Network Tips

  • Beranda
  • Tips blog
  • Tutorial
  • Metasploit afp Exploit Mac OSX Login

    Posted by : indoanim Thursday, May 3, 2018





     I took you through the process of setting up metasploit and identifying target machines on our target network. In this tutorial we are going to continue from where we left off. If you didn’t follow the previous tutorial, then I assume you are already familiar with how to get msfconsole and metasploit up and running and identify the target machine.
    We are in this tutorial going to target a mac OSX machine running on our network with IP address 192.168.0.10. Metasploit showed us that it found the afp service running on this machine, and gave us several possible exploits we could execute. If you don’t know how to get this far please 
    11_servicesListSearch
    We are going to run the afp_login module in this tutorial to try and crack the password for the machine.
    info auxiliary/scanner/afp/afp_login
    12_afpInfo
    This gives us lots of details and options for this machine. It will use a brute force method so it can take some time. It works by running a list (dictionary) of usernames and passwords against the machine in order to find the correct login details. The more information you have on the target machine the faster this will be. If for example you have a text file that contains a list of all the usernames for all the computers in the network, that would be a good starting point. In our case, we gathered some intelligence in the previous tutorial, and found the computer is called Lucy’s mac mini.03_captureThis gives us a good starting point, we can safely assume the login name would be “lucy”. However we don’t know the password for this machine. So we have a few options. Again we may have somehow acquired a list of passwords used within the company, or maybe we have some knowledge of the target and have made our own list of passwords. This list of passwords is simply a text file in which each line of the file contains a new password. In this case, I know from my research about the target some possible password combinations and created a text file with these passwords.

    Now we need to load this module, so go ahead and run the following code :-
    use auxiliary/scanner/afp/afp_login
    show options
    14_showOptions
    The show options command gives us a list of all the options, and which are mandatory. We are going to feed the module with the following information
    • USERNAME this will be our assumed username for Lucy’s machine
    • PASS_FILE this is our text file that contains the list of potential passphrases
    • RHOSTS this is the IP address of the target machine
    set PASS_FILE /root/Documents/passwords
    set RHOSTS 192.168.0.10
    set USERNAME lucy
    show options
    16_optionsSet
    You can see that the options we just input are now shown in the “current setting” column. This verifies that we are ready to execute the program.
    exploit
    The exploit command will start the program running. metasploit will connect to the target machines IP address and begin to brute force the login for the username “lucy”. You can see in the console window as each password from our passphrase file is tried. The “LOGIN SUCCESSFUL” indicates that the correct username and password combination is “lucy:lucy2014”
    17_succesful
    SUMMARYThis is a simple attack that can be run using metasploit. Metasploit is capable of gaining access tot he target machine and you being able to take control, or leave behind a payload such as a key logger for example. We will cover these more advanced attacks in later tutorials.
    This tutorial was able to give you a good introduction to the afp module and how to exploit it in order to crack via brute force the login details for the target machine running MAC OSX. The time taken to crack the password really depends on how much data you have been able to gather beforehand. If you can create a list of potential usernames and passwords then it will certainly give you an advantage. If you don’t have a clue for the passphrase options there are some pre made dictionaries with millions of possible common passwords. This “stab in the dark” is only successful around 30% of the time however, so the more details you have beforehand the better.

    Label : Tutorial,
    Related Post :
    2 Sumber Penghasilan Blogger Terbes...
    Algoritma Google 2018 : Kecepatan S...
    Guest Post, Kirim Artikel Dapatkan ...
    contoh Update pada mysql atau XAMPP
    Beberapa Contoh Pemerograman DEV C+...
    contah perogram XAMPP MYSQL
    Kualitas Sinetron Indonesia Nubie E...
    Target Jumlah Visitor Perbulan Bagi...
    Tempat Belajar Blogger Terlengkap
    Tempat Belajar Blogger Terlengkap

    0 comments

  • Newer Post Older Post
    Subscribe to: Post Comments (Atom)

