|
|
port:21 (FTP)[pre] auxiliary/scanner/ftp/ftp_login[/pre] //FTP登陆爆破
其它:search FTP。FTP常见利用方式,除了直接获取文件,还要注意目录跨越漏洞,成功利用,可以直接反弹shell
port:22 (SSH) [pre]auxiliary/scanner/ssh/ssh_login[/pre] //SSH登陆爆破
其它:search SSH
port:23 (telnet)[pre] auxiliary/scanner/telnet/telnet_login[/pre] //主要目标是内网中的路由器,交换机等网络设备
port:80,8080,443 (附:web服务常见端口整理,见图)
web渗透,内网渗透中,内部web服务安全往往十分的差
port:445 (简直无需多说的端口)
[pre]
exploit/windows/smb/ms08_067_netapi //上古漏洞,依然有惊喜
exploit/windows/smb/ms17_010_eternalblue //永恒之蓝
auxiliary/scanner/smb/smb_login //SMB登陆爆破
[/pre]
其它:search smb | Samba。linux下的CVE-2017-7494, 445 端口的远程利用
port:3389 (远程桌面RDP)
[pre]
auxiliary/scanner/rdp/ms12_020_check
[/pre]
5900 (VNC)
[pre]
auxiliary/scanner/vnc/vnc_none_auth
auxiliary/scanner/vnc/vnc_login
exploit/multi/vnc/vnc_keyboard_exec
[/pre]
数据库:
port:1433 (Sqlserver)
[pre]
use auxiliary/scanner/mssql/mssql_login //sa爆破
[/pre]
port:3306 (Mysql)
[pre]
auxiliary/scanner/mysql/mysql_login
[/pre]
port: 27017、27018 (Mongodb)
[pre]
auxiliary/scanner/mongodb/mongodb_login
[/pre]
port:6379 (Redis)
[pre]
auxiliary/scanner/redis/redis_login
auxiliary/scanner/redis/file_upload
[/pre]
port:1521 (Oracle)
[pre]
search Oracle
[/pre]
port:5432 (PostgreSQL)
[pre]
search PostgreSQL
[/pre] |
|
发表于 2018-6-1 10:35:34
