注:请多喝点热水或者凉白开,可预防肾结石,通风等。
痛风可伴发肥胖症、高血压病、糖尿病、脂代谢紊乱等多种代谢性疾病。

攻击机:
192.168.1.5 Debian

靶机:
192.168.1.2 Windows 7
192.168.1.119 Windows 2003

MSF的search支持type搜索:

  1. msf > search scanner type:auxiliary
  2. Matching Modules
  3. ================
  4. Name Disclosure Date Rank Check Description
  5. ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐
  6. auxiliary/admin/appletv/appletv_display_image normal No Apple TV Image Remote Control
  7. auxiliary/admin/appletv/appletv_display_video normal No Apple TV Video Remote Control
  8. auxiliary/admin/smb/check_dir_file normal Yes SMB Scanner CheckFile/Directory Utility
  9. auxiliary/admin/teradata/teradata_odbc_sql 20180329 normal Yes Teradata ODBC SQL Query Module
  10. auxiliary/bnat/bnat_scan normal Yes BNAT Scanner
  11. auxiliary/gather/citrix_published_applications normal No Citrix MetaFrame ICA Published Applications Scanner
  12. auxiliary/gather/enum_dns normal No DNS Record Scanner and Enumerator
  13. ....
  14. auxiliary/scanner/winrm/winrm_cmd normal Yes WinRM Command Runner
  15. auxiliary/scanner/winrm/winrm_login normal Yes WinRM Login Utility
  16. auxiliary/scanner/winrm/winrm_wql normal Yes WinRM WQL Query Runner
  17. auxiliary/scanner/wproxy/att_open_proxy 20170831 normal Yes Open WANtoLAN proxy on AT&T routers
  18. auxiliary/scanner/wsdd/wsdd_query normal Yes WSDiscovery Information Discovery
  19. auxiliary/scanner/x11/open_x11 normal Yes X11 NoAuth Scanner

第二十三课:基于MSF发现内网存活主机第一季 - 图1

第一季主要介绍 scanner 下的五个模块,辅助发现内网存活主机,分别为:

  • auxiliary/scanner/discovery/arp_sweep
  • auxiliary/scanner/discovery/udp_sweep
  • auxiliary/scanner/ftp/ftp_version
  • auxiliary/scanner/http/http_version
  • auxiliary/scanner/smb/smb_version

一:基于scanner/http/http_version发现HTTP服务

  1. msf auxiliary(scanner/http/http_version) > show options
  2. Module options (auxiliary/scanner/http/http_version):
  3. Name Current Setting Required Description
  4. ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐
  5. Proxies no A proxy chain of format type:host:port[,type:host:port] [...]
  6. RHOSTS 192.168.1.0/24 yes The target address range or CIDR identifier
  7. RPORT 80 yes The target port (TCP)
  8. SSL false no Negotiate SSL/TLS for outgoing connections
  9. THREADS 20 yes The number of concurrent threads
  10. VHOST no HTTP server virtual host
  11. msf auxiliary(scanner/http/http_version) > exploit
  12. [+] 192.168.1.1:80
  13. [*] Scanned 27 of 256 hosts (10% complete)
  14. [*] Scanned 63 of 256 hosts (24% complete)
  15. [*] Scanned 82 of 256 hosts (32% complete)
  16. [*] Scanned 103 of 256 hosts (40% complete)
  17. [+] 192.168.1.119:80 MicrosoftIIS/6.0 ( Powered by ASP.NET )
  18. [*] Scanned 129 of 256 hosts (50% complete)
  19. [*] Scanned 154 of 256 hosts (60% complete)
  20. [*] Scanned 182 of 256 hosts (71% complete)
  21. [*] Scanned 205 of 256 hosts (80% complete)
  22. [*] Scanned 231 of 256 hosts (90% complete)
  23. [*] Scanned 256 of 256 hosts (100% complete)
  24. [*] Auxiliary module execution completed

第二十三课:基于MSF发现内网存活主机第一季 - 图2

二:基于scanner/smb/smb_version发现SMB服务

  1. msf auxiliary(scanner/smb/smb_version) > show options
  2. Module options (auxiliary/scanner/smb/smb_version):
  3. Name Current Setting Required Description
  4. ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐
  5. RHOSTS 192.168.1.0/24 yes The target address range or CIDR identifier
  6. SMBDomain . no The Windows domain to use for authentication
  7. SMBPass no The password for the specified username
  8. SMBUser no The username to authenticate as
  9. THREADS 20 yes The number of concurrent threads
  10. msf auxiliary(scanner/smb/smb_version) > exploit
  11. [+] 192.168.1.2:445 Host is running Windows 7 Ultimate SP1 (build:7601) (name:JOHNPC) (workgroup:WORKGROUP )
  12. [*] Scanned 40 of 256 hosts (15% complete)
  13. [*] Scanned 60 of 256 hosts (23% complete)
  14. [*] Scanned 79 of 256 hosts (30% complete)
  15. [+] 192.168.1.119:445 Host is running Windows 2003 R2 SP2 (build:3790) (name:WIN03X64)
  16. [*] Scanned 103 of 256 hosts (40% complete)
  17. [*] Scanned 128 of 256 hosts (50% complete)
  18. [*] Scanned 154 of 256 hosts (60% complete)
  19. [*] Scanned 181 of 256 hosts (70% complete)
  20. [*] Scanned 206 of 256 hosts (80% complete)
  21. [*] Scanned 231 of 256 hosts (90% complete)
  22. [*] Scanned 256 of 256 hosts (100% complete)
  23. [*] Auxiliary module execution completed

