07-25-2009, 07:43 AM
|
||||
|
||||
Utilisation de metasploit comme scanner
tout est dans le titre
 commencer par updater metasploit et lancer la console Code:
bt ~ # cd /pentest/exploits/framework3/
bt framework3 # msfconsole
_ _ _ _
| | | | (_) |
_ __ ___ ___| |_ __ _ ___ _ __ | | ___ _| |_
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
| | | | | | __/ || (_| \__ \ |_) | | (_) | | |_
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|
| |
|_|
=¦ msf v3.2-testing
+ -- --=¦ 294 exploits - 124 payloads
+ -- --=¦ 17 encoders - 6 nops
=¦ 58 aux
msf >
Code:
msf > show auxiliary Auxiliary ========= Name Description ---- ----------- admin/backupexec/dump Veritas Backup Exec Windows Remote File Access admin/backupexec/registry Veritas Backup Exec Server Registry Access admin/cisco/ios_http_auth_bypass Cisco IOS HTTP Unauthorized Administrative Access admin/emc/alphastor_devicemanager_exec EMC AlphaStor Device Manager Arbitrary Command Execution admin/emc/alphastor_librarymanager_exec EMC AlphaStor Library Manager Arbitrary Command Execution admin/maxdb/maxdb_cons_exec SAP MaxDB cons.exe Remote Command Injection admin/motorola/wr850g_cred Motorola WR850G v4.03 Credentials admin/ms/ms08_059_his2006 Microsoft Host Integration Server 2006 Command Execution Vulnerability. admin/pop2/uw_fileretrieval UoW pop2d Remote File Retrieval Vulnerability admin/serverprotect/file TrendMicro ServerProtect File Access admin/webmin/file_disclosure Webmin file disclosure dos/cisco/ios_http_percentpercent Cisco IOS HTTP GET /%% request Denial of Service dos/freebsd/nfsd/nfsd_mount FreeBSD Remote NFS RPC Request Denial of Service dos/ftp/guildftp_cwdlist Guild FTPd 0.999.8.11/0.999.14 Heap Corruption dos/ftp/titan626_site Titan FTP Server 6.26.630 SITE WHO DoS dos/ftp/vicftps50_list Victory FTP Server 5.0 LIST DoS dos/ftp/xmeasy560_nlst XM Easy Personal FTP Server 5.6.0 NLST DoS dos/http/webrick_regex Ruby WEBrick::HTTP::DefaultFileHandler DoS dos/samba/lsa_addprivs_heap Samba lsa_io_privilege_set Heap Overflow dos/samba/lsa_transnames_heap Samba lsa_io_trans_names Heap Overflow dos/solaris/lpd/cascade_delete Solaris LPD Arbitrary File Delete dos/tftp/pt360_write PacketTrap TFTP Server 2.2.5459.0 DoS dos/windows/appian/appian_bpm Appian Enterprise Business Suite 5.6 SP1 DoS dos/windows/ftp/winftp230_nlst WinFTP 2.3.0 NLST Denial of Service dos/windows/nat/nat_helper Microsoft Windows NAT Helper Denial of Service dos/windows/smb/ms05_047_pnp Microsoft Plug and Play Service Registry Overflow dos/windows/smb/ms06_035_mailslot Microsoft SRV.SYS Mailslot Write Corruption dos/windows/smb/ms06_063_trans Microsoft SRV.SYS Pipe Transaction No Null dos/windows/smb/rras_vls_null_deref Microsoft RRAS InterfaceAdjustVLSPointers NULL Dereference dos/windows/smtp/ms06_019_exchange MS06-019 Exchange MODPROP Heap Overflow dos/wireless/cts_rts_flood Wireless CTS/RTS Flooder dos/wireless/daringphucball Apple Airport 802.11 Probe Response Kernel Memory Corruption dos/wireless/deauth Wireless DEAUTH Flooder dos/wireless/fakeap Wireless Fake Access Point Beacon Flood dos/wireless/file2air Wireless Frame (File) Injector dos/wireless/fuzz_beacon Wireless Beacon Frame Fuzzer dos/wireless/fuzz_proberesp Wireless Probe Response Frame Fuzzer dos/wireless/netgear_ma521_rates NetGear MA521 Wireless Driver Long Rates Overflow dos/wireless/netgear_wg311pci NetGear WG311v1 Wireless Driver Long SSID Overflow dos/wireless/probe_resp_null_ssid Multiple Wireless Vendor NULL SSID Probe Response dos/wireless/wifun Wireless Test Module dos/wireshark/ldap Wireshark LDAP dissector DOS scanner/dcerpc/endpoint_mapper Endpoint Mapper Service Discovery scanner/dcerpc/hidden Hidden DCERPC Service Discovery scanner/dcerpc/management Remote Management Interface Discovery scanner/discovery/sweep_udp UDP Service Sweeper scanner/emc/alphastor_devicemanager EMC AlphaStor Device Manager Service. scanner/emc/alphastor_librarymanager