切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
29 Nessus : 配合METASPLOIT[复制链接]
发表于 2012-8-6 18:10:09 | 显示全部楼层 |!read_mode!
视频:http://good.gd/2069519.htm
启动NESSUS,启动MSF,启动MSF的时候要链接数据库
载入NESSUS插件:
  1. msf > load nessus
  2. [*] Nessus Bridge for Metasploit 1.1
  3. [+] Type nessus_help for a command listing
  4. [*] Successfully loaded plugin: nessus
  5. msf >
复制代码
你现在可以输入nessus_help 查看帮助鸟
然后链接数据库
nessus_connect 账号:密码@安装NESSUS的IP
  1. msf > nessus_connect root:123456@127.0.0.1
  2. [*] Connecting to https://127.0.0.1:8834/ as root
  3. [*] Authenticated
  4. msf >
复制代码
查看模板:
  1. msf > nessus_policy_list
  2. [+] Nessus Policy List
  3. [+]

  4. ID  Name                                         Comments
  5. --  ----                                         --------
  6. -1  Prepare for PCI-DSS audits (section 11.2.2)  
  7. -2  Web App Tests                                
  8. -3  External Network Scan                        
  9. -4  Internal Network Scan                        
  10. 1    SMB BUG SCNNER                              

  11. msf >
复制代码
有5个模板 我们用 -4 Internal Network Scan 进行扫描吧
nessus_scan_new 模板ID 扫描的名字 目标IP
  1. msf > nessus_scan_new -4 wocaonima 5.5.5.130
  2. [*] Creating scan from policy number -4, called "wocaonima" and scanning 5.5.5.130
  3. [*] Scan started.  uid is c0170a88-8524-9858-54ec-316f0c787aecc0a7bfc3ec45b4c4
  4. msf >
复制代码
查看扫描进程:
  1. msf > nessus_scan_status
  2. [+] Running Scans
  3. [+]

  4. Scan ID                                               Name       Owner  Started            Status   Current Hosts  Total Hosts
  5. -------                                               ----       -----  -------            ------   -------------  -----------
  6. c0170a88-8524-9858-54ec-316f0c787aecc0a7bfc3ec45b4c4  wocaonima  root   08:57 May 20 2012  running  0              1

  7. [+]

  8. [*] You can:
  9. [+]                 Import Nessus report to database :         nessus_report_get
  10. [+]                 Pause a nessus scan :                         nessus_scan_pause
  11. msf >
复制代码
有一个在扫描 扫描ID是
  1. c0170a88-8524-9858-54ec-316f0c787aecc0a7bfc3ec45b4c4
复制代码
看状态: Status running 等待他停止
查看扫描结果


  1. msf > nessus_report_list
  2. [+] Nessus Report List
  3. [+]

  4. ID                                                    Name       Status     Date
  5. --                                                    ----       ------     ----
  6. 2e8800ea-95bf-ba65-f7f7-a4b52710c7a529eaaaa0e7720006  tes        completed  08:22 May 20 2012
  7. 76595d0c-6cff-b38a-49c8-3853ba3c2f8613bf5152aeee63f4  111        completed  08:24 May 20 2012
  8. c0170a88-8524-9858-54ec-316f0c787aecc0a7bfc3ec45b4c4  wocaonima  completed  08:58 May 20 2012


  9. [*] You can:
  10. [*]         Get a list of hosts from the report:          nessus_report_hosts
  11. msf >
复制代码
我们的扫描名字是 wocaonima 在第三个,吧扫描结果导入MSF的数据库中:
nessus_report_get 扫描ID
  1. msf > nessus_report_get c0170a88-8524-9858-54ec-316f0c787aecc0a7bfc3ec45b4c4
  2. [*] importing c0170a88-8524-9858-54ec-316f0c787aecc0a7bfc3ec45b4c4
  3. [*] 5.5.5.130
  4. [+] Done
  5. msf >
复制代码
下面进入METASPLOIT参数:
查看主机
  1. msf > hosts

  2. Hosts
  3. =====

  4. address    mac                name       os_name            os_flavor  os_sp  purpose  info  comments
  5. -------    ---                ----       -------            ---------  -----  -------  ----  --------
  6. 5.5.5.130  00:0C:29:80:F2:02  5.5.5.130  Microsoft Windows  XP         SP2    client         

