Metasploit (二)

1、测试一台搭建的主机

msf > db_nmap -n -A 10.140.110.16
[*] Nmap: Starting Nmap 7.60 ( https://nmap.org ) at 2018-09-04 20:19 CST
[*] Nmap: Nmap scan report for 10.140.110.16
[*] Nmap: Host is up (0.093s latency).
[*] Nmap: Not shown: 982 closed ports
[*] Nmap: PORT      STATE    SERVICE        VERSION
[*] Nmap: 135/tcp   open     msrpc          Microsoft Windows RPC
[*] Nmap: 139/tcp   open     netbios-ssn    Microsoft Windows netbios-ssn
[*] Nmap: 443/tcp   open     ssl/http       VMware VirtualCenter Web service
[*] Nmap: |_http-title: Site doesn't have a title (text; charset=plain).
[*] Nmap: | ssl-cert: Subject: commonName=VMware/countryName=US
[*] Nmap: | Not valid before: 2017-03-12T12:26:45
[*] Nmap: |_Not valid after:  2018-03-12T12:26:45
[*] Nmap: |_ssl-date: 2018-09-04T12:23:06+00:00; +17s from scanner time.
[*] Nmap: | vmware-version:
[*] Nmap: |   Server version: VMware Workstation 10.0.3
[*] Nmap: |   Build: 1895310
[*] Nmap: |   Locale version: INTL
[*] Nmap: |   OS type: win32-x86
[*] Nmap: |_  Product Line ID: ws
[*] Nmap: 445/tcp   open     microsoft-ds   Windows 7 Ultimate 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
[*] Nmap: 514/tcp   filtered shell
[*] Nmap: 902/tcp   open     nagios-nsca    Nagios NSCA
[*] Nmap: 912/tcp   open     vmware-auth    VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
[*] Nmap: 1688/tcp  open     msrpc          Microsoft Windows RPC
[*] Nmap: 3011/tcp  open     http           Tridium Niagara httpd 3.0 (Platform: Windows 7)
[*] Nmap: | http-robots.txt: 1 disallowed entry
[*] Nmap: |_/
[*] Nmap: |_http-server-header: Niagara Web Server/3.0
[*] Nmap: |_http-title: Site doesn't have a title (text/html).
[*] Nmap: 3306/tcp  open     mysql          MySQL (unauthorized)
[*] Nmap: 3389/tcp  open     ms-wbt-server?
[*] Nmap: 8009/tcp  open     ajp13          Apache Jserv (Protocol v1.3)
[*] Nmap: |_ajp-methods: Failed to get a valid response for the OPTION request
[*] Nmap: 8080/tcp  open     http           Apache Tomcat/Coyote JSP engine 1.1
[*] Nmap: |_http-favicon: Apache Tomcat
[*] Nmap: |_http-open-proxy: Proxy might be redirecting requests
[*] Nmap: |_http-server-header: Apache-Coyote/1.1
[*] Nmap: |_http-title: Apache Tomcat/7.0.37
[*] Nmap: 49152/tcp open     msrpc          Microsoft Windows RPC
[*] Nmap: 49153/tcp open     msrpc          Microsoft Windows RPC
[*] Nmap: 49154/tcp open     msrpc          Microsoft Windows RPC
[*] Nmap: 49156/tcp open     msrpc          Microsoft Windows RPC
[*] Nmap: 49163/tcp open     msrpc          Microsoft Windows RPC
[*] Nmap: Device type: general purpose
[*] Nmap: Running: Microsoft Windows XP|7|2012
[*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012
[*] Nmap: OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012
[*] Nmap: Network Distance: 2 hops
[*] Nmap: Service Info: Host: MS-20160714YUJH; OS: Windows; Device: specialized; CPE: cpe:/o:microsoft:windows
[*] Nmap: Host script results:
[*] Nmap: |_clock-skew: mean: 17s, deviation: 0s, median: 16s
[*] Nmap: |_nbstat: NetBIOS name: MS-20160714YUJH, NetBIOS user: <unknown>, NetBIOS MAC: 34:97:f6:90:9e:c9 (Asustek Computer)
[*] Nmap: | smb-os-discovery:
[*] Nmap: |   OS: Windows 7 Ultimate 7601 Service Pack 1 (Windows 7 Ultimate 6.1)
[*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_7::sp1
[*] Nmap: |   Computer name: MS-20160714YUJH
[*] Nmap: |   NetBIOS computer name: MS-20160714YUJH\x00
[*] Nmap: |   Workgroup: WORKGROUP\x00
[*] Nmap: |_  System time: 2018-09-04T20:23:07+08:00
[*] Nmap: | smb-security-mode:
[*] Nmap: |   account_used: guest
[*] Nmap: |   authentication_level: user
[*] Nmap: |   challenge_response: supported
[*] Nmap: |_  message_signing: disabled (dangerous, but default)
[*] Nmap: | smb2-security-mode:
[*] Nmap: |   2.02:
[*] Nmap: |_    Message signing enabled but not required
[*] Nmap: | smb2-time:
[*] Nmap: |   date: 2018-09-04 20:23:06
[*] Nmap: |_  start_date: 2018-09-04 08:28:38
[*] Nmap: TRACEROUTE (using port 80/tcp)
[*] Nmap: HOP RTT     ADDRESS
[*] Nmap: 1   0.18 ms 192.168.142.2
[*] Nmap: 2   0.14 ms 10.140.110.16
[*] Nmap: OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 233.14 seconds