EMC AlphaStor Library Manager Service. scanner/ftp/anonymous Anonymous FTP Access Detection scanner/http/frontpage FrontPage Server Extensions Detection scanner/http/frontpage_login FrontPage Server Extensions Login Utility scanner/http/lucky_punch HTTP Microsoft SQL Injection Table XSS Infection scanner/http/version HTTP Version Detection scanner/http/wmap_backup_file HTTP Backup File Scanner scanner/http/wmap_blind_sql_query HTTP Blind SQL Injection GET QUERY Scanner scanner/http/wmap_brute_dirs HTTP Directory Brute Force Scanner scanner/http/wmap_dir_listing HTTP Directory Listing Scanner scanner/http/wmap_dir_scanner HTTP Directory Scanner scanner/http/wmap_files_dir HTTP Interesting File Scanner scanner/http/wmap_replace_ext HTTP File Extension Scanner scanner/http/wmap_sqlmap SQLMAP SQL Injection External Module scanner/http/wmap_ssl_vhost HTTP SSL Certificate VHOST Detection scanner/http/wmap_vhost_scanner HTTP Virtual Host Brute Force Scanner scanner/http/writable HTTP Writable Path PUT/DELETE File Access scanner/misc/ib_service_mgr_info Borland InterBase Services Manager Information scanner/mssql/mssql_login MSSQL Login Utility scanner/mssql/mssql_ping MSSQL Ping Utility scanner/portscan/tcp TCP Port Scanner scanner/smb/ms08_067_netapi Microsoft Server Service MS08-067 Patch Scanner scanner/smb/pipe_auditor SMB Session Pipe Auditor scanner/smb/pipe_dcerpc_auditor SMB Session Pipe DCERPC Auditor scanner/smb/version SMB Version Detection scanner/vnc/vnc_none_auth VNC Authentication None Detection scanner/x11/open_x11 X11 No-Auth Scanner server/browser_autopwn HTTP Client Automatic Exploiter server/capture/ftp Authentication Capture: FTP server/capture/http Authentication Capture: HTTP server/capture/imap Authentication Capture: IMAP server/capture/pop3 Authentication Capture: POP3 server/capture/smb Authentication Capture: SMB server/capture/smtp Authentication Capture: SMTP ... spoof/dns/bailiwicked_host DNS BailiWicked Host Attack spoof/dns/compare_results DNS Lookup Result Comparison test/capture Simple Network Capture Tester test/ip_spoof Simple IP Spoofing Tester test/recon_passive Simple Recon Module Tester test/scanner_batch Simple Recon Module Tester test/scanner_host Simple Recon Module Tester test/scanner_range Simple Recon Module Tester voip/sip_invite_spoof SIP Invite Spoof Code:
msf > use scanner/portscan/tcp msf auxiliary(tcp) > set RHOSTS 192.168.1.63 RHOSTS => 192.168.1.63 msf auxiliary(tcp) > run ¦*¦ TCP OPEN 192.168.1.63:135 ¦*¦ TCP OPEN 192.168.1.63:139 ¦*¦ TCP OPEN 192.168.1.63:445 ¦*¦ Auxiliary module execution completed Code:
msf > use scanner/smb/version msf auxiliary(version) > set RHOSTS 192.168.1.63-192.168.1.63 RHOSTS => 192.168.1.63-192.168.1.63 msf auxiliary(version) > run ¦*¦ 192.168.1.63 is running Windows XP Service Pack 2 (language: French) ¦*¦ Auxiliary module execution completed Code:
msf > use scanner/discovery/sweep_udp msf auxiliary(sweep_udp) > set RHOSTS 192.168.1.63-192.168.1.63 RHOSTS => 192.168.1.63-192.168.1.63 msf auxiliary(sweep_udp) > run ¦*¦ Sending 7 probes to 192.168.1.63->192.168.1.63 (1 hosts) ¦*¦ Discovered NetBIOS on 192.168.1.63 (83d68400000000010000000020434b4141414141414141414141414141414141414141414141...) ¦*¦ Discovered SQL Server on 192.168.1.63 (Version=10.0.1600.22 ServerName=XP-SQL IsClustered=No InstanceName=SQLEXPRESS ) ¦*¦ Discovered NTP on 192.168.1.63 (Microsoft NTP) ¦*¦ Auxiliary module execution completed Code:
msf > use scanner/mssql/mssql_ping msf auxiliary(mssql_ping) > set RHOSTS 192.168.1.63 RHOSTS => 192.168.1.63 msf auxiliary(mssql_ping) > run ¦*¦ SQL Server information for 192.168.1.63: ¦*¦ Version = 10.0.1600.22 ¦*¦ ServerName = XP-SQL ¦*¦ IsClustered = No ¦*¦ InstanceName = SQLEXPRESS ¦*¦ Auxiliary module execution completed msf auxiliary(mssql_ping) > show auxiliary Have fun with metasploit 
|
 |
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 03:58 PM.
