Immunity Canvas 7.26


Ax Immunity Canvas

官方:http://www.immunityinc.com/products/canvas/

Immunity Canvas是美国ImmunitySec出品的安全漏洞检测工具,包含了480多个以上的漏洞利用,是一款针对对象广泛的自动化漏洞利用工具,对于渗透测试人员来说,CANVAS是比较专业的安全漏洞利用框架,也常被用于对IDS和IPS的检测能力的测试。这东西和MSF+C2组合差不多,但不开源。

  • 系统要求及依赖
Hardware

CANVAS runs well on any modern hardware. The simple question is to ask yourself how well your hardware runs your chosen operating system. If your hardware runs your OS well, then CANVAS will run well. Here are some minimum specs.

  • 1.2ghz processor
  • Chip architecture/OS must have Python 2.5 or greater support
  • 1GB RAM
  • 250mb free HD space
  • Good Linux drivers for wired/wireless cards
Operating System

CANVAS is written and designed to be run on Linux. While Windows and OSX are supported platforms, Linux is where CANVAS really shines. If you are tied to Windows as part of corporate IT policy, CANVAS also runs well in a VM (see the requirements above). For Linux, any modern desktop distribution with solid package management will work. We recommend:

A video demo of installing CANVAS on Linux (including RHEL) can be found here

Windows users

Windows users can download a zip file with all the dependencies (except pycrypto) and installation instructions for that platform from Immunity.

Due to export-control restrictions, we can not ship the pycrypto libraries. You can download a binary installer for Windows at the link shown below.

Mac OSX Users

OSX users can download an installer with most dependencies for that platform from Immunity. You can then download CANVAS as a zip/tar file that you decompress and run CANVAS_ROOT/runcanvas.sh. Please note you would still need to install pyasn1 on your own.

CANVAS depends on the following (free) software packages to run:
  • Python 2.6 or 2.7
  • GTK
  • PyCrypto (some modules)
  • Py-GTK and its associated libraries
  • Pyasn1
  • CANVAS STRATEGIC: ZeroMQ/PyZMQ
  • Pynacl
  • Bcrypt
  • Asn1tools
Linux Users

Linux users will need to fetch the following packages for their architecture and version of python. Certain distros may have to compile the dependencies from source if a package is not available.

Note: Package downloads are available from your package management tool of choice: yum, rpm, apt-get, emerge, etc

  • Python25, Python26 or Python27
  • GTK2
  • pycairo
  • pygobject
  • pycrypto
  • pygtk
  • pyasn1
  • pynacl
  • bcrypt
  • asn1tools

Distribution specific instructions

Ubuntu 18.04, 17.10, 16.10, 16.04

sudo apt-get update sudo apt-get -y install python-pip sudo apt-get -y install gtk2.0 sudo apt-get -y install python-glade2 sudo apt-get -y install python-nacl python-bcrypt sudo pip install pycrypto sudo pip install pyasn1 sudo pip install asn1tools

Windows users

Windows users can download our new dependency installer that will download and setup every required dependency needed to run CANVAS (including python 2.7 if selected).

sha256sum: 7024f8140b7d0ca56411bda12a2eecb1690693d1dc5910550682c57d7deb5439

Mac OS X Users

OSX users can download an installer with most dependencies for that platform from Immunity. You can then download CANVAS as a zip/tar file that you decompress and run CANVAS_ROOT/runcanvas.sh. Please note you would still need to install pyasn1, pycrypto, pynacl, bcrypt and asn1tools on your own.

sha256sum: 3afc4f67b7272735d2490110aa79b5b46384f48cd1586b9683b82e7d7502d125

Bx 泄漏事件

从何说起,2021-02-08 国外社区 RAID forums 泄露下载链。我们先来看一看这个社区有多猛。

2021-03-02 Twitter 安全研究员 Ege Balcı 披露了泄露事件

2021-03-03 安恒威胁情报中 心猎影实验室相继披露此事件

Cx 简单使用

开启

python runcanvas.py

连通性测试,开启靶机Windows7

添加主机

右键也可以看得到同网段的IP

使用Exploit模块,选择Windows,永恒之蓝漏洞。双击就可以了。

点击确定

攻击成功

在框框里输入命令,然后点一下这个接线标志的按钮就可以了。

image-20210322150607256

OK,其他的还没玩,感觉图形化的,挺好操作的,大大降低了攻击的难度,不过还是喜欢MSF。


文章作者: Enomothem
版权声明: 本博客所有文章除特别声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 Enomothem !
  目录