标签:Metasploit use scanner Kali 用法 ssh login smb auxiliary
Step1:启动postsql数据库
root@kali:~# service postgresql start
Step2:初始化msf数据库
root@kali:~# msfdb init
[i] Database already started
[+] Creating database user 'msf'
[+] Creating databases 'msf'
[+] Creating databases 'msf_test'
[+] Creating configuration file '/usr/share/metasploit-framework/config/database.yml'
[+] Creating initial database schema
Step3:进入msf控制台
root@kali:~# msfconsole
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMM MMMMMMMMMM
MMMN$ vMMMM
MMMNl MMMMM MMMMM JMMMM
MMMNl MMMMMMMN NMMMMMMM JMMMM
MMMNl MMMMMMMMMNmmmNMMMMMMMMM JMMMM
MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM
MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM
MMMNI MMMMM MMMMMMM MMMMM jMMMM
MMMNI MMMMM MMMMMMM MMMMM jMMMM
MMMNI MMMNM MMMMMMM MMMMM jMMMM
MMMNI WMMMM MMMMMMM MMMM# JMMMM
MMMMR ?MMNM MMMMM .dMMMM
MMMMNm ?MMM MMMM dMMMMM
MMMMMMN ?MM MM? NMMMMMN
MMMMMMMMNe JMMMMMNMMM
MMMMMMMMMMNm, eMMMMMNMMNMM
MMMMNNMNMMMMMNx MMMMMMNMMNMMNM
MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM
https://metasploit.com
=[ metasploit v5.0.71-dev ]
- -- --=[ 1962 exploits - 1095 auxiliary - 336 post ]
- -- --=[ 558 payloads - 45 encoders - 10 nops ]
- -- --=[ 7 evasion ]
msf5 >
Step4:进行主机扫描
msf5 > db_nmap -sV 192.168.1.2
[] Nmap: Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-30 05:18 EST
[] Nmap: Nmap scan report for 192.168.1.2
[] Nmap: Host is up (0.00024s latency).
[] Nmap: All 1000 scanned ports on 192.168.1.2 are filtered
[] Nmap: MAC Address: 98:3B:8F:18:C9:8C (Intel Corporate)
[] Nmap: Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 22.60 seconds
Step5:进行smb扫描测试
use auxiliary/scanner/smb/smb_version
msf5 auxiliary(scanner/smb/smb_version) >
msf5 auxiliary(scanner/smb/smb_version) > set RHOSTS 192.168.1.2
RHOSTS => 192.168.1.2
msf5 auxiliary(scanner/smb/smb_version) > set THREADS 100
THREADS => 100
msf5 auxiliary(scanner/smb/smb_version) > run
use auxiliary/scanner/smb/smb_version(smb版本扫描)
use auxiliary/scanner/smb/pipe_auditor(扫描命名管道,判断smb服务类型,帐号,密码)
use auxiliary/scanner/smb/pipe_dcerpc_auditor(扫描通过smb管道可以访问的RCERPC服务)
use auxiliary/scanner/smb/smb_enumshares(smb共享枚举---帐号,密码)
use auxiliary/scanner/smb/smb_enumusers(smb用户枚举----帐号密码)
use auxiliary/scanner/smb/smb_lookupsid(sid枚举--帐号,密码)
use auxiliary/scanner/ssh/ssh_version(ssh版本扫描)
use auxiliary/scanner/ssh/ssh_login (ssh密码爆破)
use auxiliary/scanner/ssh/ssh_login_pubkey(ssh公钥登录---set KEY_FILE id_rsa set USERNAME root)
use post/windows/gather/enum_patches(基于已经获取了session进行检测windows缺少的补丁)
use auxiliary/scanner/mssql/mssql_ping(mssql端口扫描)
use auxiliary/scanner/mssql/mssql_login(爆破mssql密码)
use auxiliary/admin/mssql/mssql_exec(远程执行代码--set CMD net user user pass /ADD)
use auxiliary/scanner/ftp/ftp_version(FTP版本扫描)
use auxiliary/scanner/ftp/anonymous(FTP匿名登录)
use auxiliary/scanner/ftp/ftp_login(FTP暴力破解)
use auxiliary/scanner/vnc/vnc_login(vnc密码破解)
use auxiliary/scanner/vnc/vnc_none_auth(vnc无密码访问---supported:None, free access!)
use auxiliary/scanner/rdp/ms12_020_check(RDP远程桌面漏洞---检查会不会造成DoS***)
use auxiliary/scanner/ssh/juniper_backdoor(设备后门)
use auxiliary/scanner/ssh/fortinet_backdoor(设备后门)
use auxiliary/scanner/vmware/vmauthd_login(VMWare ESXi密码破解)
use auxiliary/scanner/vmware/vmware_enum_vms(VMWare ESXi密码破解)
use auxiliary/admin/vmware/poweron_vm(利用web api远程开启虚拟机)
HTTP 弱点扫描
use auxiliary/scanner/http/cert(过期证书扫描)
use auxiliary/scanner/http/dir_listing(显示目录及文件)
use auxiliary/scanner/http/files_dir显示目录及文件)
use auxiliary/scanner/http/dir_webdav_unicode_bypass(WebDAV Unicode 编码身份验证绕过)
use auxiliary/scanner/http/tomcat_mgr_login(Tomcat 管理登录页面)
use auxiliary/scanner/http/verb_auth_bypass(基于HTTP方法的身份验证绕过)
use auxiliary/scanner/http/wordpress_login_enum(Wordpress 密码爆破--- set URI /wordpress/wp-login.php
mysql相关
use auxiliary/scanner/mysql/mysql_login
auxiliary/admin/http/manageengine_pmp_privesc
auxiliary/scanner/mysql/mysql_version
auxiliary/server/capture/mysql
post/multi/manage/dbvis_add_db_admin
标签:Metasploit,use,scanner,Kali,用法,ssh,login,smb,auxiliary 来源: https://blog.51cto.com/14773580/2485195
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。