MFS 服务扫描与爆破

原创 已于 2023-09-22 15:04:55 修改 · 8.4k 阅读 · 1 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#Metasploit #MSF #信息安全 #Kali #服务发现 #主机发现 #服务爆破

于 2019-03-20 16:47:00 首次发布
Metasploit是广泛使用的渗透测试工具和漏洞利用框架,具备漏洞扫描、Payload生成等功能。其服务发现功能可识别目标网络主机和服务,主机发现功能有多种辅助模块,服务爆破功能可尝试用字典攻击爆破登录凭据,但实际操作需授权。

Metasploit是一款广泛使用的渗透测试工具和漏洞利用框架,用于评估计算机系统、应用程序和网络的安全性。它最初由HD Moore开发,后来由Rapid7公司维护和支持。

Metasploit的主要功能包括:

  1. 漏洞扫描和利用: Metasploit可以扫描目标系统,识别潜在的漏洞,并利用这些漏洞来获取对目标系统的访问权限。这包括操作系统漏洞、应用程序漏洞、服务漏洞等。

  2. Payload生成: Metasploit可以生成各种Payload,这是一段恶意代码,用于在攻击成功后在目标系统上执行操作。这包括反向Shell、Meterpreter会话等。

  3. 漏洞数据库: Metasploit维护了一个广泛的漏洞数据库,其中包含各种操作系统、应用程序和服务的漏洞信息,使渗透测试人员能够快速识别目标系统上的漏洞。

  4. 模块化框架: Metasploit采用模块化的架构,允许用户根据需要加载不同类型的模块,例如扫描模块、利用模块、负载生成模块等。

  5. 多种协议支持: Metasploit支持多种网络协议和服务,包括TCP、UDP、HTTP、HTTPS、FTP等,使渗透测试人员能够测试各种类型的系统和应用程序。

  6. 可视化界面: Metasploit提供了一个基于Web的用户界面(Metasploit Framework Web UI)和命令行界面,以满足不同用户的需求。

  7. 社区和商业版本: Metasploit拥有一个强大的社区版本(Metasploit Framework),同时也有商业版本(Metasploit Pro),后者提供了更多的高级功能和支持,适用于企业和专业渗透测试人员。

Metasploit框架(MSF)的服务发现功能是其一部分,用于识别目标网络上运行的主机和服务。服务发现是渗透测试和漏洞评估的重要步骤,帮助渗透测试人员确定目标系统的可攻击性和潜在漏洞。

以下是MSF服务发现功能的概述:

  1. 主机探测(Host Discovery): MSF的服务发现功能可以执行主机探测,通过向目标网络发送数据包并监听响应来确定哪些主机处于活动状态。这包括Ping扫描、ARP扫描、TCP和UDP扫描等。

  2. 端口扫描(Port Scanning): 一旦确定了活动主机,MSF可以执行端口扫描,以识别目标主机上开放的网络服务和端口号。这有助于确定哪些服务可能存在漏洞,需要进一步的评估。

  3. 服务识别(Service Identification): 一旦确定了开放的端口,MSF可以尝试识别每个端口上运行的具体服务和应用程序版本。这有助于渗透测试人员了解目标系统上使用的软件,并查找已知的漏洞。

  4. 操作系统识别(OS Fingerprinting): MSF可以进行操作系统识别,试图确定目标主机使用的操作系统类型和版本。这有助于选择合适的漏洞利用模块。

  5. 脆弱性扫描(Vulnerability Scanning): MSF可以与漏洞数据库集成,以自动识别目标系统上已知的漏洞。这可以帮助渗透测试人员快速找到潜在的攻击目标。

  6. 自定义模块: MSF的服务发现功能是高度可定制的,用户可以根据需要创建自定义的模块和脚本来执行特定的服务发现任务。

服务发现功能

常用来发现局域网内,的常见服务,比如HTTP,FTP,TELNET等.

