最終更新:2011-03-16 (水) 06:32:42 (3433d)  

Fast-Track
Top / Fast-Track

FastTrack?は、SecureState?のReL1K(本名David Kennedy)が書いたPythonスクリプト(fast-track.py)である。FastTrack?には、それ自身を含め主要なアプリケーションを簡単かつ素早く提供およびインストールするほか、充実したチュートリアル・セクションにはMetasploit Autopwn、SQL 1433ポートのハッキング、SQLインジェクションHOWTO、FTP Brute Forcer、シェルのSpawning、脆弱性攻撃などに関するトピックも用意されている。このチュートリアルは少なくともスクリプトのアップデートを実行するまでは付属していたが、最新バージョンからは除外されている。ただし、ReL1Kに問い合わせたところ、このチュートリアルは近々SecureState?サイトで公開されるようだ。

For those of you new to Fast-Track, it is a compliation of custom developed tools that allow penetration testers the ease of advanced penetration techniques in a relatively easy manner. Some of these tools utilize the Metasploit framework in order to successfully create payloads, exploit systems, or interface within compromised systems. During a penetration test on a Fortune 500, I realized that there wasn't many tools out there that did what I needed them to do, or they were just really horrible. Fast-Track tries to fill the void in some of the techniques I would normally use in a given penetration test. It is always good to learn how to do all of these attacks manually.

Fast-Track Metasploit Autopwnage

Metasploit Autopwn? is a feature within Metasploit that is rich with different options. Autopwn allows you to Nmap scan a host, and automatically run exploits against the open ports on the system. So to break it down in simplistic terms, a port scan is ran against multiple hosts or one target, once those ports have been identified, metasploit will pull what exploits it have for those open ports, it may be 0 it may be 30. Those exploits are then launches against the system you scanned. It's really a brute force of exploits, it doesn't know what version is being run on the system it just blindly launches a ton of exploits at the system.

関連

参考