metasploit 中的DB

時間 2019-11-07

標籤 metasploit 简体版

原文原文鏈接

滲透測試任務中，主機/服務/漏洞等信息若是手動維護，會帶來巨大的工做量。ios

在metasploit中，這部分工做已經被封裝的很是好，每次調用內部模塊執行的任務結果都會自動存入DB.經過簡單的指令便可以方便的查看。dom

metasploit 中的DB操做ssh

msf > help database

Database Backend Commands
=========================

    Command        Description
    -------        -----------
    creds          List all credentials in the database
    db_connect     Connect to an existing database
    db_disconnect  Disconnect from the current database instance
    db_export      Export a file containing the contents of the database
    db_import      Import a scan result file (filetype will be auto-detected)
    db_nmap        Executes nmap and records the output automatically
    db_status      Show the current database status
    hosts          List all hosts in the database
    loot           List all loot in the database
    notes          List all notes in the database
    services       List all services in the database
    vulns          List all vulnerabilities in the database
    workspace      Switch between database workspaces
msf auxiliary(ssh_version) > show options

Module options (auxiliary/scanner/ssh/ssh_version):

   Name     Current Setting                        Required  Description
   ----     ---------------                        --------  -----------
   RHOSTS   file:/root/DailyPentest/IPSrc/example  yes       The target address range or CIDR identifier
   RPORT    22                                     yes       The target port
   THREADS  1                                      yes       The number of concurrent threads
   TIMEOUT  30                                     yes       Timeout for the SSH probe

msf auxiliary(ssh_version) > set RHOSTS file:/root/DailyPentest/IPSrc/aa
RHOSTS => file:/root/DailyPentest/IPSrc/aa
msf auxiliary(ssh_version) > run

[*] 124.127.106.5:22, SSH server version: SSH-1.99-OpenSSH_5.8p2
[*] Scanned 1 of 9 hosts (011% complete)
[*] 124.127.106.3:22, SSH server version: SSH-1.99-OpenSSH_3.9p1
[*] Scanned 2 of 9 hosts (022% complete)
[*] Scanned 3 of 9 hosts (033% complete)
[*] Scanned 4 of 9 hosts (044% complete)
[*] Scanned 5 of 9 hosts (055% complete)
[*] Scanned 6 of 9 hosts (066% complete)
[*] Scanned 7 of 9 hosts (077% complete)
[*] 167.124.236.145:22, SSH server version: SSH-2.0-ArrayOS
[*] Scanned 8 of 9 hosts (088% complete)
[-] 167.124.236.184:22, SSH server version detection failed!
[*] Scanned 9 of 9 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(ssh_version) > services

Services
========

host             port  proto  name          state  info
----             ----  -----  ----          -----  ----
167.124.236.145  22    tcp    ssh           open   SSH-2.0-ArrayOS
167.124.236.243  22    tcp    ssh           open   SSH-2.0-ArrayOS
124.127.106.3    22    tcp    ssh           open   SSH-1.99-OpenSSH_3.9p1
124.127.106.5    22    tcp    ssh           open   SSH-1.99-OpenSSH_5.8p2
192.168.0.104    135   tcp    msrpc         open   
192.168.0.104    554   tcp    rtsp          open   
192.168.0.104    445   tcp    microsoft-ds  open   Windows 7 Ultimate 7601 Service Pack (Build 1) (language: Unknown) (name:WIN-R2OU7BR820S) (domain:WORKGROUP)
192.168.0.104    139   tcp    netbios-ssn   open   
192.168.0.105    21    tcp    ftp           open   220 (vsFTPd 2.0.6)\x0d\x0a
192.168.0.105    22    tcp    ssh           open   SSH-2.0-OpenSSH_4.7p1 Debian-8
192.168.0.105    631   tcp    ipp           open   

msf auxiliary(ssh_version) > services -p 22

Services
========

host             port  proto  name  state  info
----             ----  -----  ----  -----  ----
167.124.236.145  22    tcp    ssh   open   SSH-2.0-ArrayOS
167.124.236.243  22    tcp    ssh   open   SSH-2.0-ArrayOS
124.127.106.3    22    tcp    ssh   open   SSH-1.99-OpenSSH_3.9p1
124.127.106.5    22    tcp    ssh   open   SSH-1.99-OpenSSH_5.8p2
192.168.0.105    22    tcp    ssh   open   SSH-2.0-OpenSSH_4.7p1 Debian-8

能夠用db_nmap 取代nmap，由於其結果會直接導入DB, 能夠及其方便的用指令查看tcp

msf > services -R 192.168.0.105

Services
========

host           port  proto  name  state  info
----           ----  -----  ----  -----  ----
192.168.0.105  21    tcp    ftp   open   220 (vsFTPd 2.0.6)\x0d\x0a
192.168.0.105  22    tcp    ssh   open   SSH-2.0-OpenSSH_4.7p1 Debian-8
192.168.0.105  631   tcp    ipp   open   

RHOSTS => 192.168.0.105

msf > services -p 21

Services
========

host           port  proto  name  state  info
----           ----  -----  ----  -----  ----
192.168.0.105  21    tcp    ftp   open   220 (vsFTPd 2.0.6)\x0d\x0a

1. Metasploit 中OpenVas嘗試
2. Metasploit
3. metasploit
4. 電子技術中的dB
5. Metasploit對Rundll32的
6. 使用metasploit中Evasion模塊
7. 解決Metasploit中shell亂碼的問題
8. metasploit中數據庫PostgreSQL的使用
9. 【譯】Metasploit：如何在 Metasploit 中使用反彈 Shell
10. metasploit的fuzz探索
更多相關文章...
• Spring中Bean的作用域 - Spring教程
• 現實生活中的 XML - XML 教程
• C# 中 foreach 遍歷的用法
• Scala 中文亂碼解決

相關標籤/搜索

metasploit+postgresql

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。