  7. msf >
复制代码
查看主机信息:
  1. msf > notes
  2. [*] Time: 2012-05-20 16:00:03 UTC Note: host=5.5.5.130 type=host.os.nessus_fingerprint data={:os=>"Microsoft Windows XP Service Pack 2\nMicrosoft Windows XP Service Pack 3"}
复制代码
查看主机开放的端口:
  1. msf > services

  2. Services
  3. ========

  4. host       port  proto  name        state  info
  5. ----       ----  -----  ----        -----  ----
  6. 5.5.5.130  123   udp    ntp         open   
  7. 5.5.5.130  135   tcp    epmap       open   
  8. 5.5.5.130  137   udp    netbios-ns  open   
  9. 5.5.5.130  139   tcp    smb         open   
  10. 5.5.5.130  445   tcp    cifs        open  
复制代码
查看漏洞:


  1. msf > vulns
  2. [*] Time: 2012-05-20 16:00:03 UTC Vuln: host=5.5.5.130 name=Nessus Scan Information refs=NSS-19506
  3. [*] Time: 2012-05-20 16:00:03 UTC Vuln: host=5.5.5.130 name=Ethernet Card Manufacturer Detection refs=NSS-35716
  4. [*] Time: 2012-05-20 16:00:03 UTC Vuln: host=5.5.5.130 name=Common Platform Enumeration (CPE) refs=NSS-45590
  5. [*] Time: 2012-05-20 16:00:03 UTC Vuln: host=5.5.5.130 name=MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (uncredentialed check) refs=CVE-2008-4250,BID-31874,OSVDB-49243,IAVA-2008-A-0081,MSFT-MS08-067,CWE-94,MSF-Microsoft Server Service Relative Path Stack Corruption,NSS-34477
  6. [*] Time: 2012-05-20 16:00:03 UTC Vuln: host=5.5.5.130 name=MS05-027: Vulnerability in SMB Could Allow Remote Code Execution (896422) (uncredentialed check) refs=CVE-2005-1206,BID-13942,OSVDB-17308,MSFT-MS05-027,NSS-18502
  7. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=Device Type refs=NSS-54615
  8. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=OS Identification refs=NSS-11936
  9. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=VMware Virtual Machine Detection refs=NSS-20094
  10. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=SMB Signing Disabled refs=NSS-57608
  11. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=TCP/IP Timestamps Supported refs=NSS-25220
  12. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=Network Time Protocol (NTP) Server Detection refs=NSS-10884
  13. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=Traceroute Information refs=NSS-10287
  14. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=ICMP Timestamp Request Remote Date Disclosure refs=CVE-1999-0524,OSVDB-94,CWE-200,NSS-10114
  15. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=MS09-001: Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687) (uncredentialed check) refs=CVE-2008-4834,CVE-2008-4835,CVE-2008-4114,BID-31179,BID-33121,BID-33122,OSVDB-48153,OSVDB-52691,OSVDB-52692,MSFT-MS09-001,NSS-35362
  16. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=Microsoft Windows SMB LanMan Pipe Server Listing Disclosure refs=OSVDB-300,NSS-10397
  17. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=MS06-040: Vulnerability in Server Service Could Allow Remote Code Execution (921883) (uncredentialed check) refs=CVE-2006-3439,BID-19409,OSVDB-27845,IAVA-2006-A-0036,MSFT-MS06-040,MSF-Microsoft Server Service NetpwPathCanonicalize Overflow,NSS-22194
  18. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159) (uncredentialed check) refs=CVE-2006-1314,CVE-2006-1315,BID-18863,BID-18891,OSVDB-27154,OSVDB-27155,MSFT-MS06-035,NSS-22034
  19. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Registry refs=NSS-26917
  20. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=Microsoft Windows SMB NULL Session Authentication refs=CVE-1999-0519,CVE-1999-0520,CVE-2002-1117,BID-494,OSVDB-299,OSVDB-8230,NSS-26920
  21. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=Nessus SYN scanner refs=NSS-11219
  22. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=Microsoft Windows SMB Log In Possible refs=MSF-Microsoft Windows Authenticated User Code Execution,NSS-10394
  23. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=Microsoft Windows SMB NativeLanManager Remote System Information Disclosure refs=NSS-10785
  24. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=Windows NetBIOS / SMB Remote Host Information Disclosure refs=NSS-10150
  25. [*] Time: 2012-05-20 16:00:04 UTC Vuln: host=5.5.5.130 name=Microsoft Windows SMB Service Detection refs=NSS-11011
  26. msf >
复制代码
然后搜索漏洞 溢出 你懂的

操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-1 04:57

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部