Friday, November 24, 2017

Installing & Using ATScan (ျမန္မာလို)




Kali Linux

1. Advance Dork Search With ATSCAN
ATSCAN ဆိုတာ Web ေတြရဲ႕ Vulnerable ေတြကို ရွာေဖြရာမွာ အသံုးျပဳတဲ့ Scanner တစ္မ်ိဳးျဖစ္ပါတယ္။ ATSCAN Version 12 ကို ဒီ လင့္ကေန ေဒါငး္ယူႏိုင္ပါတယ္။
https://github.com/AlisamTechnology/ATSCAN 
ကေန ေဒါင္းယူႏိုင္ပါတယ္။
OR
Terminal မွာ
cd Desktop
git clone https://github.com/AlisamTechnology/ATSCAN.git 
နဲ႔လည္းရယူႏိုင္ပါတယ္။
..............
ေဒါင္းတာဆိုရင္ေတာ့ ေဒါင္းပီးရင္ Desktop ေပၚမွာ extract လိုက္ပါ။ folder ေလးတစ္ခု ေတြ႕ျမင္လာရပါမယ္။ folder ေလးထဲကို cd command ကိုအသံုးျပဳျပီး ဝင္ေရာက္ထားလိုက္ပါ။
(cd Desktop, cd folder-name)
ျပီးတဲ့အခါ chmod +x install.sh  ကို အသံုးျပဳျပီး install  လုပ္ဖို႔အတြက္ ႀကိဳတင္ျပင္ဆင္လိုက္ရပါမယ္။ chmod +x သည္ executable permission ေပးျခင္းျဖစ္ပါတယ္။ ျပီးမွ ./install.sh ကို ေရြးျပီး enter ရမွာပါ (သတိထားရမွာက dot<.> မက်န္ခဲ့ဖို႔ပါပဲ။ ./install.sh ပါ။
ေရွ႕ဆံုးက . ကို သတိျပဳပါ။ Yes/No ေမးလာရင္ y ေပါ့။ enter ျပီးသြားတာနဲ႔ ေနာက္တစ္ခု ေမးလာပါတယ္။ အမွတ္တမဲ့ဆို ေမးမွန္းေတာင္ မသိႏိုင္ပါဘူး။ ၾကာေနတယ္ထင္ျပီး ထိုင္ေစာင့္ေနမွာစိုးလို႔ ဒီလိုေလး မွတ္ထားပါ။
yes or no ေမးလာလို႔ y ေရးျပီး enter ျပီးတဲ့ခါ စာ ၂ေၾကာင္း ေပၚလာပါမယ္။ default location ကိုပဲ ေမးတာပါ။ အဲအတိုင္းထားမွာျဖစ္လို႔ အဲစာ၂ေၾကာင္းအတြင္းမွာ ဘာမွ မျဖည့္ဘဲ enter  လိုက္ပါ။
ဒါဆိုရင္ေတာ့ သူ႔ဘာသာ အလုပ္ဆက္လုပ္သြားမွာျဖစ္ျပီး command line ေနာက္တစ္ဆင့္ ကူးသြားရင္ေတာ့  installation ျပီးဆံုးျပီးျပီ ျဖစ္ပါတယ္။
ATSCAN ကို ဘယ္လိုသံုးရမလဲ သိခ်င္ရင္ေတာ့ terminal မွာ atscan --help လို႔ ရိုက္ထည့္ျပီး enter လိုက္ရံုပါပဲ။ ခုက Dork Search ကို ေျပာခ်င္တာမို႔ Dork Search ကို ရွာေဖြပံုေလးပဲ တင္ေပးလိုက္ပါတယ္။ Terminal အသစ္ေလးဖြင့္ျပီး ဒီလိုေလး ရိုက္ၾကည့္လိုက္ပါ။
atscan --dork "login.php" --level 11
(ဒီေနရာေလးမွာ ေျပာခ်င္တာကေတာ့ level 10 ထက္ ပိုျမင့္တဲ့ကိန္းကိုသာ သံုးရပါမယ္။ ဥပမာ ၂၀ ေပါ့။ စသည္ျဖင့္ပါ။ ကြ်န္ေတာ္ကေတာ့ ၁၁ ပဲ စမ္းလိုက္ပါတယ္။)
.
.
            (>\---/<)
            ,'     `.
           /  q   p  \
          (  >(_Y_)<  )
          >-' `-' `-<- .="" p="">          /  _.== ==.,- \       Do not be 4 bl4ck h4cker!
         /,    )`  '(    )
        ; `._.'      `--<       _  _____ ____   ____    _    _   _
       :     \        |  )     / \|_   _/ ___| / ___|  / \  | \ | |
       \      )       ;_/     / _ \ | | \___ \| |     / _ \ |  \| |
       `._ _/_  ___.'-\\\    / ___ \| |  ___) | |___ / ___ \| |\  |
           `--\\\           /_/   \_\_| |____/ \____/_/   \_\_| \_| V 12
__________________________________________________________________________________

