Catalog

Metasploit Intranet information collection

09scraper

09winenum

10msf The host found

11msf Port scanning

12 Service scanning and checking

Metasploit Intranet information collection

attack kali 192.168.0.103

Drone aircraft win7 192.168.0.105

09scraper

run scraper（ Collect the common information on the target machine, download and save it locally ）

/root/.msf4/logs/scripts/scraper

09winenum

run winenum（ Collect some current systems , User group related information ）

/root/.msf4/logs/scripts/winenum

10msf The host found

The module is located in the source code path modules/auxiliary/scanner/discovery/

There are mainly ：

arp_sweep

ipv6_mulitcast_ping

ipv6_neighbor

ipv6_neighbor_router_advertisement

udp_probe

udp_sweep

11msf Port scanning

msf> search portscan

auxiliary/scanner/portscan/ack // adopt ACK Scan the way on the firewall is not shielded port detection

auxiliary/scanner/portscan/ftpbounce // adopt FTP bounce The principle of attack is right TCP Services , Some new software can prevent this attack well , But it can still be used on the old system

auxiliary/scanner/portscan/syn // Use send TCP SYN Flag to detect open ports

auxiliary/scanner/portscan/tcp // Through a complete TCP Connect to determine whether the port is open , The most accurate but the slowest

auxiliary/scanner/portscan/xmas // A more secretive scanning method , By sending FIN·PSH·URG sign , Can avoid some advanced TCP Filtering of tag detector

In general, it is recommended to use syn Port scanner · Faster · The results are accurate · Not easy to be noticed by the other party

syn The use of scanners

use auxiliary/scanner/portscan/syn

set rhosts 192.168.0.105/24

set threads 20

exploit

12 Service scanning and checking

After determining the open port , Mining the service information running on the corresponding port

stay Metasploit Of Scanner In auxiliary module , Tools for service scanning and enumeration are often used in [service_name]_version and [service_name]_login name

[service_name]_version It can be used to traverse hosts that contain certain services in the network , And further determine the version of the service

[service_name]_login Password detection attacks can be carried out on certain services

stay msf The terminal can input

search name：_version

View all available service enumeration modules