MSF模块搜索

[root@localhost ~]# msfconsole
msf5 > search scanner type:auxiliary
msf5 > search scanner/http type:auxiliary        // 搜索所有与HTTP相关的模块

发现HTTP服务: 基于scanner/http/http_version发现HTTP服务.

msf5 > use scanner/http/http_version
msf5 auxiliary(scanner/http/http_version) > show options

Module options (auxiliary/scanner/http/http_version):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   Proxies                   no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS   192.168.1.0/24   yes       The target address range or CIDR identifier
   RPORT    80               yes       The target port (TCP)
   SSL      false            no        Negotiate SSL/TLS for outgoing connections
   THREADS  1                yes       The number of concurrent threads
   VHOST                     no        HTTP server virtual host


msf5 auxiliary(scanner/http/http_version) > set rhosts 192.168.1.0/24
rhosts => 192.168.1.0/24
msf5 auxiliary(scanner/http/http_version) > set rport 80
rport => 80

msf5 auxiliary(scanner/http/http_version) > exploit
[+] 192.168.1.7:80 Apache/2.4.6 (CentOS) PHP/5.4.16 ( Powered by PHP/5.4.16, 302-login.php )
[+] 192.168.1.3:80 Apache/2.5.0 (CentOS) PHP/7.0.0 ( Powered by PHP/7.0.0, 302-admin.php )
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

发现SMB服务: 基于scanner/smb/smb_version发现SMB服务.

msf5 > use scanner/smb/smb_version
msf5 auxiliary(scanner/smb/smb_version) > show options

Module options (auxiliary/scanner/smb/smb_version):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   RHOSTS     192.168.1.0/24   yes       The target address range or CIDR identifier
   SMBDomain  .                no        The Windows domain to use for authentication
   SMBPass                     no        The password for the specified username
   SMBUser                     no        The username to authenticate as
   THREADS    10               yes       The number of concurrent threads


msf5 auxiliary(scanner/smb/smb_version) > set rhosts 192.168.1.0/24
rhosts => 192.168.1.0/24
msf5 auxiliary(scanner/smb/smb_version) > set threads 10
threads => 10

msf5 auxiliary(scanner/smb/smb_version) > exploit
[+] 192.168.1.2:445       - Host is running Windows 10 China (name:lyshark) (workgroup:lyshark)
[*] 192.168.1.7:445       - Host could not be identified: Windows 6.1 (Samba 4.8.3)
[*] 192.168.1.0/24:445    - Scanned  26 of 256 hosts (10% complete)
[*] 192.168.1.0/24:445    - Caught interrupt from the console...
[*] Auxiliary module execution completed

发现FTP服务: 基于scanner/ftp/ftp_version发现FTP服务

msf5 > use scanner/ftp/ftp_version
msf5 auxiliary(scanner/ftp/ftp_version) > show options

Module options (auxiliary/scanner/ftp/ftp_version):

   Name     Current Setting      Required  Description
   ----     ---------------      --------  -----------
   FTPPASS  mozilla@example.com  no        The password for the specified username
   FTPUSER  anonymous            no        The username to authenticate as
   RHOSTS   192.168.1.0/24       yes       The target address range or CIDR identifier
   RPORT    21                   yes       The target port (TCP)
   THREADS  10                   yes       The number of concurrent threads


msf5 auxiliary(scanner/ftp/ftp_version) > set rhosts 192.168.1.0/24
rhosts => 192.168.1.0/24
msf5 auxiliary(scanner/ftp/ftp_version) > set threads 10
threads => 10

msf5 auxiliary(scanner/ftp/ftp_version) > exploit

[+] 192.168.1.7:21        - FTP Banner: '220 (vsFTPd 3.0.2)\x0d\x0a'
[*] 192.168.1.0/24:21     - Scanned  32 of 256 hosts (12% complete)
[*] 192.168.1.0/24:21     - Caught interrupt from the console...
[*] Auxiliary module execution completed

发现SSH服务: 基于auxiliary/scanner/ssh/ssh_version发现SSH服务

msf5 > use auxiliary/scanner/ssh/ssh_version
msf5 auxiliary(scanner/ssh/ssh_version) > show options

Module options (auxiliary/scanner/ssh/ssh_version):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOSTS   192.168.1.0/24   yes       The target address range or CIDR identifier
   RPORT    22               yes       The target port (TCP)
   THREADS  10               yes       The number of concurrent threads
   TIMEOUT  30               yes       Timeout for the SSH probe


msf5 auxiliary(scanner/ssh/ssh_version) > set rhosts 192.168.1.0/24
rhosts => 192.168.1.0/24
msf5 auxiliary(scanner/ssh/ssh_version) > set threads 10
threads => 10

msf5 auxiliary(scanner/ssh/ssh_version) > exploit

[+] 192.168.1.7:22        - SSH server version: SSH-2.0-OpenSSH_7.4 ( service.version=7.4 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.cpe23=cpe:/a:openbsd:openssh:7.4 service.protocol=ssh fingerprint_db=ssh.banner )
[*] 192.168.1.0/24:22     - Caught interrupt from the console...
[*] Auxiliary module execution completed

