渗透测试本机使用linux,安装的工具分别为:nmap,msfconsole,nmap用来进行对形态进行扫描,主要扫描系统开放的端口,系统版本信息,局域网存在漏洞的主机;msfconsole主要是用来进行渗透攻击;
靶机为 xp sp2,linux上使用kvm虚拟机安装xp sp2系统;
开始在linux上用nmap进行扫,因为本机使用的虚拟网桥,桥接到虚拟机,所以网络是互通的,进行扫描的时候靶机与本机防火墙都要开放;
nmap -O -sS --script=vuln 192.168.122.112
因为事先知道靶机ip为192.168.122.112,所以就不用进行对子网扫描了,扫描子网的指令是:
nmap -sT 192.168.122.1/24
上面是进行三次握手扫描子网;扫描的结果如下:
Starting Nmap 7.60 ( https://nmap.org ) at 2020-05-02 18:07 CST
Nmap scan report for 192.168.122.112
Host is up (0.0019s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 52:54:00:C4:B0:EE (QEMU virtual NIC)
Device type: general purpose
Running: Microsoft Windows XP|2003
OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_server_2003
OS details: Microsoft Windows XP SP2 or SP3, or Windows Server 2003, Microsoft Windows XP SP2 or Windows Server 2003 SP2
Network Distance: 1 hop
Host script results:
|_samba-vuln-cve-2012-1182: NT_STATUS_ACCESS_DENIED
| smb-vuln-ms08-067:
| VULNERABLE:
| Microsoft Windows system vulnerable to remote code execution (MS08-067)
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2008-4250
| The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2,
| Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary
| code via a crafted RPC request that triggers the overflow during path canonicalization.
|
| Disclosure date: 2008-10-23
| Reference