0x00 metasploit的基本配置

配置kali中的ssh

# 修改ssh配置文件
vim /etc/ssh/sshd_config
PasswordAuthentication yes
PermitRootLogin yes

# 配置ssh跟隨系統(tǒng)啟動(dòng)運(yùn)行
systemctl enable
systemctl restart ssh

配置與metasploit關(guān)聯(lián)的PostgreSQL數(shù)據(jù)庫

systemctl start postgresql
msfdb init

# msfdb命令可以用來管理數(shù)據(jù)庫,直接運(yùn)行可以查看相關(guān)的命令
msfdb

#metasploit關(guān)聯(lián)PostgreSQL數(shù)據(jù)庫配置文件路徑
/usr/share/metasploit-framework/config/database.yml

登錄msf查看數(shù)據(jù)庫是否連接

msfconsole
db_status # 查看數(shù)據(jù)庫連接狀態(tài)
db_disconnect  #斷開連接
db_connect   #連接與數(shù)據(jù)庫的連接

創(chuàng)建工作區(qū)

workspace -a book  #創(chuàng)建一個(gè)book工作區(qū)并使用
workspace 工作區(qū)名字  #直接跟一個(gè)存在的工作區(qū)名稱,就切換了工作區(qū)
workspace -h #查看更詳細(xì)的命令介紹

導(dǎo)入其它掃描器的結(jié)果 例如nmap

# 將nmap的掃結(jié)果保存為254.xml
nmap -A 192.168.10.254 -oX 254.xml

# 導(dǎo)入254.xml
msfconsole
workspace book #進(jìn)入一個(gè)工作區(qū)
db_import /root/254.xml

查看當(dāng)前工作區(qū)掃描過的主機(jī)

hosts  #列出主機(jī)信息

Hosts
=====

address         mac                name             os_name     os_flavor  os_sp  purpose  info  comments
-------         ---                ----             -------     ---------  -----  -------  ----  --------
14.215.178.80                                       Unknown                       device         
112.80.248.64                                       Unknown                       device         
120.209.138.64                                      Unknown                       device         
180.76.76.92                                        Unknown                       device         
192.168.10.1                                        Unknown                       device         
192.168.10.122  78:dd:08:ca:8d:dc  ROOT-TVI862UBEH  Windows XP                    client         
192.168.10.128  78:dd:08:ca:8d:dc  DH-CA8822AB9589  Windows XP             SP3    client         
192.168.10.254  78:dd:08:ca:8d:dc                   Linux                  2.6.X  server         
202.108.22.220                                      Unknown                       device         
220.181.37.10                                       Unknown                       device         
220.181.57.216                                      Unknown                       device         

# 通過 -c 指定顯示的列
hosts -c address,os_name

Hosts
=====

address         os_name
-------         -------
14.215.178.80   Unknown
112.80.248.64   Unknown
120.209.138.64  Unknown
180.76.76.92    Unknown
192.168.10.1    Unknown
192.168.10.122  Windows XP
192.168.10.128  Windows XP
192.168.10.254  Linux
202.108.22.220  Unknown
220.181.37.10   Unknown
220.181.57.216  Unknown

# 通過-S 搜索包含關(guān)鍵字啊的信息
hosts -S Windows

Hosts
=====

address         mac                name             os_name     os_flavor  os_sp  purpose  info  comments
-------         ---                ----             -------     ---------  -----  -------  ----  --------
192.168.10.122  78:dd:08:ca:8d:dc  ROOT-TVI862UBEH  Windows XP                    client         
192.168.10.128  78:dd:08:ca:8d:dc  DH-CA8822AB9589  Windows XP             SP3    client    

# 通過 -h 參數(shù)查看更詳細(xì)的信息 

msf > hosts -h
Usage: hosts [ options ] [addr1 addr2 ...]

OPTIONS:
  -a,--add          Add the hosts instead of searching
  -d,--delete       Delete the hosts instead of searching
  -c <col1,col2>    Only show the given columns (see list below)
  -C <col1,col2>    Only show the given columns until the next restart (see list below)
  -h,--help         Show this help information
  -u,--up           Only show hosts which are up
  -o <file>         Send output to a file in csv format
  -O <column>       Order rows by specified column number
  -R,--rhosts       Set RHOSTS from the results of the search
  -S,--search       Search string to filter by
  -i,--info         Change the info of a host
  -n,--name         Change the name of a host
  -m,--comment      Change the comment of a host
  -t,--tag          Add or specify a tag to a range of hosts

Available columns: address, arch, comm, comments, created_at, cred_count, detected_arch, exploit_attempt_count, host_detail_count, info, mac, name, note_count, os_family, os_flavor, os_lang, os_name, os_sp, purpose, scope, service_count, state, updated_at, virtual_host, vuln_count, tags