发现Telnet服务: 基于auxiliary/scanner/telnet/telnet_version发现TELNET服务

msf5 > use auxiliary/scanner/telnet/telnet_version
msf5 auxiliary(scanner/telnet/telnet_version) > show options

Module options (auxiliary/scanner/telnet/telnet_version):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   PASSWORD                   no        The password for the specified username
   RHOSTS    192.168.1.0/24   yes       The target address range or CIDR identifier
   RPORT     23               yes       The target port (TCP)
   THREADS   10               yes       The number of concurrent threads
   TIMEOUT   30               yes       Timeout for the Telnet probe
   USERNAME                   no        The username to authenticate as


msf5 auxiliary(scanner/telnet/telnet_version) > set rhosts 192.168.1.0/24
rhosts => 192.168.1.0/24
msf5 auxiliary(scanner/telnet/telnet_version) > set threads 10
threads => 10
msf5 auxiliary(scanner/telnet/telnet_version) > exploit

[-] 192.168.1.1:23        - A network issue has occurred: The connection was refused by the remote host (192.168.1.1:23).
[-] 192.168.1.7:23        - A network issue has occurred: The connection was refused by the remote host (192.168.1.7:23).
[-] 192.168.1.0:23        - A network issue has occurred: The host (192.168.1.0:23) was unreachable.
[-] 192.168.1.10:23       - A network issue has occurred: The connection was refused by the remote host (192.168.1.10:23).
[-] 192.168.1.3:23        - A network issue has occurred: The connection was refused by the remote host (192.168.1.3:23).
[-] 192.168.1.5:23        - A network issue has occurred: The host (192.168.1.5:23) was unreachable.
[*] 192.168.1.0/24:23     - Caught interrupt from the console...
[*] Auxiliary module execution completed

发现MySQL服务: 基于auxiliary/scanner/mysql/mysql_version发现mysql服务

msf5 > use auxiliary/scanner/mysql/mysql_version
msf5 auxiliary(scanner/mysql/mysql_version) > show options

Module options (auxiliary/scanner/mysql/mysql_version):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOSTS   192.168.1.7      yes       The target address range or CIDR identifier
   RPORT    3306             yes       The target port (TCP)
   THREADS  1                yes       The number of concurrent threads


msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts 192.168.1.7
rhosts => 192.168.1.7
msf5 auxiliary(scanner/mysql/mysql_version) > set rport 3306
rport => 3306
msf5 auxiliary(scanner/mysql/mysql_version) > exploit

[*] 192.168.1.7:3306      - 192.168.1.7:3306 is running MySQL, but responds with an error: \x04Host '192.168.1.7' is not allowed to connect to this MariaDB server
[*] 192.168.1.7:3306      - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

发现MSSQL服务: 基于auxiliary/scanner/mssql/mssql_ping发现SQL Server服务

msf5 > use auxiliary/scanner/mssql/mssql_ping
msf5 auxiliary(scanner/mssql/mssql_ping) > show options

Module options (auxiliary/scanner/mssql/mssql_ping):

   Name                 Current Setting  Required  Description
   ----                 ---------------  --------  -----------
   PASSWORD                              no        The password for the specified username
   RHOSTS               192.168.1.0/24   yes       The target address range or CIDR identifier
   TDSENCRYPTION        false            yes       Use TLS/SSL for TDS data "Force Encryption"
   THREADS              10               yes       The number of concurrent threads
   USERNAME             sa               no        The username to authenticate as
   USE_WINDOWS_AUTHENT  false            yes       Use windows authentification (requires DOMAIN option set)

msf5 auxiliary(scanner/mssql/mssql_ping) > set rhosts 192.168.1.0/24
rhosts => 192.168.1.0/24
msf5 auxiliary(scanner/mssql/mssql_ping) > set threads 10
threads => 10

msf5 auxiliary(scanner/mssql/mssql_ping) > run

发现Oracle服务: 基于auxiliary/scanner/oracle/tnslsnr_version发现Oracle服务

msf5 > use auxiliary/scanner/oracle/tnslsnr_version
msf5 auxiliary(scanner/oracle/tnslsnr_version) > show options