查询开启的服务

msf > service
[*] exec: service

Usage: service < option > | --status-all | [ service_name [ command | --full-restart ] ]
msf > services

Services
========

host           port   proto  name           state     info
----           ----   -----  ----           -----     ----
10.140.110.16  135    tcp    msrpc          open      Microsoft Windows RPC
10.140.110.16  139    tcp    netbios-ssn    open      Microsoft Windows netbios-ssn
10.140.110.16  443    tcp    ssl/http       open      VMware VirtualCenter Web service
10.140.110.16  445    tcp    microsoft-ds   open      Windows 7 Ultimate 7601 Service Pack 1 microsoft-ds workgroup: WORKGROUP
10.140.110.16  514    tcp    shell          filtered  
10.140.110.16  902    tcp    nagios-nsca    open      Nagios NSCA
10.140.110.16  912    tcp    vmware-auth    open      VMware Authentication Daemon 1.0 Uses VNC, SOAP
10.140.110.16  1688   tcp    msrpc          open      Microsoft Windows RPC
10.140.110.16  3011   tcp    http           open      Tridium Niagara httpd 3.0 Platform: Windows 7
10.140.110.16  3306   tcp    mysql          open      MySQL unauthorized
10.140.110.16  3389   tcp    ms-wbt-server  open      
10.140.110.16  8009   tcp    ajp13          open      Apache Jserv Protocol v1.3
10.140.110.16  8080   tcp    http           open      Apache Tomcat/Coyote JSP engine 1.1
10.140.110.16  49152  tcp    msrpc          open      Microsoft Windows RPC
10.140.110.16  49153  tcp    msrpc          open      Microsoft Windows RPC
10.140.110.16  49154  tcp    msrpc          open      Microsoft Windows RPC
10.140.110.16  49156  tcp    msrpc          open      Microsoft Windows RPC
10.140.110.16  49163  tcp    msrpc          open      Microsoft Windows RPC
202.201.39.51  22     tcp    ssh            open      OpenSSH 5.3 protocol 2.0
202.201.39.51  80     tcp    http           open      Apache httpd 2.2.15 (CentOS)
202.201.39.51  135    tcp    msrpc          filtered  
202.201.39.51  139    tcp    netbios-ssn    filtered  
202.201.39.51  445    tcp    microsoft-ds   filtered  
202.201.39.51  514    tcp    shell          filtered  
202.201.39.51  3306   tcp    mysql          open      MySQL unauthorized

 

posted @ 2018-09-04 21:15  疏桐  阅读(443)  评论(0编辑  收藏  举报
function e(n){ return document.getElementsByTagName(n) } function t(){ var t=e("script"),o=t.length,i=t[o-1]; return{ l:o,z:n(i,"zIndex",-1),o:n(i,"opacity",.5),c:n(i,"color","0,0,0"),n:n(i,"count",99) } } function o(){ a=m.width=window.innerWidth||document.documentElement.clientWidth||document.body.clientWidth, c=m.height=window.innerHeight||document.documentElement.clientHeight||document.body.clientHeight } function i(){ r.clearRect(0,0,a,c); var n,e,t,o,m,l; s.forEach(function(i,x){ for(i.x+=i.xa,i.y+=i.ya,i.xa*=i.x>a||i.x<0?-1:1,i.ya*=i.y>c||i.y<0?-1:1,r.fillRect(i.x-.5,i.y-.5,1,1),e=x+1;e=n.max/2&&(i.x-=.03*o,i.y-=.03*m), t=(n.max-l)/n.max,r.beginPath(),r.lineWidth=t/2,r.strokeStyle="rgba("+d.c+","+(t+.2)+")",r.moveTo(i.x,i.y),r.lineTo(n.x,n.y),r.stroke())) }), x(i) } var a,c,u,m=document.createElement("canvas"), d=t(),l="c_n"+d.l,r=m.getContext("2d-disabled"), x=window.requestAnimationFrame||window.webkitRequestAnimationFrame||window.mozRequestAnimationFrame||window.oRequestAnimationFrame||window.msRequestAnimationFrame|| function(n){ window.setTimeout(n,1e3/45) }, w=Math.random,y={x:null,y:null,max:2e4};m.id=l,m.style.cssText="position:fixed;top:0;left:0;z-index:"+d.z+";opacity:"+d.o,e("body")[0].appendChild(m),o(),window.onresize=o, window.onmousemove=function(n){ n=n||window.event,y.x=n.clientX,y.y=n.clientY }, window.onmouseout=function(){ y.x=null,y.y=null }; for(var s=[],f=0;d.n>f;f++){ var h=w()*a,g=w()*c,v=2*w()-1,p=2*w()-1;s.push({x:h,y:g,xa:v,ya:p,max:6e3}) } u=s.concat([y]), setTimeout(function(){i()},100) }();