• Metasploit使用教程(一)


    Step1:启动postsql数据库

     root@kali:~# service postgresql start

    Step2:初始化msf数据库

    root@kali:~# msfdb init

    [i] Database already started
    [+] Creating database user 'msf'
    [+] Creating databases 'msf'
    [+] Creating databases 'msf_test'
    [+] Creating configuration file '/usr/share/metasploit-framework/config/database.yml'
    [+] Creating initial database schema

    Step3:进入msf控制台

    root@kali:~# msfconsole

    MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
    MMMMMMMMMMM MMMMMMMMMM
    MMMN$ vMMMM
    MMMNl MMMMM MMMMM JMMMM
    MMMNl MMMMMMMN NMMMMMMM JMMMM
    MMMNl MMMMMMMMMNmmmNMMMMMMMMM JMMMM
    MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM
    MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM
    MMMNI MMMMM MMMMMMM MMMMM jMMMM
    MMMNI MMMMM MMMMMMM MMMMM jMMMM
    MMMNI MMMNM MMMMMMM MMMMM jMMMM
    MMMNI WMMMM MMMMMMM MMMM# JMMMM
    MMMMR ?MMNM MMMMM .dMMMM
    MMMMNm `?MMM MMMM` dMMMMM
    MMMMMMN ?MM MM? NMMMMMN
    MMMMMMMMNe JMMMMMNMMM
    MMMMMMMMMMNm, eMMMMMNMMNMM
    MMMMNNMNMMMMMNx MMMMMMNMMNMMNM
    MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM
    https://metasploit.com


    =[ metasploit v5.0.71-dev ]
    + -- --=[ 1962 exploits - 1095 auxiliary - 336 post ]
    + -- --=[ 558 payloads - 45 encoders - 10 nops ]
    + -- --=[ 7 evasion ]

    msf5 >

    Step4:进行主机扫描

    msf5 > db_nmap -sV 192.168.1.2

    [*] Nmap: Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-30 05:18 EST
    [*] Nmap: Nmap scan report for 192.168.1.2
    [*] Nmap: Host is up (0.00024s latency).
    [*] Nmap: All 1000 scanned ports on 192.168.1.2 are filtered
    [*] Nmap: MAC Address: 98:3B:8F:18:C9:8C (Intel Corporate)
    [*] Nmap: Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
    [*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 22.60 seconds

    Step5:进行smb扫描测试

    use auxiliary/scanner/smb/smb_version

     msf5 auxiliary(scanner/smb/smb_version) >

    msf5 auxiliary(scanner/smb/smb_version) > set RHOSTS 192.168.1.2
    RHOSTS => 192.168.1.2

    msf5 auxiliary(scanner/smb/smb_version) > set THREADS 100
    THREADS => 100

    msf5 auxiliary(scanner/smb/smb_version) > run

     use auxiliary/scanner/smb/smb_version(smb版本扫描)

     use auxiliary/scanner/smb/pipe_auditor(扫描命名管道,判断smb服务类型,帐号,密码)

     use auxiliary/scanner/smb/pipe_dcerpc_auditor(扫描通过smb管道可以访问的RCERPC服务)

     use auxiliary/scanner/smb/smb_enumshares(smb共享枚举---帐号,密码)

     use auxiliary/scanner/smb/smb_enumusers(smb用户枚举----帐号密码)

     use auxiliary/scanner/smb/smb_lookupsid(sid枚举--帐号,密码)

     use auxiliary/scanner/ssh/ssh_version(ssh版本扫描)

     use auxiliary/scanner/ssh/ssh_login (ssh密码爆破)

     use auxiliary/scanner/ssh/ssh_login_pubkey(ssh公钥登录---set KEY_FILE id_rsa  set USERNAME root)

     use post/windows/gather/enum_patches(基于已经获取了session进行检测windows缺少的补丁)

     use auxiliary/scanner/mssql/mssql_ping(mssql端口扫描)

     use auxiliary/scanner/mssql/mssql_login(爆破mssql密码)

     use auxiliary/admin/mssql/mssql_exec(远程执行代码--set CMD net user user pass /ADD)

     use auxiliary/scanner/ftp/ftp_version(FTP版本扫描)

     use auxiliary/scanner/ftp/anonymous(FTP匿名登录)

     use auxiliary/scanner/ftp/ftp_login(FTP暴力破解)

     use auxiliary/scanner/vnc/vnc_login(vnc密码破解)

     use auxiliary/scanner/vnc/vnc_none_auth(vnc无密码访问---supported:None, free access!)

     use auxiliary/scanner/rdp/ms12_020_check(RDP远程桌面漏洞---检查会不会造成DoS攻击)

     use auxiliary/scanner/ssh/juniper_backdoor(设备后门)

     use auxiliary/scanner/ssh/fortinet_backdoor(设备后门)

     use auxiliary/scanner/vmware/vmauthd_login(VMWare ESXi密码破解)

     use auxiliary/scanner/vmware/vmware_enum_vms(VMWare ESXi密码破解)

     use auxiliary/admin/vmware/poweron_vm(利用web api远程开启虚拟机)

    HTTP 弱点扫描

     use auxiliary/scanner/http/cert(过期证书扫描)
     use auxiliary/scanner/http/dir_listing(显示目录及文件)
     use auxiliary/scanner/http/files_dir显示目录及文件)
     use auxiliary/scanner/http/dir_webdav_unicode_bypass(WebDAV Unicode 编码身份验证绕过)
     use auxiliary/scanner/http/tomcat_mgr_login(Tomcat 管理登录页面)
     use auxiliary/scanner/http/verb_auth_bypass(基于HTTP方法的身份验证绕过)
     use auxiliary/scanner/http/wordpress_login_enum(Wordpress 密码爆破--- set URI /wordpress/wp-login.php

    mysql相关

    use auxiliary/scanner/mysql/mysql_login 

    auxiliary/admin/http/manageengine_pmp_privesc

    auxiliary/scanner/mysql/mysql_version

    auxiliary/server/capture/mysql 

    post/multi/manage/dbvis_add_db_admin

  • 相关阅读:
    ubuntu英文环境下使用中文输入法
    Flex 调用添加了SoapHeader的web service
    RoR: Ruby On Rails Web Service 3 分发模式
    C# CRC8实现
    java正则表达式过滤html标签
    静态内部类和非静态内部类的区别
    Java反射机制
    java回调函数简介
    Java之泛型编程
    Java基础知识之系统命令调用、序列化、JDO、匿名内部类
  • 原文地址:https://www.cnblogs.com/networking/p/12243354.html
Copyright © 2020-2023  润新知