Metasploit从文件中读取目标地址

  本文简单介绍如何使用Metasploit从文件中读取目标地址,来执行检测。

  以检测MS17-010漏洞为例,在设定RHOSTS参数时,可设定目标地址范围和CIDR地址块,设定单个IP的目标也是可以的。

  参考:Metasploit set rhosts file

msf > use auxiliary/scanner/smb/smb_ms17_010 
msf auxiliary(smb_ms17_010) > show options

Module options (auxiliary/scanner/smb/smb_ms17_010):

   Name        Current Setting  Required  Description
   ----        ---------------  --------  -----------
   CHECK_DOPU  true             yes       Check for DOUBLEPULSAR on vulnerable hosts
   RHOSTS                       yes       The target address range or CIDR identifier
   RPORT       445              yes       The SMB service port (TCP)
   SMBDomain   .                no        The Windows domain to use for authentication
   SMBPass                      no        The password for the specified username
   SMBUser                      no        The username to authenticate as
   THREADS     1                yes       The number of concurrent threads

  但如何设定从文件中读取目标地址呢?

  其实可以使用file指定读取的目标文件...如下:

msf auxiliary(smb_ms17_010) > set rhosts file:/root/pentest/10-all.txt      # 设置读取的文件
rhosts => file:/root/pentest/10-all.txt
msf auxiliary(smb_ms17_010) > show options

Module options (auxiliary/scanner/smb/smb_ms17_010):

   Name        Current Setting                Required  Description
   ----        ---------------                --------  -----------
   CHECK_DOPU  true                           yes       Check for DOUBLEPULSAR on vulnerable hosts
   RHOSTS      file:/root/pentest/10-all.txt  yes       The target address range or CIDR identifier
   RPORT       445                            yes       The SMB service port (TCP)
   SMBDomain   .                              no        The Windows domain to use for authentication
   SMBPass                                    no        The password for the specified username
   SMBUser                                    no        The username to authenticate as
   THREADS     1                              yes       The number of concurrent threads

msf auxiliary(smb_ms17_010) > set threads 10
threads => 10
msf auxiliary(smb_ms17_010) > show options

Module options (auxiliary/scanner/smb/smb_ms17_010):

   Name        Current Setting                Required  Description
   ----        ---------------                --------  -----------
   CHECK_DOPU  true                           yes       Check for DOUBLEPULSAR on vulnerable hosts
   RHOSTS      file:/root/pentest/10-all.txt  yes       The target address range or CIDR identifier
   RPORT       445                            yes       The SMB service port (TCP)
   SMBDomain   .                              no        The Windows domain to use for authentication
   SMBPass                                    no        The password for the specified username
   SMBUser                                    no        The username to authenticate as
   THREADS     10                             yes       The number of concurrent threads

  设置完成之后,就可以执行扫描了。

msf auxiliary(smb_ms17_010) > spool ms17-010.txt         # 输出记录写入到文件
[*] Spooling to file ms17-010.txt...
msf auxiliary(smb_ms17_010) > exploit                    # 执行检测

[-] 10.0.0.17:445         - An SMB Login Error occurred while connecting to the IPC$ tree.
[-] 10.0.0.13:445         - Host does NOT appear vulnerable.
[-] 10.0.0.14:445         - Host does NOT appear vulnerable.
[-] 10.0.0.2:445          - Host does NOT appear vulnerable.
[-] 10.0.0.11:445         - Host does NOT appear vulnerable.

[-] 10.2.2.25:445         - Host does NOT appear vulnerable.
[-] 10.2.3.160:445        - Host does NOT appear vulnerable.
[-] 10.2.3.162:445        - Host does NOT appear vulnerable.
[-] 10.5.0.2:445          - An SMB Login Error occurred while connecting to the IPC$ tree.
[-] 10.5.0.11:445         - Host does NOT appear vulnerable.
[-] 10.5.0.13:445         - Host does NOT appear vulnerable.
[-] 10.5.0.24:445         - Host does NOT appear vulnerable.
[+] 10.5.0.25:445         - Host is likely VULNERABLE to MS17-010!  (Windows Server 2012 R2 Standard 9600)

  扫描结束之后,使用spool off,即可停止记录。

  ms17-010.txt文件中将会保存所有的检测记录。

posted @ 2019-06-24 14:55 starnight_cyber 阅读(...) 评论(...) 编辑 收藏