不乱于心,不困于情。
不畏将来,不念过往。如此,安好。

使用METASPLOIT扫描服务器

同样,除了使用Nmap在目标网络上执行服务扫描之外,Metasploit还包括用于各种服务的各种扫描程序,通常可以帮助您确定目标计算机上潜在的易受攻击的服务。

 

SSH服务

先前的扫描显示,我们在两台计算机上都打开了TCP端口22。SSH非常安全,但漏洞并非闻所未闻,它总是值得从目标中收集尽可能多的信息。

msf > services -p 22 -c name,port,proto

Services
========

host            name  port  proto
----            ----  ----  -----
172.16.194.163  ssh   22    tcp
172.16.194.172  ssh   22    tcp

我们将加载ssh_version辅助扫描程序,并发出set命令来设置’RHOSTS’选项。在这里,我们可以通过简单键入run来运行模块。

msf > use auxiliary/scanner/ssh/ssh_version

msf  auxiliary(ssh_version) > set RHOSTS 172.16.194.163 172.16.194.172
RHOSTS => 172.16.194.163 172.16.194.172

msf  auxiliary(ssh_version) > show options

Module options (auxiliary/scanner/ssh/ssh_version):

   Name     Current Setting                Required  Description
   ----     ---------------                --------  -----------
   RHOSTS   172.16.194.163 172.16.194.172  yes       The target address range or CIDR identifier
   RPORT    22                             yes       The target port
   THREADS  1                              yes       The number of concurrent threads
   TIMEOUT  30                             yes       Timeout for the SSH probe


msf  auxiliary(ssh_version) > run

[*] 172.16.194.163:22, SSH server version: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
[*] Scanned 1 of 2 hosts (050% complete)
[*] 172.16.194.172:22, SSH server version: SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1
[*] Scanned 2 of 2 hosts (100% complete)
[*] Auxiliary module execution completed

FTP服务

配置不当的FTP服务器通常可以成为获得访问整个网络所需的立足点,因此,只要遇到通常在TCP端口21上的开放FTP端口,它总是值得检查一下是否允许匿名访问。此处将“ THREADS”设置为“ 1”,因为我们仅扫描1台主机。

msf > services -p 21 -c name,proto

Services
========

host            name  proto
----            ----  -----
172.16.194.172  ftp   tcp

msf > use auxiliary/scanner/ftp/ftp_version 

msf  auxiliary(ftp_version) > set RHOSTS 172.16.194.172
RHOSTS => 172.16.194.172

msf  auxiliary(anonymous) > show options
Module options (auxiliary/scanner/ftp/anonymous):

   Name     Current Setting      Required  Description
   ----     ---------------      --------  -----------
   FTPPASS  mozilla@example.com  no        The password for the specified username
   FTPUSER  anonymous            no        The username to authenticate as
   RHOSTS   172.16.194.172       yes       The target address range or CIDR identifier
   RPORT    21                   yes       The target port
   THREADS  1                    yes       The number of concurrent threads

msf  auxiliary(anonymous) > run

[*] 172.16.194.172:21 Anonymous READ (220 (vsFTPd 2.3.4))
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

在短时间内且只需很少的工作,我们就能获取有关网络上驻留的主机的大量信息,从而使我们可以更好地了解进行渗透测试时所面临的问题。

显然有太多扫描仪无法显示。很明显,Metasploit框架非常适合您的所有扫描和识别需求。

msf > use auxiliary/scanner/
Display all 485 possibilities? (y or n)

...snip...
赞(0)
未经允许不得转载:seo优化_前端开发_渗透技术 » 使用METASPLOIT扫描服务器