查看當(dāng)前工作區(qū)掃描過的主機(jī)的端口信息

# 查看所有的端口服務(wù)
services

Services
========

host            port  proto  name            state  info
----            ----  -----  ----            -----  ----
192.168.10.1    80    tcp                    open   
192.168.10.122  21    tcp    ftp             open   Microsoft ftpd
192.168.10.122  80    tcp    http            open   Microsoft IIS httpd 6.0
192.168.10.122  135   tcp    msrpc           open   Microsoft Windows RPC
192.168.10.122  139   tcp    netbios-ssn     open   Microsoft Windows netbios-ssn
192.168.10.122  445   tcp    microsoft-ds    open   Windows Server 2003 3790 microsoft-ds
192.168.10.122  777   tcp    multiling-http  open   
192.168.10.122  1025  tcp    msrpc           open   Microsoft Windows RPC
192.168.10.122  1026  tcp    msrpc           open   Microsoft Windows RPC
192.168.10.122  1027  tcp    msrpc           open   Microsoft Windows RPC
192.168.10.122  1029  tcp    msrpc           open   Microsoft Windows RPC
192.168.10.122  6002  tcp    http            open   SafeNet Sentinel Protection Server 7.3

# 查看特定的服務(wù)
services -s ftp

Services
========

host            port  proto  name  state  info
----            ----  -----  ----  -----  ----
192.168.10.122  21    tcp    ftp   open   Microsoft ftpd
192.168.10.254  21    tcp    ftp   open   ProFTPD 1.3.1

# 查看特定的端口
services -p 22
Services
========

host            port  proto  name  state  info
----            ----  -----  ----  -----  ----
192.168.10.254  22    tcp    ssh   open   OpenSSH 4.7p1 Debian 8ubuntu1 protocol 2.0

# 查看只包含關(guān)鍵字的信息
services -S Apache

Services
========

host            port  proto  name   state  info
----            ----  -----  ----   -----  ----
192.168.10.254  80    tcp    http   open   Apache httpd 2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch
192.168.10.254  8009  tcp    ajp13  open   Apache Jserv Protocol v1.3
192.168.10.254  8180  tcp    http   open   Apache Tomcat/Coyote JSP engine 1.1


# 通過 -h 查看更詳細(xì)的使用幫助

Usage: services [-h] [-u] [-a] [-r <proto>] [-p <port1,port2>] [-s <name1,name2>] [-o <filename>] [addr1 addr2 ...]

  -a,--add          Add the services instead of searching
  -d,--delete       Delete the services instead of searching
  -c <col1,col2>    Only show the given columns
  -h,--help         Show this help information
  -s <name1,name2>  Search for a list of service names
  -p <port1,port2>  Search for a list of ports
  -r <protocol>     Only show [tcp|udp] services
  -u,--up           Only show services which are up
  -o <file>         Send output to a file in csv format
  -O <column>       Order rows by specified column number
  -R,--rhosts       Set RHOSTS from the results of the search
  -S,--search       Search string to filter by

Available columns: created_at, info, name, port, proto, state, updated_at
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

  • 一 漏洞及漏洞發(fā)掘方法 漏洞,是指在硬件、軟件、協(xié)議實(shí)現(xiàn)或系統(tǒng)安全策略上存在缺陷,攻擊者能夠在未授權(quán)的情況下對(duì)系統(tǒng)...
    kaitoulee閱讀 15,661評(píng)論 0 30
  • 第六章 漏洞利用 作者:Willie L. Pritchett, David De Smet 譯者:飛龍 協(xié)議:C...
    布客飛龍閱讀 2,828評(píng)論 0 43
  • 目前為止,最流行,最強(qiáng)大,最具擴(kuò)展性的滲透測(cè)試平臺(tái)軟件。共4個(gè)版本,其中pro版是企業(yè)級(jí)全功能的高級(jí)滲透測(cè)試平臺(tái)(...
    昨天今天下雨天1閱讀 1,152評(píng)論 0 1
  • Metasploit基本介紹與配置 Metasploit作為一個(gè)非常全面的滲透工具,用來收集信息非常好用,信息收集...
    yingtaomj閱讀 2,986評(píng)論 0 2
  • 內(nèi)在小孩之旅結(jié)束的第二天,也就是今天5月3號(hào),給自己安排了一天的休息,睡醒后已經(jīng)是下午兩點(diǎn)。想著晚上的航班準(zhǔn)備著行...
    雙子菇?jīng)?/span>閱讀 269評(píng)論 0 0

友情鏈接更多精彩內(nèi)容