Debian 8.3 Mate搭建渗透测试环境

Debian 8.3 Mate搭建渗透测试环境

Debian 8.3 Mate 下载地址
http://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/
http://cdimage.debian.org/debian-cd/8.3.0-live/amd64/iso-hybrid/debian-live-8.3.0-amd64-mate-desktop.iso
http://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-8.3.0-amd64-mate-desktop.iso
#Ubuntu Mate ISO http://cdimage.ubuntu.com/ubuntu-mate/releases/15.04/release/ubuntu-mate-15.04-desktop-amd64.iso

 

Debian 安装msf # ruby2.3.1

apt-get install pptp-linux network-manager-pptp build-essential zlib1g zlib1g-dev libxml2 libxml2-dev libxslt-dev locate libreadline6-dev libcurl4-openssl-dev git-core libssl-dev libyaml-dev openssl autoconf libtool ncurses-dev bison curl wget postgresql postgresql-contrib libpq-dev libapr1 libaprutil1 libsvn1 libpcap-dev git-core postgresql curl nmap libsqlite3-dev default-jdk screen subversion –y   #必要组件

ruby用rvm装吧

$ curl -sSL https://rvm.io/mpapis.asc | gpg --import -
$ \curl -sSL https://get.rvm.io | bash -s stable
# 如果上面的连接失败,可以尝试:
$ curl -L https://raw.githubusercontent.com/wayneeseguin/rvm/master/binscripts/rvm-installer | bash -s stable
$ source /etc/profile.d/rvm.sh
rvm install ruby-2.3.1
#rvm install ruby-2.1.8
rvm use 2.3.1 --default
gem install bundler

 

apt-get install rubygems-integration rubygems
gem install wirble sqlite3 bundler
###下面各种报错都是国内网络不稳定造成,直接上vpn解决##
#报错Unable to download data from https://rubygems.org/ - Errno::ECONNRESET: Connection reset by peer - SSL_connect,解决如下

wget https://raw.githubusercontent.com/rubygems/rubygems/master/lib/rubygems/ssl_certs/AddTrustExternalCARoot-2048.pem
gem which rubygems
/usr/lib/ruby/2.1.0/rubygems.rb
cp ~/Downloads/AddTrustExternalCARoot-2048.pem /usr/lib/ruby/2.1.0/rubygems/ssl_certs/
gem install wirble sqlite3 bundler

排错:

#when download from https, may has SSL error, then: gem sources --remove https://rubygems.org ; gem sources --add http://rubygems.org or bundle config mirror.https://rubygems.org https://ruby.taobao.org
head -1 /path/to/metasploit-framework/Gemfile
source 'http://rubygems.org'

 

设置Postgresql数据库及用户

sudo -s
su postgres
createuser msf -P -S -R -D
Enter password for new role: ***
Enter it again: ***
createdb -O msf msf
exit

cd /opt/; git clone https://github.com/rapid7/metasploit-framework.git
cd metasploit-framework/
bundle install
bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done'
nano /opt/metasploit-framework/config/database.yml

production:
adapter: postgresql
database: msf
username: msf
password: msf
host: 127.0.0.1
port: 5432
pool: 75
timeout: 5


sh -c "echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/config/database.yml >> /etc/profile"
### sh -c "echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/config/database.yml >> ~/.bashrc"
source /etc/profile
安装中文输入法
apt-get install ibus ibus-googlepinyin ibus-sunpinyin

 

安装Armitage

curl -# -o /tmp/armitage.tgz http://www.fastandeasyhacking.com/download/armitage-latest.tgz
tar -xvzf /tmp/armitage.tgz -C /opt
ln -s /opt/armitage/armitage /usr/local/bin/armitage
ln -s /opt/armitage/teamserver /usr/local/bin/armitage_teamserver
sh -c "echo java -jar /opt/armitage/armitage.jar \$\* > /opt/armitage/armitage"
perl -pi -e 's/armitage.jar/\/opt\/armitage\/armitage.jar/g' /opt/armitage/teamserver

