针对Mysql版本扫描
use auxiliary/scanner/mysql/mysql_version
实例:
msf5 auxiliary(scanner/mysql/mysql_version) > set RHOSTS 10.5.65.100
RHOSTS => 10.5.65.100
msf5 auxiliary(scanner/mysql/mysql_version) > set threads 1000
threads => 1000
msf5 auxiliary(scanner/mysql/mysql_version) > run
[*] 10.5.65.100:3306 - 10.5.65.100:3306 is running MySQL, but responds with an error: \x04Host '10.5.65.107' is not allowed to connect to this MySQL server
[*] 10.5.65.100:3306 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
smb版本的扫描
微软与inter的协议,网络文件共享
会话层与表示层
实例:
先进行版本扫描
msf5 auxiliary(scanner/smb/smb_version) > show options
Module options (auxiliary/scanner/smb/smb_version):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
SMBDomain . no The Windows domain to use for authentication
SMBPass no The password for the specified username
SMBUser no The username to authenticate as
THREADS 1 yes The number of concurrent threads
msf5 auxiliary(scanner/smb/smb_version) > set RHOST 10.5.65.100 这里还可以使用RHOSTS ip段
RHOST => 10.5.65.100
msf5 auxiliary(scanner/smb/smb_version) > set threads 1000
threads => 1000
msf5 auxiliary(scanner/smb/smb_version) > run
[*] 10.5.65.100:445 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
以上,如果是针对ip段
先使用unset RHOST 取消原先设置
msf5 auxiliary(scanner/smb/smb_version) > unset RHOST
Unsetting RHOST...
msf5 auxiliary(scanner/smb/smb_version) > set RHOSTS 10.5.65.0/24
RHOSTS => 10.5.65.0/24
msf5 auxiliary(scanner/smb/smb_version) > run
[+] 10.5.65.105:445 - Host is running Windows 2003 SP2 (build:3790) (name:ADMIN-AD4C9D4D8) (workgroup:WORKGROUP )
[*] 10.5.65.0/24:445 - Scanned 254 of 256 hosts (99% complete)
[*] 10.5.65.0/24:445 - Scanned 255 of 256 hosts (99% complete)
[*] 10.5.65.0/24:445 - Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
可以使用hosts -u -c 来显示扫描的结果中是否存在一些漏洞
hosts -u -c address,os_name,vulns,svcs
msf5 auxiliary(scanner/smb/smb_version) > hosts -u -c address,os_name,vulns,svcs
Hosts
=====
address os_name vulns svcs
------- ------- ----- ----
10.5.65.1 Unknown 0 7
10.5.65.100 Unknown 0 1
10.5.65.105 Windows 2003 0 4
10.5.65.107 Unknown 0 1
10.5.65.252 Unknown 0 0
10.5.65.254 Unknown 0 1