好消息!最新Metasploit加入硬件测试功能

jopen 8年前
   <p style="text-align:center"><img alt="好消息!最新Metasploit加入硬件测试功能" src="https://simg.open-open.com/show/19b3acabab0b02fee767f9d853cc25b2.jpg" /></p>    <p>Metasploit测试框架现在加入了新功能,让用户更容易地进行硬件设备的分析测试。</p>    <p>Metasploit中已经包含了超过1600个exp和3300个模块,还有一个超大的社区专门研究模块和脚本。</p>    <p>现在,Metasploit能够让用户创建自己的脚本用来对硬件进行测试,更新后的Metasploit中加入了“硬件桥API”,用户可以测试各种硬件,甚至包括汽车里的CAN总线。</p>    <h2>如何使用硬件模式?</h2>    <p>有两种方式使用Metasploit的硬件测试功能:</p>    <p>将支持直接编译进固件中,使得设备能够兼容Metasploit</p>    <p>建立中继服务</p>    <p>如果设备不能使用以太网进行通信,则必须建立中继服务。很多硬件工具诸如软件无线电(SDR)都只能通过USB来控制。为了要将这种SDR设备与Metasploit连接,就得运行中继服务。使用到的是REST API。</p>    <h2>如何进行硬件测试?</h2>    <p>新发布的版本支持 SocketCAN。如果你有Linux系统和支持 SocketCAN的 CAN总线 嗅探器就可以进行测试了。 local_hwbridge 模块就是个简易中继服务的示例,你可以在本地或者远程服务器运行。</p>    <pre>  msf > use auxiliary/server/local_hwbridge  msf auxiliary(local_hwbridge) > run  [*] Auxiliary module execution completed  [*] Using URL: http://0.0.0.0:8080/6xOv7GqFs3YTeIE  [*] Local IP: http://10.1.10.21:8080/6xOv7GqFs3YTeIE  [*] Server started.  msf auxiliary(local_hwbridge) ></pre>    <p>local_hwbridge模块默认会检测任何SocketCAN数据,不需要输入任何选项。中继服务无需在Metasploit中运行。如果硬件本身支持REST API的话就可以跳过这步。</p>    <pre>  msf > use auxiliary/client/hwbridge/connect  msf auxiliary(connect) > set rhost 10.1.10.21  rhost => 10.1.10.21  msf auxiliary(connect) > set targeturi 6xOv7GqFs3YTeIE  targeturi => 6xOv7GqFs3YTeIE  msf auxiliary(connect) > run  [*] Attempting to connect to 10.1.10.21...  [*] Hardware bridge interface session 1 opened (127.0.0.1 -> 127.0.0.1) at 2017-01-17 11:02:34 -0800  [+] HWBridge session established  [*] HW Specialty: {"automotive"=>true}  Capabilities: {"can"=>true, "custom_methods"=>true}  [!] NOTICE:  You are about to leave the matrix.  All actions performed on this hardware bridge  [!]          could have real world consequences.  Use this module in a controlled testing  [!]          environment and with equipment you are authorized to perform testing on.  [*] Auxiliary module execution completed  msf auxiliary(connect) > sessions     Active sessions  ===============       Id  Type                   Information  Connection    --  ----                   -----------  ----------    1   hwbridge cmd/hardware  automotive   127.0.0.1 -> 127.0.0.1 (10.1.10.21)  </pre>    <p>设备连接后,就会建立一个HWBridge会话。如果你比较熟悉meterpreter的话,你就会习惯使用hwbridge。你可以输入help获取命令列表,或者运行指定模块如getvinfo(获取汽车信息)。</p>    <pre>  msf auxiliary(connect) > sess 1  [*] Starting interaction with 1...  hwbridge > supported_buses  Available buses     can0, can1, can2     hwbridge > run post/hardware/automotive/getvinfo CANBUS=can2  [*] Available PIDS for pulling realtime data: 46 pids  [*]   [1, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 15, 16, 17, 19, 20, 21, 24, 25, 28, 31, 32, 32, 33, 44, 45, 46, 47, 48, 49, 50, 51, 60, 61, 64, 65, 66, 67, 68, 69, 70, 71, 73, 74, 76]  [*]   MIL (Engine Light) : OFF  [*]   Number of DTCs: 0  [*]   Engine Temp: 48 °C / 118 °F  [*]   RPMS: 0  [*]   Speed: 0 km/h  /  0.0 mph  [*] Supported OBD Standards: OBD and OBD-II  [*] Mode $09 Vehicle Info Supported PIDS: [2, 4, 6, 8]  [*] VIN: 1G1ZT53826F109149  [*] Calibration ID: UDS ERR: {"RCRRP"=>"Request Correctly Received, but Response is Pending"}  [*] PID 6 Response: ["00", "00", "C4", "E9", "00", "00", "17", "33", "00", "00", "00", "00"]  [*] PID 8 Response: ["00", "00", "00", "00", "00", "00", "00", "00", "00", "00", "00", "00", "00", "00", "00", "00", "00"]  </pre>    <h2>即将加入更多硬件模式</h2>    <p>首个更新的“硬件桥API”专门针对汽车系统的测试,管理Metasploit工具的Rapid7公司表示,之后还会加入其他功能。</p>    <p>Metasploit想要成为大家进行硬件测试的首选工具,包括SCADA和工控系统(ICS)测试、物联网设备测试、软件无线电(SDR)。</p>    <p>“Metasploit将一批软件exp和工具集成到了一个框架中,现在我们希望在硬件方面也能这么做。”</p>    <p>“联网设备的每一次浪潮,无论是汽车还是冰箱,都模糊了软硬件的界限。我们喜欢说,这个‘硬件桥’能够让你退出数字矩阵直接影响到现实、物理的设备。”Rapid7运输研究主任Craig Smith解释道。“我们尝试给安全专家们他们所需的资源,让他们对产品进行测试以保证产品安全。”</p>    <p>来自: http://www.freebuf.com/sectool/126207.html</p>