注:请多喝点热水或者凉白开,可预防肾结石,通风等。
痛风可伴发肥胖症、高血压病、糖尿病、脂代谢紊乱等多种代谢性疾病。

攻击机:
192.168.1.5 Debian

靶机:
192.168.1.2 Windows 7
192.168.1.119 Windows 2003

MSF的search支持type搜索:

  1. msf > search scanner type:auxiliary 
  3. Matching Modules
  4. ================ 
  6. Name Disclosure Date Rank Check Description
  7. ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐
  8. auxiliary/admin/appletv/appletv_display_image normal No Apple TV Image Remote Control
  9. auxiliary/admin/appletv/appletv_display_video normal No Apple TV Video Remote Control
  10. auxiliary/admin/smb/check_dir_file normal Yes SMB Scanner CheckFile/Directory Utility
  11. auxiliary/admin/teradata/teradata_odbc_sql 20180329 normal Yes Teradata ODBC SQL Query Module
  12. auxiliary/bnat/bnat_scan normal Yes BNAT Scanner
  13. auxiliary/gather/citrix_published_applications normal No Citrix MetaFrame ICA Published Applications Scanner
  14. auxiliary/gather/enum_dns normal No DNS Record Scanner and Enumerator
  15. ....
  16. auxiliary/scanner/winrm/winrm_cmd normal Yes WinRM Command Runner
  17. auxiliary/scanner/winrm/winrm_login normal Yes WinRM Login Utility
  18. auxiliary/scanner/winrm/winrm_wql normal Yes WinRM WQL Query Runner
  19. auxiliary/scanner/wproxy/att_open_proxy 20170831 normal Yes Open WANtoLAN proxy on AT&T routers
  20. auxiliary/scanner/wsdd/wsdd_query normal Yes WSDiscovery Information Discovery
  21. auxiliary/scanner/x11/open_x11 normal Yes X11 NoAuth Scanner

第二十三课:基于MSF发现内网存活主机第一季 - 图1

第一季主要介绍 scanner 下的五个模块,辅助发现内网存活主机,分别为:

  • auxiliary/scanner/discovery/arp_sweep
  • auxiliary/scanner/discovery/udp_sweep
  • auxiliary/scanner/ftp/ftp_version
  • auxiliary/scanner/http/http_version
  • auxiliary/scanner/smb/smb_version

一:基于scanner/http/http_version发现HTTP服务

  1. msf auxiliary(scanner/http/http_version) > show options 
  3. Module options (auxiliary/scanner/http/http_version): 
  5. Name Current Setting Required Description
  6. ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐
  7. Proxies no A proxy chain of format type:host:port[,type:host:port] [...]
  8. RHOSTS 192.168.1.0/24 yes The target address range or CIDR identifier
  9. RPORT 80 yes The target port (TCP)
  10. SSL false no Negotiate SSL/TLS for outgoing connections
  11. THREADS 20 yes The number of concurrent threads
  12. VHOST no HTTP server virtual host 
  14. msf auxiliary(scanner/http/http_version) > exploit 
  16. [+] 192.168.1.1:80
  17. [*] Scanned 27 of 256 hosts (10% complete)
  18. [*] Scanned 63 of 256 hosts (24% complete)
  19. [*] Scanned 82 of 256 hosts (32% complete)
  20. [*] Scanned 103 of 256 hosts (40% complete)
  21. [+] 192.168.1.119:80 MicrosoftIIS/6.0 ( Powered by ASP.NET )
  22. [*] Scanned 129 of 256 hosts (50% complete)
  23. [*] Scanned 154 of 256 hosts (60% complete)
  24. [*] Scanned 182 of 256 hosts (71% complete)
  25. [*] Scanned 205 of 256 hosts (80% complete)
  26. [*] Scanned 231 of 256 hosts (90% complete)
  27. [*] Scanned 256 of 256 hosts (100% complete)
  28. [*] Auxiliary module execution completed

第二十三课:基于MSF发现内网存活主机第一季 - 图2

二:基于scanner/smb/smb_version发现SMB服务

  1. msf auxiliary(scanner/smb/smb_version) > show options 
  3. Module options (auxiliary/scanner/smb/smb_version): 
  5. Name Current Setting Required Description
  6. ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐
  7. RHOSTS 192.168.1.0/24 yes The target address range or CIDR identifier
  8. SMBDomain . no The Windows domain to use for authentication
  9. SMBPass no The password for the specified username
  10. SMBUser no The username to authenticate as
  11. THREADS 20 yes The number of concurrent threads 
  13. msf auxiliary(scanner/smb/smb_version) > exploit 
  15. [+] 192.168.1.2:445  Host is running Windows 7 Ultimate SP1 (build:7601) (name:JOHNPC) (workgroup:WORKGROUP )
  16. [*] Scanned 40 of 256 hosts (15% complete)
  17. [*] Scanned 60 of 256 hosts (23% complete)
  18. [*] Scanned 79 of 256 hosts (30% complete)
  19. [+] 192.168.1.119:445  Host is running Windows 2003 R2 SP2 (build:3790) (name:WIN03X64)
  20. [*] Scanned 103 of 256 hosts (40% complete)
  21. [*] Scanned 128 of 256 hosts (50% complete)
  22. [*] Scanned 154 of 256 hosts (60% complete)
  23. [*] Scanned 181 of 256 hosts (70% complete)
  24. [*] Scanned 206 of 256 hosts (80% complete)
  25. [*] Scanned 231 of 256 hosts (90% complete)
  26. [*] Scanned 256 of 256 hosts (100% complete)
  27. [*] Auxiliary module execution completed

