渗透测试实例,xampp靶机实验

本文详细记录了一次针对XAMPP靶机的渗透测试过程,包括使用Nessus扫描,Metasploit框架进行SMB版本检测,发现并利用MS17-010(EternalBlue)漏洞成功获取Meterpreter会话,以及通过SMB用户枚举获取管理员权限。实验最后进行了http扫描和DoS攻击模拟。
摘要由CSDN通过智能技术生成

实验名称:渗透测试实例,xampp靶机实验
实验目的:对xampp靶机进行渗透测试
实验环境:Kali虚拟机一台4G xampp靶机一台 IP:192.168.22.128
实验步骤:
一、对靶机进行扫描:使用Neuss
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
二、开启metasploit框架进行扫描
在这里插入图片描述
msf6 > db_nmap -A -T4 192.168.22.128 使用namp进行扫描
在这里插入图片描述
(1)进行渗透测试
扫描smb版本信息
msf6 > search smb_version 查看是否有smb版本扫描模块

Matching Modules

Name Disclosure Date Rank Check Description


0 auxiliary/scanner/smb/smb_version normal No SMB Version Detection

Interact with a module by name or index. For example info 0, use 0 or use auxiliary/scanner/smb/smb_version

msf6 > use auxiliary/scanner/smb/smb_version 引用模块
msf6 auxiliary(scanner/smb/smb_version) > set rhosts 192.168.22.128 设置扫描IP地址
rhosts => 192.168.22.128
msf6 auxiliary(scanner/smb/smb_version) > run 执行

[] 192.168.22.128:445 - SMB Detected (versions:1, 2) (preferred dialect:SMB 2.1) (signatures:optional) (uptime:2w 3d 1h 19m 15s) (guid:{079eddaa-883e-448c-9c75-df3fb0d2aa5c}) (authentication domain:W2K8)
[+] 192.168.22.128:445 - Host is running Windows 2008 R2 Datacenter SP1 (build:7601) (name:W2K8) (workgroup:WORKGROUP)
[
] 192.168.22.128: - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
在这里插入图片描述
(2)先寻找暴露出来的第一个问题点
msf6 auxiliary(scanner/smb/smb_version) > search smb description:2 寻找相应模块

Matching Modules

Name Disclosure Date Rank Check Description


0 auxiliary/admin/mssql/mssql_ntlm_stealer normal No Microsoft SQL Server NTLM Stealer
1 auxiliary/docx/word_unc_injector normal No Microsoft Word UNC Path Injector
2 auxiliary/dos/samba/read_nttrans_ea_list normal No Samba read_nttrans_ea_list Integer Overflow
3 auxiliary/dos/windows/smb/ms05_047_pnp normal No Microsoft Plug and Play Service Registry Overflow
4 auxiliary/dos/windows/smb/ms09_050_smb2_negotiate_pidhigh normal No Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
5 auxiliary/dos/windows/smb/ms09_050_smb2_session_logoff normal No Microsoft SRV2.SYS SMB2 Logoff Remote Kernel NULL Pointer Dereference
6 auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop normal No Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop
7 auxiliary/dos/windows/smb/ms10_054_queryfs_pool_overflow normal No Microsoft Windows SRV.SYS SrvSmbQueryFsInformation Pool Overflow DoS
8 auxiliary/dos/windows/smb/ms11_019_electbowser normal No Microsoft Windows Browser Pool DoS
9 auxiliary/fuzzers/smb/smb2_negotiate_corrupt normal No SMB Negotiate SMB2 Dialect Corruption
10 auxiliary/gather/konica_minolta_pwd_extract normal No Konica Minolta Password Extractor
11 auxiliary/scanner/http/citrix_dir_traversal 2019-12-17 normal No Citrix ADC (NetScaler) Directory Traversal Scanner
12 auxiliary/scanner/sap/sap_soap_rfc_rzl_read_dir normal No SAP SOAP RFC RZL_READ_DIR_LOCAL Directory Contents Listing
13 auxiliary/scanner/smb/smb_enum_gpp normal No SMB Group Policy Preference Saved Passwords Enumeration
14 auxiliary/server/capture/smb normal No Authentication Capture: SMB
15 auxiliary/server/teamviewer_uri_smb_redirect normal No TeamViewer Unquoted URI Handler SMB Redirect
16 exploit/linux/samba/chain_reply 2010-06-16 good No Samba chain_reply Memory Corruption (Linux x86)
17 exploit/multi/http/struts_code_exec_classloader 2014-03-06 manual No Apache Struts ClassLoader Manipulation Remote Code Execution
18 exploit/multi/ids/snort_dce_rpc 2007-02-19 good No Snort 2 DCE/RPC Preprocessor Buffer Overflow
19 exploit/windows/browser/java_ws_double_quote 2012-10-16 excellent No Sun Java Web Start Double Quote Injection
20 exploit/windows/fileformat/ms13_071_theme 2013-09-10 excellent No MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution
21 exploit/windows/fileformat/ms14_060_sandworm 2014-10-14 excellent No MS14-060 Microsoft Windows OLE Package Manager Code Execution
22 exploit/windows/fileformat/ursoft_w32dasm 2005-01-24 good No URSoft W32Dasm Disassembler Function Buffer Overflow
23 exploit/windows/fileformat/vlc_smb_uri 2009-06-24 great No VideoLAN Client (VLC) Win32 smb:// URI Buffer Overflow
24 exploit/windows/misc/hp_dataprotector_c

  • 1
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值