Metasploit从文件中读取目标地址
生活随笔
收集整理的這篇文章主要介紹了
Metasploit从文件中读取目标地址
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
本文簡單介紹如何使用Metasploit從文件中讀取目標地址,來執行檢測。
以檢測MS17-010漏洞為例,在設定RHOSTS參數時,可設定目標地址范圍和CIDR地址塊,設定單個IP的目標也是可以的。
參考:Metasploit set rhosts file
msf > use auxiliary/scanner/smb/smb_ms17_010 msf auxiliary(smb_ms17_010) > show optionsModule options (auxiliary/scanner/smb/smb_ms17_010):Name Current Setting Required Description---- --------------- -------- -----------CHECK_DOPU true yes Check for DOUBLEPULSAR on vulnerable hostsRHOSTS yes The target address range or CIDR identifierRPORT 445 yes The SMB service port (TCP)SMBDomain . no The Windows domain to use for authenticationSMBPass no The password for the specified usernameSMBUser no The username to authenticate asTHREADS 1 yes The number of concurrent threads但如何設定從文件中讀取目標地址呢?
其實可以使用file指定讀取的目標文件...如下:
msf auxiliary(smb_ms17_010) > set rhosts file:/root/pentest/10-all.txt # 設置讀取的文件 rhosts => file:/root/pentest/10-all.txt msf auxiliary(smb_ms17_010) > show optionsModule options (auxiliary/scanner/smb/smb_ms17_010):Name Current Setting Required Description---- --------------- -------- -----------CHECK_DOPU true yes Check for DOUBLEPULSAR on vulnerable hostsRHOSTS file:/root/pentest/10-all.txt yes The target address range or CIDR identifierRPORT 445 yes The SMB service port (TCP)SMBDomain . no The Windows domain to use for authenticationSMBPass no The password for the specified usernameSMBUser no The username to authenticate asTHREADS 1 yes The number of concurrent threadsmsf auxiliary(smb_ms17_010) > set threads 10 threads => 10 msf auxiliary(smb_ms17_010) > show optionsModule options (auxiliary/scanner/smb/smb_ms17_010):Name Current Setting Required Description---- --------------- -------- -----------CHECK_DOPU true yes Check for DOUBLEPULSAR on vulnerable hostsRHOSTS file:/root/pentest/10-all.txt yes The target address range or CIDR identifierRPORT 445 yes The SMB service port (TCP)SMBDomain . no The Windows domain to use for authenticationSMBPass no The password for the specified usernameSMBUser no The username to authenticate asTHREADS 10 yes The number of concurrent threads設置完成之后,就可以執行掃描了。
msf auxiliary(smb_ms17_010) > spool ms17-010.txt # 輸出記錄寫入到文件 [*] Spooling to file ms17-010.txt... msf auxiliary(smb_ms17_010) > exploit # 執行檢測[-] 10.0.0.17:445 - An SMB Login Error occurred while connecting to the IPC$ tree. [-] 10.0.0.13:445 - Host does NOT appear vulnerable. [-] 10.0.0.14:445 - Host does NOT appear vulnerable. [-] 10.0.0.2:445 - Host does NOT appear vulnerable. [-] 10.0.0.11:445 - Host does NOT appear vulnerable.[-] 10.2.2.25:445 - Host does NOT appear vulnerable. [-] 10.2.3.160:445 - Host does NOT appear vulnerable. [-] 10.2.3.162:445 - Host does NOT appear vulnerable. [-] 10.5.0.2:445 - An SMB Login Error occurred while connecting to the IPC$ tree. [-] 10.5.0.11:445 - Host does NOT appear vulnerable. [-] 10.5.0.13:445 - Host does NOT appear vulnerable. [-] 10.5.0.24:445 - Host does NOT appear vulnerable. [+] 10.5.0.25:445 - Host is likely VULNERABLE to MS17-010! (Windows Server 2012 R2 Standard 9600)掃描結束之后,使用spool off,即可停止記錄。
ms17-010.txt文件中將會保存所有的檢測記錄。
轉載于:https://www.cnblogs.com/Hi-blog/p/Metasploit-Read-Target-from-File.html
與50位技術專家面對面20年技術見證,附贈技術全景圖總結
以上是生活随笔為你收集整理的Metasploit从文件中读取目标地址的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 你还笃信亲身经历的事情吗?来看看大脑如何
- 下一篇: MvvmLight框架使用入门(三)