第二十三课:基于MSF发现内网存活主机第一季 - 图3

三:基于scanner/ftp/ftp_version发现FTP服务

  1. msf auxiliary(scanner/ftp/ftp_version) > show options 
  3. Module options (auxiliary/scanner/ftp/ftp_version): 
  5. Name Current Setting Required Description
  6. ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐
  7. FTPPASS mozilla@example.com no The password for the specified username
  8. FTPUSER anonymous no The username to authenticate as
  9. RHOSTS 192.168.1.0/24 yes The target address range or CIDR identifier
  10. RPORT 21 yes The target port (TCP)
  11. THREADS 50 yes The number of concurrent threads 
  13. msf auxiliary(scanner/ftp/ftp_version) > exploit 
  15. [*] Scanned 51 of 256 hosts (19% complete)
  16. [*] Scanned 52 of 256 hosts (20% complete)
  17. [*] Scanned 100 of 256 hosts (39% complete)
  18. [+] 192.168.1.119:21  FTP Banner: '220 Microsoft FTP Service\x0d\x0a'
  19. [*] Scanned 103 of 256 hosts (40% complete)
  20. [*] Scanned 133 of 256 hosts (51% complete)
  21. [*] Scanned 183 of 256 hosts (71% complete)
  22. [*] Scanned 197 of 256 hosts (76% complete)
  23. [*] Scanned 229 of 256 hosts (89% complete)
  24. [*] Scanned 231 of 256 hosts (90% complete)
  25. [*] Scanned 256 of 256 hosts (100% complete)
  26. [*] Auxiliary module execution completed

第二十三课:基于MSF发现内网存活主机第一季 - 图4

四:基于scanner/discovery/arp_sweep发现内网存活主机

  1. msf auxiliary(scanner/discovery/arp_sweep) > show options 
  3. Module options (auxiliary/scanner/discovery/arp_sweep): 
  5. Name Current Setting Required Description
  6. ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐
  7. INTERFACE no The name of the interface
  8. RHOSTS 192.168.1.0/24 yes The target address range or CIDR identifier
  9. SHOST no Source IP Address
  10. SMAC no Source MAC Address
  11. THREADS 50 yes The number of concurrent threads
  12. TIMEOUT 5 yes The number of seconds to wait for new data 
  14. msf auxiliary(scanner/discovery/arp_sweep) > exploit 
  16. [+] 192.168.1.1 appears to be up (UNKNOWN).
  17. [+] 192.168.1.2 appears to be up (UNKNOWN).
  18. [+] 192.168.1.119 appears to be up (VMware, Inc.).
  19. [*] Scanned 256 of 256 hosts (100% complete)
  20. [*] Auxiliary module execution completed

第二十三课:基于MSF发现内网存活主机第一季 - 图5

五:基于scanner/discovery/udp_sweep发现内网存活主机

  1. msf auxiliary(scanner/discovery/udp_sweep) > show options 
  3. Module options (auxiliary/scanner/discovery/udp_sweep): 
  5. Name Current Setting Required Description
  6. ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐
  7. BATCHSIZE 256 yes The number of hosts to probe in each set
  8. RHOSTS 192.168.1.0/24 yes The target address range or CIDR identifier
  9. THREADS 50 yes The number of concurrent threads 
  11. msf auxiliary(scanner/discovery/udp_sweep) > exploit 
  13. [*] Sending 13 probes to 192.168.1.0‐>192.168.1.255 (256 hosts)
  14. [*] Discovered DNS on 192.168.1.1:53 (ce2a8500000100010000000007564552  53494f4e0442494e440000100003c00c0010000300000001001a19737572656c7920796f7
  15. 5206d757374206265206a6f6b696e67)
  16. [*] Discovered NetBIOS on 192.168.1.2:137 (JOHNPC:<00>:U :WORKGROUP:<00>:G :JOHNPC:<20>:U :WORKGROUP:<1e>:G :WORKGROUP:<1d>:U
  17. :__MSBROWSE__ <01>:G :4c:cc:6a:e3:51:27)
  18. [*] Discovered NetBIOS on 192.168.1.119:137 (WIN03X64:<00>:U :WIN03X64:<20>:U :WORKGROUP:<00>:G :WORKGROUP:<1e>:G :WIN03X64:<03>:U
  19. :ADMINISTRA TOR:<03>:U :WIN03X64:<01>:U :00:0c:29:85:d6:7d)
  20. [*] Scanned 256 of 256 hosts (100% complete)
  21. [*] Auxiliary module execution completed

第二十三课:基于MSF发现内网存活主机第一季 - 图6

Micropoor