Module options (auxiliary/scanner/oracle/tnslsnr_version):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOSTS   192.168.1.0/24   yes       The target address range or CIDR identifier
   RPORT    1521             yes       The target port (TCP)
   THREADS  10               yes       The number of concurrent threads


msf5 auxiliary(scanner/oracle/tnslsnr_version) > set rhosts 192.168.1.0/24
rhosts => 192.168.1.0/24
msf5 auxiliary(scanner/oracle/tnslsnr_version) > set threads 10
threads => 10
msf5 auxiliary(scanner/oracle/tnslsnr_version) > run


主机发现功能

MSF提供了一些辅助模块,可以实现主机发现,这些辅助模块位于Metasploit框架的modules/auxiliary/scanner/discovery/目录中,用于实现主机发现和网络探测。

它们包括:

  1. arp_sweep: 用于执行ARP扫描,以确定目标网络上的活动主机。

  2. ipv6_multicast_ping: 针对IPv6网络的多播Ping扫描,用于识别IPv6网络中的主机。

  3. ipv6_neighbor 和 ipv6_neighbor_router_advertisement: 用于IPv6网络的邻居发现和路由器广告扫描,有助于确定IPv6网络上的主机和路由器。

  4. udp_probe 和 udp_sweep: 用于UDP端口扫描,以确定目标主机上开放的UDP端口。

使用模块可帮助渗透测试人员识别目标网络上的潜在攻击目标,例如活动主机和开放端口。使用这些模块时,渗透测试人员可以更好地了解目标网络的结构和漏洞,以进行进一步的评估和测试。

ARP发现内网主机: 基于scanner/discovery/arp_sweep发现内网存活主机.

msf5 > use scanner/discovery/arp_sweep
msf5 auxiliary(scanner/discovery/arp_sweep) > show options

Module options (auxiliary/scanner/discovery/arp_sweep):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   INTERFACE                   no        The name of the interface
   RHOSTS     192.168.1.0/24   yes       The target address range or CIDR identifier
   SHOST                       no        Source IP Address
   SMAC                        no        Source MAC Address
   THREADS    10               yes       The number of concurrent threads
   TIMEOUT    5                yes       The number of seconds to wait for new data


msf5 auxiliary(scanner/discovery/arp_sweep) > set rhosts 192.168.1.0/24
rhosts => 192.168.1.0/24
msf5 auxiliary(scanner/discovery/arp_sweep) > set threads 10
threads => 10

msf5 auxiliary(scanner/discovery/arp_sweep) > exploit

[+] 192.168.1.1 appears to be up (UNKNOWN).
[+] 192.168.1.2 appears to be up (UNKNOWN).
[+] 192.168.1.2 appears to be up (UNKNOWN).
[+] 192.168.1.1 appears to be up (UNKNOWN).
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed

UDP发现内网主机: 基于scanner/discovery/udp_sweep发现内网存活主机.

msf5 > use scanner/discovery/udp_sweep
msf5 auxiliary(scanner/discovery/udp_sweep) > show options

Module options (auxiliary/scanner/discovery/udp_sweep):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   BATCHSIZE  256              yes       The number of hosts to probe in each set
   RHOSTS     192.168.1.0/24   yes       The target address range or CIDR identifier
   THREADS    10               yes       The number of concurrent threads

msf5 auxiliary(scanner/discovery/udp_sweep) > set rhosts 192.168.1.0/24
rhosts => 192.168.1.0/24
msf5 auxiliary(scanner/discovery/udp_sweep) > exploit

[*] Sending 13 probes to 192.168.1.0->192.168.1.255 (256 hosts)
[*] Discovered NetBIOS on 192.168.1.2:137 (lyshark:<20>:U :lysahrk:<00>:U :lyshark:<00>:G :WORKGROUP:<1e>:G :WORKGROUP:<1d>:U :__MSBROWSE__:<01>:G :a4:be:c8:fe:ac:z4)
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed

ACK发现内网主机: 基于auxiliary/scanner/portscan/ack扫描内网存活主机.

