用metasploit扫描mssqlserver2000

用的metasploit是4.5.0，安装在fedora 9上面。mssqlserver2000 + sp4安装在XP+sp3上面。关闭xp的防火墙，启动mssqlserver2000，新建SQL Server注册。然后运行metasploit。启动msfconsole要花好20秒左右，第一次不知道，还以为安装错了呢。

[root@localhost app]# pwd/opt/metasploit-4.5.0/app[root@localhost app]# msfconsole MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM                MMMMMMMMMMMMMN$                           vMMMMMMMNl  MMMMM             MMMMM  JMMMMMMMNl  MMMMMMMN       NMMMMMMM  JMMMMMMMNl  MMMMMMMMMNmmmNMMMMMMMMM  JMMMMMMMNI  MMMMMMMMMMMMMMMMMMMMMMM  jMMMMMMMNI  MMMMMMMMMMMMMMMMMMMMMMM  jMMMMMMMNI  MMMMM   MMMMMMM   MMMMM  jMMMMMMMNI  MMMMM   MMMMMMM   MMMMM  jMMMMMMMNI  MMMNM   MMMMMMM   MMMMM  jMMMMMMMNI  WMMMM   MMMMMMM   MMMM#  JMMMMMMMMR  ?MMNM             MMMMM .dMMMMMMMMNm `?MMM             MMMM` dMMMMMMMMMMMN  ?MM             MM?  NMMMMMNMMMMMMMMNe                 JMMMMMNMMMMMMMMMMMMMNm,            eMMMMMNMMNMMMMMMNNMNMMMMMNx        MMMMMMNMMNMMNMMMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM       =[ metasploit v4.5.0-release [core:4.5 api:1.0]+ -- --=[ 1000 exploits - 624 auxiliary - 168 post+ -- --=[ 262 payloads - 28 encoders - 8 nopsmsf > 

如上所示

msf > use scanner/mssql/mssql_pingmsf  auxiliary(mssql_ping) > set RHOSTS 192.168.1.109RHOSTS => 192.168.1.109msf  auxiliary(mssql_ping) > run[*] Scanned 1 of 1 hosts (100% complete)[*] Auxiliary module execution completedmsf  auxiliary(mssql_ping) > run[*] SQL Server information for 192.168.1.109:[+]    ServerName      = 20100617-1003[+]    InstanceName    = MSSQLSERVER[+]    IsClustered     = No[+]    Version         = 8.00.194[+]    tcp             = 1433[+]    np              = \\20100617-1003\pipe\sql\query[*] Scanned 1 of 1 hosts (100% complete)[*] Auxiliary module execution completedmsf  auxiliary(mssql_ping) > 

截图如下：

要服务器端关闭防火墙才可以扫描到mssqlserver的服务，如果开着防火墙就扫描不到了。