  Discleamer: Using ATSCAN to Attack targets without prior mutual consent is
  illegal! It is your own responsibility to obey laws! Alisam Technology is
  not linked to any kind of loss or misuse or damage caused by this program!
Argument "no" isn't numeric in numeric eq (==) at /root/Desktop/ATSCAN-master/inc/conf/upad.pl line 38.
  [!] A new update is aviable! To update: --update
__________________________________________________________________________________
----------------------------------------------------------------------------------
[!] Please wait...
[!] [02:53:00] ::: STARTING SEARCH ENGINE SCAN :::
----------------------------------------------------------------------------------
[::] ENGINE   [bing.com]
[::] DORK     [login.php]
[::] LEVEL    [11]
----------------------------------------------------------------------------------
[!] Please wait...
[!] 8 Unique Result(s) Found!
----------------------------------------------------------------------------------
    ==============================================================================
    ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
    ==============================================================================
    TARGET  [1/8] https://www.thoughtco.com/php-login-script-p2-2693850
    AGENT   Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; es_SV) Flock
    METHOD  GET
    HTTP    HTTP/1.1 500
    SERVER  Undefined
    IP      151.101.1.121
    ==============================================================================
    ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
    ==============================================================================
    TARGET  [2/8] https://www.thoughtco.com/php-
    AGENT   Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; es_SV) Flock
    METHOD  GET
    HTTP    HTTP/1.1 500
    SERVER  Undefined
    IP      151.101.65.121
    ==============================================================================
    ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
    ==============================================================================
    TARGET  [3/8] http://phpeasystep.com/phptu/6.html
    AGENT   Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; es_SV) Flock
    METHOD  GET
    HTTP    HTTP/1.1 200
    SERVER  nginx/1.10.3
    IP      192.185.5.187
    ERRORS  Possible errors detected!
            MYSQL: [num_rows]
            MYSQL: [mysql_]
    ==============================================================================
    ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
    ==============================================================================
    TARGET  [4/8] http://copyscape.com/login.php
    AGENT   Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; es_SV) Flock
    METHOD  GET
    HTTP    HTTP/1.1 200
    SERVER  Apache/2.2.15 (CentOS)
    IP      162.13.83.46
    ==============================================================================
    ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
    ==============================================================================
    TARGET  [5/8] http://www.html-form-guide.com/php-form/php-login-form.html
    AGENT   Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; es_SV) Flock
    METHOD  GET
    HTTP    HTTP/1.1 200
    SERVER  LiteSpeed
    IP      162.249.125.212
    CMS     Wordpress
    ERRORS  Possible errors detected!
            MYSQL: [Warning: mysql_]
            MYSQL: [function.mysql]
            MYSQL: [num_rows]
            MYSQL: [mysql_]
            PHP: [Warning: require]
            PHP: [Fatal error: require]
            PHP: [Warning: require_once]
            PHP: [function.require]
            UNDEFINED: [Fatal error]
    ==============================================================================
    ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
    ==============================================================================
    TARGET  [6/8] https://www.php-einfach.de/experte/php-codebeispiele/loginscript/
    AGENT   Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; es_SV) Flock
    METHOD  GET
    HTTP    HTTP/1.1 200
    SERVER  cloudflare-nginx
    IP      104.31.74.223
    CMS     Wordpress
    ==============================================================================
    ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
    ==============================================================================
    TARGET  [7/8] https://www.php-einfach.de/experte/php-codebeispiele/
    AGENT   Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; es_SV) Flock
    METHOD  GET
    HTTP    HTTP/1.1 200
    SERVER  cloudflare-nginx
    IP      104.31.75.223
    CMS     Wordpress
    ==============================================================================
    ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
    ==============================================================================
    TARGET  [8/8] http://www.tutorialspoint.com/php/php_login_example.htm
    AGENT   Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; es_SV) Flock
    METHOD  GET
    HTTP    HTTP/1.1 200
    SERVER  ECS (sin/BFE5)
    IP      117.18.237.191
    ERRORS  Possible errors detected!
            MYSQL: [mysql_]
----------------------------------------------------------------------------------
[!] 8 Unique Result(s) Found!
[!] [02:53:00] SCAN FINISHED!!