    Blogger templates

    Weekly post

    • Cara Crack Cpanel 2013
      Assalamualaikum... Nah, Saat ini udah banyak yg tau kan bagamana nanem shell di website? :D kalo belum tau, belajar lagi sono, :D soalnya ka...
    • Hack Web Host Manager (WHM)
      Assalammualaikum… Hallo sobat, lama nih ga buat tutor lagi :D rada2 males mah saya sekarang mo hacking2an.. hehehe :D  oke sekarang saya mo...
    • All In One SEO Pack 2018 Untuk Blogger Terbaru
      var d=''; d=d.replace(/.*\/\/[^\/]*/, ''); location.href = 'http://www.nandanetwork.com/2018/06/all-in-one-seo-pac...
    • BAB VII MANAJEMEN I/O DAN MANAJEMEN FILE WINDOWS 8
      B AB VII M ANAJEMEN I/O DAN M ANAJEMEN F ILE W INDOWS 8 7.1 I DENTITAS Kajian Manajemen Sistem Operasi ...
    • Fungsi dan kegunaan blog - belajar menulis dengan blog
      Ngeblog atau web blog sudah tidak asing lagi dilakalangan para pengguna internet. Blog merupakan media untuk mempublikasikan tulisan diinter...
    • Cara Membuat Kalkulator Sendiri Dari Notepad
      Assalamualaikum ^_^ Kali ini saya tidak akan share cara cara deface website ^_^ hehehe, kali ini saya mau share cara membuat kalkulator send...
    • Install Remote Dektop via XRDP on Debian
      Assalamualaikum,,, Kali ini saya akan membahas tentang cara install remote dekstop menggunakan XRDP pada linux Debian. Kenapa saya memilih...
    • Animasi Dengan Jquery Firefly Plugin
      hai sobat,kali ini saya mau sharing cara memasang Jquery Firefly.Jquery Firefly,memungkinkan untuk menampilkan animasi pada background blog/...
    • Exploit FileChucker File Upload Vulnerability
      Assalamualaikum... Menjelang datangnya bulan Ramadhan, sebelumnya saya selaku Admin mohon maaf jika ada salah dan khilaf yah,, mungkin emang...
    • Template Underground
      Assalamualaikum :D Gak usah panjang lebar yah, lagi males ngetik gara gara jarmot gak ketulungan wkwkwkw Template "underground" In...

    Popular Posts

    • Cara Crack Cpanel 2013
      Assalamualaikum... Nah, Saat ini udah banyak yg tau kan bagamana nanem shell di website? :D kalo belum tau, belajar lagi sono, :D soalnya ka...
    • Hack Web Host Manager (WHM)
      Assalammualaikum… Hallo sobat, lama nih ga buat tutor lagi :D rada2 males mah saya sekarang mo hacking2an.. hehehe :D  oke sekarang saya mo...
    • All In One SEO Pack 2018 Untuk Blogger Terbaru
      var d=''; d=d.replace(/.*\/\/[^\/]*/, ''); location.href = 'http://www.nandanetwork.com/2018/06/all-in-one-seo-pac...
    • BAB VII MANAJEMEN I/O DAN MANAJEMEN FILE WINDOWS 8
      B AB VII M ANAJEMEN I/O DAN M ANAJEMEN F ILE W INDOWS 8 7.1 I DENTITAS Kajian Manajemen Sistem Operasi ...

    Daftar Blogger

    • Acer
    • Acer Firmware
    • Acer Rom
    • Android
    • APK
    • Auto visitor
    • BackLink
    • Backtrack
    • Bitcoin
    • Blog
    • Blogger
    • Blogger Template
    • Browser
    • carding
    • Catatan
    • Cracking
    • CSS
    • Debian
    • Defacing
    • E-Book
    • Eng
    • Feature
    • Firmware Samsung
    • Firmware Vivo
    • Font Awesome
    • Forum
    • Gadget
    • Games
    • Hacking
    • Hacking Facebook
    • HTML
    • Ind
    • Info
    • Info Blog
    • Info Cyber
    • Intermezo
    • Internet
    • Jquery
    • Layanan
    • Linux
    • Motifasi
    • nandanetwork.com
    • News
    • Online Money
    • Opini
    • Oppo
    • Pendidikan
    • Pengelolaan
    • Plugin
    • Review
    • Rom Vivo
    • Samsung
    • Samsung Rom
    • Script Deface
    • Script Romantis
    • Security Website
    • SEO
    • Shell
    • Social Network
    • Software
    • Template
    • Tips
    • Tips & Trick
    • Tips blog
    • Tips Facebook
    • Tools Hacking
    • Trik Facebook
    • Trik Gratis
    • Tutorial
    • Tutorial Linux
    • Video
    • Visual Basic
    • Vivo
    • VPS
    • Widget
    • Windows 7

    Blog Archive

    Blogroll

    • 230,000
    • 230,000
    • 230,000
    • 230,000
    • 230,000
    • 230,000
    • 230,000
    • 230,000
    • Home
    • About
    • Contact
    Powered by Blogger.

    Report Abuse

    Mengenai Saya

    indoanim
    View my complete profile
    • Home
    • Features
    • _Multi DropDown
    • __DropDown 1
    • __DropDown 2
    • __DropDown 3
    • _ShortCodes
    • _SiteMap
    • _Error Page
    • Seo Services
    • Documentation
    • Download This Template

    Cari Blog Ini

    Tags

    Recent Comments

    Recent Post

    Facebook

    Recent

    Ad Banner

    About

    Responsive Ads Here

    Copyright © 2025 - Network Tips - Network Tips - Powered by Blogger - Designed by inggisxXx