第二十三课:基于MSF发现内网存活主机第一季 - 图3

三:基于scanner/ftp/ftp_version发现FTP服务

  1. msf auxiliary(scanner/ftp/ftp_version) > show options
  2. Module options (auxiliary/scanner/ftp/ftp_version):
  3. Name Current Setting Required Description
  4. ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐
  5. FTPPASS mozilla@example.com no The password for the specified username
  6. FTPUSER anonymous no The username to authenticate as
  7. RHOSTS 192.168.1.0/24 yes The target address range or CIDR identifier
  8. RPORT 21 yes The target port (TCP)
  9. THREADS 50 yes The number of concurrent threads
  10. msf auxiliary(scanner/ftp/ftp_version) > exploit
  11. [*] Scanned 51 of 256 hosts (19% complete)
  12. [*] Scanned 52 of 256 hosts (20% complete)
  13. [*] Scanned 100 of 256 hosts (39% complete)
  14. [+] 192.168.1.119:21 FTP Banner: '220 Microsoft FTP Service\x0d\x0a'
  15. [*] Scanned 103 of 256 hosts (40% complete)
  16. [*] Scanned 133 of 256 hosts (51% complete)
  17. [*] Scanned 183 of 256 hosts (71% complete)
  18. [*] Scanned 197 of 256 hosts (76% complete)
  19. [*] Scanned 229 of 256 hosts (89% complete)
  20. [*] Scanned 231 of 256 hosts (90% complete)
  21. [*] Scanned 256 of 256 hosts (100% complete)
  22. [*] Auxiliary module execution completed

第二十三课:基于MSF发现内网存活主机第一季 - 图4

四:基于scanner/discovery/arp_sweep发现内网存活主机

  1. msf auxiliary(scanner/discovery/arp_sweep) > show options
  2. Module options (auxiliary/scanner/discovery/arp_sweep):
  3. Name Current Setting Required Description
  4. ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐
  5. INTERFACE no The name of the interface
  6. RHOSTS 192.168.1.0/24 yes The target address range or CIDR identifier
  7. SHOST no Source IP Address
  8. SMAC no Source MAC Address
  9. THREADS 50 yes The number of concurrent threads
  10. TIMEOUT 5 yes The number of seconds to wait for new data
  11. msf auxiliary(scanner/discovery/arp_sweep) > exploit
  12. [+] 192.168.1.1 appears to be up (UNKNOWN).
  13. [+] 192.168.1.2 appears to be up (UNKNOWN).
  14. [+] 192.168.1.119 appears to be up (VMware, Inc.).
  15. [*] Scanned 256 of 256 hosts (100% complete)
  16. [*] Auxiliary module execution completed

第二十三课:基于MSF发现内网存活主机第一季 - 图5

五:基于scanner/discovery/udp_sweep发现内网存活主机

  1. msf auxiliary(scanner/discovery/udp_sweep) > show options
  2. Module options (auxiliary/scanner/discovery/udp_sweep):
  3. Name Current Setting Required Description
  4. ‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐
  5. BATCHSIZE 256 yes The number of hosts to probe in each set
  6. RHOSTS 192.168.1.0/24 yes The target address range or CIDR identifier
  7. THREADS 50 yes The number of concurrent threads
  8. msf auxiliary(scanner/discovery/udp_sweep) > exploit
  9. [*] Sending 13 probes to 192.168.1.0‐>192.168.1.255 (256 hosts)
  10. [*] Discovered DNS on 192.168.1.1:53 (ce2a8500000100010000000007564552 53494f4e0442494e440000100003c00c0010000300000001001a19737572656c7920796f7
  11. 5206d757374206265206a6f6b696e67)
  12. [*] Discovered NetBIOS on 192.168.1.2:137 (JOHNPC:<00>:U :WORKGROUP:<00>:G :JOHNPC:<20>:U :WORKGROUP:<1e>:G :WORKGROUP:<1d>:U
  13. :__MSBROWSE__ <01>:G :4c:cc:6a:e3:51:27)
  14. [*] Discovered NetBIOS on 192.168.1.119:137 (WIN03X64:<00>:U :WIN03X64:<20>:U :WORKGROUP:<00>:G :WORKGROUP:<1e>:G :WIN03X64:<03>:U
  15. :ADMINISTRA TOR:<03>:U :WIN03X64:<01>:U :00:0c:29:85:d6:7d)
  16. [*] Scanned 256 of 256 hosts (100% complete)
  17. [*] Auxiliary module execution completed

第二十三课:基于MSF发现内网存活主机第一季 - 图6

Micropoor