命令:
nmap -p445 --script smb-vuln-ms17-010 192.168.119.1/24
# mac 报错可以加个sudo
ip对应的子网掩码简单理解:
ip/24
11111111 11111111 11111111 00000000
2^8=256-2=254(台)
ip/16
11111111 11111111 00000000 00000000
2^16=65536-2=65534(台)
ip/8
11111111 00000000 00000000 00000000
2^24=16777216-2=16777214(台)
打印结果:
x.x.x.x/24 = x.x.x.1~255
root@liuwx:~# nmap -p445 --script smb-vuln-ms17-010 192.168.119.1/24
Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-10 21:10 CST
Nmap scan report for 192.168.119.1
Host is up (0.00053s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.119.2
Host is up (0.00014s latency).
PORT STATE SERVICE
445/tcp closed microsoft-ds
MAC Address: 00:50:56:E0:1A:4E (VMware)
Nmap scan report for 192.168.119.139
Host is up (0.00024s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
MAC Address: 00:0C:29:BF:20:28 (VMware)
Host script results:
| smb-vuln-ms17-010:
| VULNERABLE:
| Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010)
| State: VULNERABLE
| IDs: CVE:CVE-2017-0143
| Risk factor: HIGH
| A critical remote code execution vulnerability exists in Microsoft SMBv1
| servers (ms17-010).
|
| Disclosure date: 2017-03-14
| References:
| https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
| https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143
Nmap scan report for 192.168.119.254
Host is up (0.00067s latency).
PORT STATE SERVICE
445/tcp filtered microsoft-ds
MAC Address: 00:50:56:EF:68:01 (VMware)
Nmap scan report for 192.168.119.136
Host is up (0.000033s latency).
PORT STATE SERVICE
445/tcp closed microsoft-ds
Nmap done: 256 IP addresses (5 hosts up) scanned in 2.46 seconds
从结果可以看出,内网中192.168.119.139这台主机存在ms-17-010漏洞;