msf5 > use auxiliary/scanner/portscan/ack
msf5 auxiliary(scanner/portscan/ack) > show options

Module options (auxiliary/scanner/portscan/ack):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   BATCHSIZE  256              yes       The number of hosts to scan per set
   DELAY      0                yes       The delay between connections, per thread, in milliseconds
   INTERFACE                   no        The name of the interface
   JITTER     0                yes       The delay jitter factor (maximum value by which to +/- DELAY) in milliseconds.
   PORTS      1-10000          yes       Ports to scan (e.g. 22-25,80,110-900)
   RHOSTS     192.168.1.7      yes       The target address range or CIDR identifier
   SNAPLEN    65535            yes       The number of bytes to capture
   THREADS    10               yes       The number of concurrent threads
   TIMEOUT    500              yes       The reply read timeout in milliseconds


msf5 auxiliary(scanner/portscan/ack) > set rhosts 192.168.1.7
rhosts => 192.168.1.7
msf5 auxiliary(scanner/portscan/ack) > set threads 10
threads => 10

msf5 auxiliary(scanner/portscan/ack) > exploit

[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

SYN发现内网主机: 基于auxiliary/scanner/portscan/syn扫描内网存活主机.

msf5 > use auxiliary/scanner/portscan/syn
msf5 auxiliary(scanner/portscan/syn) > show options

Module options (auxiliary/scanner/portscan/syn):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   BATCHSIZE  256              yes       The number of hosts to scan per set
   DELAY      0                yes       The delay between connections, per thread, in milliseconds
   INTERFACE                   no        The name of the interface
   JITTER     0                yes       The delay jitter factor (maximum value by which to +/- DELAY) in milliseconds.
   PORTS      1-1024           yes       Ports to scan (e.g. 22-25,80,110-900)
   RHOSTS     192.168.1.7      yes       The target address range or CIDR identifier
   SNAPLEN    65535            yes       The number of bytes to capture
   THREADS    10               yes       The number of concurrent threads
   TIMEOUT    500              yes       The reply read timeout in milliseconds

msf5 auxiliary(scanner/portscan/syn) > set rhosts 192.168.1.7
rhosts => 192.168.1.7
msf5 auxiliary(scanner/portscan/syn) > set threads 10
threads => 10
msf5 auxiliary(scanner/portscan/syn) > run

TCP发现内网主机: 基于auxiliary/scanner/portscan/tcp扫描内网存活主机.

msf5 > use auxiliary/scanner/portscan/tcp
msf5 auxiliary(scanner/portscan/tcp) > show options

Module options (auxiliary/scanner/portscan/tcp):

   Name         Current Setting  Required  Description
   ----         ---------------  --------  -----------
   CONCURRENCY  10               yes       The number of concurrent ports to check per host
   DELAY        0                yes       The delay between connections, per thread, in milliseconds
   JITTER       0                yes       The delay jitter factor (maximum value by which to +/- DELAY) in milliseconds.
   PORTS        1-10000          yes       Ports to scan (e.g. 22-25,80,110-900)
   RHOSTS       192.168.1.7      yes       The target address range or CIDR identifier
   THREADS      10               yes       The number of concurrent threads
   TIMEOUT      1000             yes       The socket connect timeout in milliseconds


msf5 auxiliary(scanner/portscan/tcp) > set rhosts 192.168.1.7
rhosts => 192.168.1.7
msf5 auxiliary(scanner/portscan/tcp) > set threads 10
threads => 10
msf5 auxiliary(scanner/portscan/tcp) > run

[+] 192.168.1.7:          - 192.168.1.7:21 - TCP OPEN
[+] 192.168.1.7:          - 192.168.1.7:22 - TCP OPEN
[+] 192.168.1.7:          - 192.168.1.7:80 - TCP OPEN
[+] 192.168.1.7:          - 192.168.1.7:139 - TCP OPEN
[+] 192.168.1.7:          - 192.168.1.7:445 - TCP OPEN
[*] 192.168.1.7:          - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed


服务爆破功能

了解了目标主机上的开放服务后,渗透测试人员可能会尝试使用字典攻击来爆破登录凭据,以验证是否能够成功进一步渗透。以下是一些常见的服务爆破的配置示例,这些示例演示了如何设置爆破工具(例如Metasploit或Hydra)来进行字典攻击。这里只是演示配置,实际爆破可能需要获得授权并遵守法律和道德规定。