安装CobaltStrike
US代理,获取cobaltstrike

firefox https://www.cobaltstrike.com/download
tar -xvzf /tmp/cobaltstrike.tgz -C /opt
ln -s /opt/cobaltstrike/cobaltstrike /usr/local/bin/cobaltstrike
ln -s /opt/cobaltstrike/teamserver /usr/local/bin/cobaltstrike_teamserver
sh -c "echo java -jar /opt/cobaltstrike/cobaltstrike.jar \$\* > /opt/cobaltstrike/cobaltstrike"
#perl -pi -e 's/cobaltstrike.jar/\/opt\/cobaltstrike\/cobaltstrike.jar/g' /opt/cobaltstrike/teamserver

安装SQLMap

cd /usr/share/; git clone https://github.com/sqlmapproject/sqlmap.git
ln -s /usr/share/sqlmap/sqlmap.py /usr/bin/sqlmap

安装Bettercap

apt-get install build-essential ruby-dev libpcap-dev
gem install bettercap
gem update bettercap

安装 DNSEnum

DNSenum http://dnsenum.googlecode.com/files/dnsenum1.2.tar.gz
git clone https://github.com/fwaeytens/dnsenum.git
cd dnsenum/
安装缺失的模块:cpan XXX::xxx

安装 fierce

$ cd /usr/share
$ svn co https://svn.assembla.com/svn/fierce/fierce2/trunk/ fierce2/
$ cd fierce2/
$ perl Makefile.PL
$ make
$ make test
$ make install
$ ln -s /usr/local/bin/fierce /usr/share/fierce2/fierce
$ mkdir -p /pentest/enumeration/fierce/
$ ln -s /usr/local/bin/fierce /pentest/enumeration/fierce/fierce

cpan Net::DNS #安装缺失的库
cpan Net::DNS::Resolver #貌似可以解决报错 improperly terminated AXFR at D:\tools\fierce-0.9.9\fierce.pl line 228.

安装WPScan

Installing on Debian:
sudo apt-get install git ruby ruby-dev libcurl4-openssl-dev make zlib1g-dev
cd /usr/share/; git clone https://github.com/wpscanteam/wpscan.git
cd wpscan

gem install bundler && bundle install --without test --path vendor/bundle
alias wpscan='ruby /usr/share/wpscan/wpscan.rb --enumerate u --enumerate p --enumerate t --url '

或者安装Docker后安装Docker的wpscan

docker pull wpscanteam/wpscan
docker run --rm wpscanteam/wpscan -u http://yourblog.com [options]

 

安装PPTP VPN支持

apt-get install network-manager-openvpn network-manager-pptp network-manager-pptp-gnome network-manager-vpnc
service network-manager restart

 

 

安装GuardScan

wget https://bootstrap.pypa.io/get-pip.py
python get-pip.py
pip install tornado
#安装个lnmp
apt-get install screen
screen -S lnmp
wget -c http://soft.vpser.net/lnmp/lnmp1.2-full.tar.gz && tar zxf lnmp1.2-full.tar.gz && cd lnmp1.2-full && ./install.sh lnmp
#wget -c http://soft.vpser.net/lnmp/lnmp1.3beta-full.tar.gz && tar zxf lnmp1.3beta-full.tar.gz && cd lnmp1.3beta-full && ./install.sh lnmp

 

mysql

create database pscan;
use pscan;
source pscan.sql
CREATE USER 'pscan'@'%' IDENTIFIED BY 'RFwPauXUhF4sWtSq';GRANT USAGE ON *.* TO 'pscan'@'%' IDENTIFIED BY '***' REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;GRANT ALL PRIVILEGES ON `pscan`.* TO 'pscan'@'%';

修改conn.php中的数据库信息
修改 ./proxy/isqlmap.py
self.webserver="http://localhost:88/"
改成你自己的主机地址和端口。
修改./proxy/task.py
def update():
url="http://localhost:88/api.php?type=sqlmap_update"
urllib2.urlopen(url).read()
def api_get():
url="http://localhost:88/api.php?type=api_get"
data=urllib2.urlopen(url).read()
改成你的host地址


配置
打开 http://localhost:88/config.php 在list里面添加sqlmapapi节点
格式为
http://127.0.0.1:8775 (不需要最后一个/)
浏览器设置代理,并且添加一个http header
User-Hash: youhash


使用
首先运行sqlmapapi,并且在config里面增加至少一个节点
cd proxy/
python proxy_io.py 8080&
python task.py&
然后将浏览器代理设置为
http 127.0.0.1 8080
然后一顿请求之后可以打开
http://localhost:88/config.php

 

仅作记录,呵呵 工具党。