS 11
THREADS => 11
msf auxiliary(scanner/smb/smb_version) > run

[+] 192.168.10.30:445     - Host is running Windows 7 Professional SP1 (build:7601) (name:ETGSPCPU700) (domain:ETG)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Podemos ver el contenedor corriendo.

# docker ps
CONTAINER ID        IMAGE                          COMMAND                 CREATED             STATUS              PORTS               NAMES
cad850cec632        linuxkonsult/kali-metasploit   "/bin/sh -c /init.sh"   15 minutes ago      Up 15 minutes                           metasploit

La medida de la imágen es de 2.51gb, bastante grande, debido a que es un Kali-Linux con muchas herramientas dentro.

# docker images
REPOSITORY                     TAG                 IMAGE ID            CREATED             SIZE
linuxkonsult/kali-metasploit   latest              3dba476f7c53        15 months ago       2.51GB

También vemos que usa 458 mb al arrancar

# docker stats
CONTAINER ID        NAME                CPU %               MEM USAGE / LIMIT     MEM %               NET I/O             BLOCK I/O           PIDS
cad850cec632        metasploit          0.06%               458.2MiB / 7.681GiB   5.83%               134MB / 8.35MB      6.42MB / 845MB      12

Dentro del contenedor corriendo msfcli, si tipeamos “EXIT” saldremos que contenedor y se apagará.

Para ponerlo a correr nuevamente.

# docker run metasploit

# docker exec -it cad850cec632  /usr/bin/msfconsole

También podemos conectarnos a ese contenedor (usando BASH) y correr otros procesos.

# docker exec -it cad850cec632 /bin/bash
root@cad850cec632:/# df -h
Filesystem      Size  Used Avail Use% Mounted on
overlay         229G  157G   61G  73% /
tmpfs            64M     0   64M   0% /dev
tmpfs           3.9G     0  3.9G   0% /sys/fs/cgroup
/dev/sdb2       229G  157G   61G  73% /etc/hosts
shm              64M     0   64M   0% /dev/shm
tmpfs           3.9G     0  3.9G   0% /proc/scsi
tmpfs           3.9G     0  3.9G   0% /sys/firmware

root@cad850cec632:/# ps -A
  PID TTY          TIME CMD
    1 pts/0    00:00:00 sh
    7 pts/0    00:00:00 init.sh
    9 pts/0    00:00:08 ruby
   45 pts/1    00:00:00 bash
   52 pts/1    00:00:00 ps


Si te interesó el artículo escríbenos a DockerTipsHelp@gmail.com.