SSH口令爆破

use auxiliary/scanner/ssh/ssh_login
set rhosts 192.168.1.7
set username root
set pass_file /root/pass.txt
set threads 10
exploit

Samba口令爆破

use auxiliary/scanner/smb/smb_login
set rhosts 192.168.1.7
set user_file /root/user.txt
set pass_file /root/pass.txt
set threads 10
exploit

FTP口令爆破

use scanner/ftp/ftp_login
set rhosts 192.168.1.7
set user_file /root/user.txt
set pass_file /root/pass.txt
set threads 10
exploit

MySQL口令爆破

search mysql
use auxiliary/scanner/mysql/mysql_login
set rhosts 192.168.1.7
set user_file /root/user.txt
set pass_file /root/pass.txt
exploit

Postgresql口令爆破

use auxiliary/scanner/postgres/postgres_login
set rhosts 192.168.1.7
set user_file /root/user.txt
set pass_file /root/pass.txt
exploit

Tomcat口令爆破

search tomcat

use auxiliary/scanner/http/tomcat_mgr_login
set rhosts 192.168.1.7
set user_file /root/user.txt
set pass_file /root/pass.txt
exploit

Telnet口令爆破

use auxiliary/scanner/telnet/telnet_login
set rhosts 192.168.1.7
set username administrator
set pass_file /root/pass.txt
exploit
Metasploit漏洞框架(详述强大的Metasploit、技术架构、Meterpreter的使用、优势、基本操作、服务查点、“永恒之蓝”演示)
Pluto.的博客
12-24 3954
文章目录Metasploit一、概述1. 简述2. 发展历史3. 技术架构- 辅助模块- 渗透攻击模块- 攻击载荷模块- 空指令模块- 编码器模块- 后渗透攻击模块- 免杀模块4. Metasploit的优势二、基本操作1. 启动MSF2. 情报搜集- 网站敏感目录扫描- 主机发现- 端口扫描- 探测服务详细信息- 服务查点1. telnet服务查点2. SSH服务查点3. MSSQL服务破解三、“永恒之蓝”漏洞演示1. 漏洞概述2. 实验步骤 Metasploit 一、概述 1. 简述 Metasploi
【渗透测试笔记】之【MSF 信息搜集】
AA8j的博客
11-11 1763
Nmap msf5 > db_nmap -sV 192.168.172.130 [*] Nmap: Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-07 16:20 CST [*] Nmap: Nmap scan report for 192.168.172.130 [*] Nmap: Host is up (0.0011s latency). [*] Nmap: Not shown: 997 closed ports [*] Nmap: POR
kali linux-msf-ssh爆破
10-13
使用 nmap(-A -T4参数) metasploit (直接search 查找,然后 use利用就好了)本模块将测试SSH登录,在一系列的机器和报告成功登录。如果你有一个数据库加载插件和连接到一个数据库,该模块会记录成功登录和HOSTS使您可以跟踪您的访问。
内网渗透之MSF内网扫描
没有网络安全就没有国家安全
03-07 1390
内网渗透之MSF内网扫描
文件存储服务FastDFS-mfs
03-15
文件存储服务FastDFS-mfs是一种高效、轻量级的分布式文件系统,专为解决大型互联网应用中的海量文件存储问题而设计。它具有高可用性、高性能、易扩展和低资源消耗等特点,是许多企业级应用的首选解决方案。 FastDFS...
FastDFSMFS文件存储服务技术解析
文件存储服务FastDFSMFS是当前分布式系统架构中广泛应用的两种高效、可靠的文件存储解决方案,二者均针对大规模数据存储场景设计,具备高可用性、可扩展性和负载均衡能力。从标题“文件存储服务FastDFS-mfs”以及...
MFS部署脚本及MFS部署包
12-06
4. **服务启动验证**:安装完成后,脚本会启动MFS服务,并进行简单的功能测试以验证安装是否成功。 ### MFS部署包 MFS部署包通常包含以下内容: 1. **MFS服务器软件**:这是MFS的核心组件,负责文件系统的管理...
