apt2 - 情報セキュリティ株式会社from nexpose, nessus, or nmap • the processed results...
TRANSCRIPT
-
Information Security Inc.
APT2
-
Information Security Confidential - Partner Use Only
Contents
2
• About APT2
• Features
• Modules
• Requirements
• Setup
• Installing APT2
• Using APT2
• References
-
Information Security Confidential - Partner Use Only
About APT2
3
• APT2 is an Automated Penetration Testing Toolkit
-
Information Security Confidential - Partner Use Only
Features
4
• This tool will perform an NMap scan, or import the results of a scan
from Nexpose, Nessus, or Nmap
• The processed results will be used to launch exploit and
enumeration modules according to the configurable Safe Level and
enumerated service information
-
Information Security Confidential - Partner Use Only
Modules
5
-
Information Security Confidential - Partner Use Only
Requirements
6
• convert, dirb, hydra, java, john, ldapsearch, msfconsole, nmap,
nmblookup, phantomjs, responder, rpcclient, secretsdump.py,
smbclient, snmpwalk, sslscan, x11-apps
• Kali Linux users => phantomjs, secretsdump.py
(https://github.com/CoreSecurity/impacket/blob/master/examples/s
ecretsdump.py) and x11-apps
https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py
-
Information Security Confidential - Partner Use Only
Setup
7
• Kali Linux 2017 "2017.2“ 64 bit (https://www.kali.org/downloads/)
• On Kali Linux install python-nmap library: python setup.py install
https://www.kali.org/downloads/
-
Information Security Confidential - Partner Use Only
Installing APT2
8
• Installing dependencies
-
Information Security Confidential - Partner Use Only
Installing APT2
9
• Installing dependencies (secretsdump.py)
-
Information Security Confidential - Partner Use Only
Installing APT2
10
• Clone it
-
Information Security Confidential - Partner Use Only
Installing APT2
11
• Install python-nmap library
-
Information Security Confidential - Partner Use Only
Using APT2
12
• APT2 options
-
Information Security Confidential - Partner Use Only
Using APT2
13
• If getting the following error when starting running APT2
-
Information Security Confidential - Partner Use Only
Using APT2
14
• Resolve it by configuring Metasploit as below
-
Information Security Confidential - Partner Use Only
Using APT2
15
• If getting the following error when starting running APT2
“ Module 'apt2_whois' disabled. Dependency required: 'Missing
whois library. To install run: pip install whois‘ “
-
Information Security Confidential - Partner Use Only
Using APT2
16
• Resolve it by installing “whois” library
-
Information Security Confidential - Partner Use Only
Using APT2
17
• APT2 ran against a target machine (IP 192.168.10.112)
-
Information Security Confidential - Partner Use Only
Using APT2
18
• APT2 ran against a target machine (IP 192.168.10.112)
• Generated reports
-
Information Security Confidential - Partner Use Only
Using APT2
19
• APT2 ran against a target machine (IP 192.168.10.112)
• Generated reports
-
Information Security Confidential - Partner Use Only
Using APT2
20
• APT2 ran against a target machine (IP 192.168.10.112)
• Generated reports
-
Information Security Confidential - Partner Use Only
References
21
• GitHub
https://github.com/MooseDojo/apt2
• Kali Linux
https://www.kali.org/downloads/
• Secretsdump.py
https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py
https://github.com/MooseDojo/apt2