ေတြမိလားဗ်။ Target ရယ္။ အျခား info ေတြရယ္ ခ်ျပထားတာကိုေပါ့။

ခုေတာ့ ကြ်န္ေတာ္ ထည့္သြင္းထားတဲ့ ATSCAN ကေလးဟာ update ျဖစ္မျဖစ္နဲ႔ update ထြက္ရင္ ျမွင့္လို႔ ရေအာင္ ေအာက္ပါအတိုင္း စစ္ေဆးၾကည့္လိုက္ပါတယ္။ Terminal မွာေနာ္။
atscan --update
..
[!] Please wait...
[!] Checking for updates..
[!] Copying user components... OK
[!] Placing main script... OK
Cloning into '/root/Desktop/ATSCAN-master/atscan_update'...
remote: Counting objects: 5311, done.
remote: Total 5311 (delta 0), reused 0 (delta 0), pack-reused 5311
Receiving objects: 100% (5311/5311), 1.60 MiB | 188.00 KiB/s, done.
Resolving deltas: 100% (3099/3099), done.
[!] Placing components... OK
[!] Moving README.md to /usr/share/doc/atscan/... OK
[!] Moving License.txt to /usr/share/doc/atscan/... OK
[!] Checking others components... OK
[!] Moving /root/Desktop/ATSCAN-master/inc/conf/atscan to /etc/bash_completion.d/... OK
[!] Printing update log... OK
[!] Restauring user files... OK
[!] Deleting install files... OK
[!] Deleting /root/Desktop/ATSCAN-master/inc/conf/atscan... OK
[!] Deleting /root/Desktop/ATSCAN-master/install.sh... OK
[!] Deleting /root/Desktop/ATSCAN-master/README.md... OK
[!] Deleting /root/Desktop/ATSCAN-master/License.txt... OK
[!] Deleting /root/Desktop/ATSCAN-master/version_bac.log... OK
[!] Tool updeted with success!

VERSION 12 RELEASE
=====================================================
  CHANGES: 20/02/2017
  ===================================================
  - Add --source argument to retreive source code.
  - Enjoy!

Update ျဖစ္သြားျပီျဖစ္ေၾကာင္း message ရလာပါျပီ။
ကဲ ဒါဆိုရင္ေတာ့ ကြ်န္ေတာ္တို႔ ATSCAN ကို ေကာင္းမြန္စြာ အသံုးျပဳလို႔ ရျပီျဖစ္ပါတယ္။
ခုေနမွာ update ျပန္စစ္ၾကည့္လိုက္ရင္ေတာ့ atscan --update မွာ
--
[!] Please wait...
[!] Checking for updates..
[!] The tool is up to date!
လို႔သာ ေတြ႕ရေတာ့မွာျဖစ္ပါတယ္။
................................................................................................................................................


Thanks


Khit Minnyo

0 comments:

Post a Comment