集群--共享存储-ISCSI服务器--MFS服务器--NFS服务
Suweika的博客
08-24 1395
网络拓扑: DAS(直接附加存储) 普通磁盘 如:电脑内的磁盘,手机内的磁盘 优点:技术简单,传输速率更高 缺点:存储设备磁盘相互绑定 NAS(网络附加存储) 用户网络和NAS处于同一个广播域 如:小米路由器上可以接磁盘的接口,接上后可以开启局域网内网共享,客户机可以通过网络访问到共享磁盘 ,可以当备份磁盘 优点:技术相对简单;不要求存储设备直连主机(通过网络),只需在同局域网下即可;不需要操作文件系统,DAS需要格式化等等 缺点:存储速率较慢 个人数据存储用CIF协议;服务器存储用..
mfs.rar_libmfs_mfs
09-14
移植过程通常涉及修改特定硬件接口相关的部分,如磁盘I/O函数,然后就可以在新的平台上运行MFS了。 **4. 文件系统结构** MFS的内部结构包括超级块(Superblock)、inode(文件元数据)和数据块(File Data)。...
msf攻击FTP 服务.docx
04-26
通过图文并茂的方式详细描述了利用msf框架进行ftp攻击的过程,文中包含了命令和步骤,很详细,给初学者作为参考。
MSF进行SSH密钥爆破
最新发布
Raners_的博客
06-30 296
设置要爆破的ip地址,设置账号密码字典。
使用msf爆破ssh
weixin_45291045的博客
05-15 1644
启动msf msfconsole 选择模块 search ssh_longin 进入模块 use auxiliary/scanner/ssh/ssh_login 查看配置 show options 设置目标ip set RHOSTS 192.168.182.133 设置密码字典所在的路径文件 set pass_file 1.txt 设置用户名字典所在路径文件 set user_file 2.txt 查看是否设置成功 show options 启动爆破 run 爆破成功 连接 ssh
Msfconsole爆破ssh
m0_48178474的博客
06-24 6565
Msfconsole爆破ssh 一:什么是ssh Ssh为linux系统下的远程登录命令。好比windows下的远程桌面。登录ssh后可以对服务器进行相关的操作! 二:端口扫描 目标发现 1:用namp 或者netcat扫描网络,发现我的路由器是开启了ssh服务2:用netcap扫描 三:msfconsole破解密码 1:msfconsole运行 ...
MSF模块爆破SSH
HAKUNAMATATATTA的博客
11-28 3491
msf爆破模块的使用
.MSF爆破 简介:实验利用kali MSF中ftp_login模块对metasploitable2中ftp服务实施攻击
qq_44122254的博客
03-21 3178
启动msf 使用search搜索ftp_login模块,使用use命令使用 set rhosts 设置IP set user_file /root/Desktop/user.txt设置用户名 set pass_file /root/Desktop/password.txt设置密码 在执行的时候我有出错了一下,我忘记提前建立user和password的爆破文档了 Run进行爆破 这是爆破成功的 如果只是在自己的kali复现漏洞做实验的话,做字典的时候没必要添加太多,浪费时间 ...
【转载】metasploit内网渗透中的一些模块
weixin_30730151的博客
12-02 499
下面附上内网渗透中可能用得上的msf模块 scanner/portscan/syn SYN端口扫描scanner/portscan/tcp TCP端口扫描 auxiliary/scanner/smb/smb_login SMB登录测试扫描use windows/smb/psexec ...
利用Metasploit Framework(msf)进行内网(域)渗透
初学者L_言的博客
07-03 6853
只要去往 192.168.47.0这个网段的数据都将通过 Session转发出去!!! 内网进行端口扫描:use auxiliary/scanner/portscan/tcp use exploit/windows/smb/ms08_067_netapi
使用MSF批量探测内网MS17-010漏洞
2301_77147728的博客
03-29 1158
探测MS17-010可以先通过smb模块扫描出开放了445端口的主机,然后再使用MS17-010模块进行漏洞探测。这种方法适不仅适用于MS17-010漏洞的探测。如果默认没有链接的话可以先自己装一个postgresql数据库,然后新建一个名为msf的库,在msf中执行命令连接:db_connect postgres:123456@127.0.0.1:5433/msf。首先启动数据库:service postgresql start。扫描完成后,扫描的信息会自动存入数据库,可通过hosts命令查看。
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

微软技术分享

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值