配置kali中的ssh
# 修改ssh配置文件
vim /etc/ssh/sshd_config
PasswordAuthentication yes
PermitRootLogin yes
# 配置ssh跟随系统启动运行
systemctl enable
systemctl restart ssh
配置与metasploit关联的PostgreSQL数据库
systemctl start postgresql
msfdb init
# msfdb命令可以用来管理数据库,直接运行可以查看相关的命令
msfdb
#metasploit关联PostgreSQL数据库配置文件路径
/usr/share/metasploit-framework/config/database.yml
登录msf查看数据库是否连接
msfconsole
db_status # 查看数据库连接状态
db_disconnect #断开连接
db_connect #连接与数据库的连接
创建工作区
workspace -a book #创建一个book工作区并使用
workspace 工作区名字 #直接跟一个存在的工作区名称,就切换了工作区
workspace -h #查看更详细的命令介绍
导入其它扫描器的结果 例如nmap
# 将nmap的扫结果保存为254.xml
nmap -A 192.168.10.254 -oX 254.xml
# 导入254.xml
msfconsole
workspace book #进入一个工作区
db_import /root/254.xml
查看当前工作区扫描过的主机
hosts #列出主机信息
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
14.215.178.80 Unknown device
112.80.248.64 Unknown device
120.209.138.64 Unknown device
180.76.76.92 Unknown device
192.168.10.1 Unknown device
192.168.10.122 78:dd:08:ca:8d:dc ROOT-TVI862UBEH Windows XP client
192.168.10.128 78:dd:08:ca:8d:dc DH-CA8822AB9589 Windows XP SP3 client
192.168.10.254 78:dd:08:ca:8d:dc Linux 2.6.X server
202.108.22.220 Unknown device
220.181.37.10 Unknown device
220.181.57.216 Unknown device
# 通过 -c 指定显示的列
hosts -c address,os_name
Hosts
=====
address os_name
------- -------
14.215.178.80 Unknown
112.80.248.64 Unknown
120.209.138.64 Unknown
180.76.76.92 Unknown
192.168.10.1 Unknown
192.168.10.122 Windows XP
192.168.10.128 Windows XP
192.168.10.254 Linux
202.108.22.220 Unknown
220.181.37.10 Unknown
220.181.57.216 Unknown
# 通过-S 搜索包含关键字啊的信息
hosts -S Windows
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
192.168.10.122 78:dd:08:ca:8d:dc ROOT-TVI862UBEH Windows XP client
192.168.10.128 78:dd:08:ca:8d:dc DH-CA8822AB9589 Windows XP SP3 client
# 通过 -h 参数查看更详细的信息
msf > hosts -h
Usage: hosts [ options ] [addr1 addr2 ...]
OPTIONS:
-a,--add Add the hosts instead of searching
-d,--delete Delete the hosts instead of searching
-c <col1,col2> Only show the given columns (see list below)
-C <col1,col2> Only show the given columns until the next restart (see list below)
-h,--help Show this help information
-u,--up Only show hosts which are up
-o <file> Send output to a file in csv format
-O <column> Order rows by specified column number
-R,--rhosts Set RHOSTS from the results of the search
-S,--search Search string to filter by
-i,--info Change the info of a host
-n,--name Change the name of a host
-m,--comment Change the comment of a host
-t,--tag Add or specify a tag to a range of hosts
Available columns: address, arch, comm, comments, created_at, cred_count, detected_arch, exploit_attempt_count, host_detail_count, info, mac, name, note_count, os_family, os_flavor, os_lang, os_name, os_sp, purpose, scope, service_count, state, updated_at, virtual_host, vuln_count, tags
查看当前工作区扫描过的主机的端口信息
# 查看所有的端口服务
services
Services
========
host port proto name state info
---- ---- ----- ---- ----- ----
192.168.10.1 80 tcp open
192.168.10.122 21 tcp ftp open Microsoft ftpd
192.168.10.122 80 tcp http open Microsoft IIS httpd 6.0
192.168.10.122 135 tcp msrpc open Microsoft Windows RPC
192.168.10.122 139 tcp netbios-ssn open Microsoft Windows netbios-ssn
192.168.10.122 445 tcp microsoft-ds open Windows Server 2003 3790 microsoft-ds
192.168.10.122 777 tcp multiling-http open
192.168.10.122 1025 tcp msrpc open Microsoft Windows RPC
192.168.10.122 1026 tcp msrpc open Microsoft Windows RPC
192.168.10.122 1027 tcp msrpc open Microsoft Windows RPC
192.168.10.122 1029 tcp msrpc open Microsoft Windows RPC
192.168.10.122 6002 tcp http open SafeNet Sentinel Protection Server 7.3
# 查看特定的服务
services -s ftp
Services
========
host port proto name state info
---- ---- ----- ---- ----- ----
192.168.10.122 21 tcp ftp open Microsoft ftpd
192.168.10.254 21 tcp ftp open ProFTPD 1.3.1
# 查看特定的端口
services -p 22
Services
========
host port proto name state info
---- ---- ----- ---- ----- ----
192.168.10.254 22 tcp ssh open OpenSSH 4.7p1 Debian 8ubuntu1 protocol 2.0
# 查看只包含关键字的信息
services -S Apache
Services
========
host port proto name state info
---- ---- ----- ---- ----- ----
192.168.10.254 80 tcp http open Apache httpd 2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch
192.168.10.254 8009 tcp ajp13 open Apache Jserv Protocol v1.3
192.168.10.254 8180 tcp http open Apache Tomcat/Coyote JSP engine 1.1
# 通过 -h 查看更详细的使用帮助
Usage: services [-h] [-u] [-a] [-r <proto>] [-p <port1,port2>] [-s <name1,name2>] [-o <filename>] [addr1 addr2 ...]
-a,--add Add the services instead of searching
-d,--delete Delete the services instead of searching
-c <col1,col2> Only show the given columns
-h,--help Show this help information
-s <name1,name2> Search for a list of service names
-p <port1,port2> Search for a list of ports
-r <protocol> Only show [tcp|udp] services
-u,--up Only show services which are up
-o <file> Send output to a file in csv format
-O <column> Order rows by specified column number
-R,--rhosts Set RHOSTS from the results of the search
-S,--search Search string to filter by
Available columns: created_at, info, name, port, proto, state, updated_at
网友评论