smb2的溢出,其实在metasploit里面有两个扫描器可以用,效果都差不多,只是一个判断的更加详细,一个只是粗略的判断。

Welcome to the Metasploit Web Console!

_ _

_ | | (_)_

____ ____| |_ ____ ___ ____ | | ___ _| |_

| \ / _ ) _)/ _ |/___) _ \| |/ _ \| | _)

| | | ( (/ /| |_( ( | |___ | | | | | |_| | | |__

|_|_|_|\____)\___)_||_(___/| ||_/|_|\___/|_|\___)

|_|

=[ metasploit v3.4.2-dev [core:3.4 api:1.0]

+ -- --=[ 566 exploits - 283 auxiliary

+ -- --=[ 210 payloads - 27 encoders - 8 nops

=[ svn r9834 updated 329 days ago (2010.07.14)

Warning: This copy of the Metasploit Framework was last updated 329 days ago.

We recommend that you update the framework at least every other day.

For information on updating your copy of Metasploit, please see:

http://www.metasploit.com/redmine/projects/framework/wiki/Updating

>> search smb

[*] Searching loaded modules for pattern 'smb'...

Auxiliary

=========

Name Rank Description

---- ---- -----------

admin/oracle/ora_ntlm_stealer normal Oracle SMB Relay Code Execution

admin/smb/samba_symlink_traversal normal Samba Symlink Directory Traversal

dos/windows/smb/ms05_047_pnp normal Microsoft Plug and Play Service Registry Overflow

dos/windows/smb/ms06_035_mailslot normal Microsoft SRV.SYS Mailslot Write Corruption

dos/windows/smb/ms06_063_trans normal Microsoft SRV.SYS Pipe Transaction No Null

dos/windows/smb/ms09_001_write normal Microsoft SRV.SYS WriteAndX Invalid DataOffset

dos/windows/smb/ms09_050_smb2_negotiate_pidhigh normal Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference

dos/windows/smb/ms09_050_smb2_session_logoff normal Microsoft SRV2.SYS SMB2 Logoff Remote Kernel NULL Pointer Dereference

dos/windows/smb/ms10_006_negotiate_response_loop normal Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop

dos/windows/smb/rras_vls_null_deref normal Microsoft RRAS InterfaceAdjustVLSPointers NULL Dereference

dos/windows/smb/vista_negotiate_stop normal Microsoft Vista SP0 SMB Negotiate Protocol DoS

fuzzers/smb/smb2_negotiate_corrupt normal SMB Negotiate SMB2 Dialect Corruption

fuzzers/smb/smb_create_pipe normal SMB Create Pipe Request Fuzzer

fuzzers/smb/smb_create_pipe_corrupt normal SMB Create Pipe Request Corruption

fuzzers/smb/smb_negotiate_corrupt normal SMB Negotiate Dialect Corruption

fuzzers/smb/smb_ntlm1_login_corrupt normal SMB NTLMv1 Login Request Corruption

fuzzers/smb/smb_tree_connect normal SMB Tree Connect Request Fuzzer

fuzzers/smb/smb_tree_connect_corrupt normal SMB Tree Connect Request Corruption

scanner/smb/pipe_auditor normal SMB Session Pipe Auditor

scanner/smb/pipe_dcerpc_auditor normal SMB Session Pipe DCERPC Auditor

scanner/smb/smb2 normal SMB 2.0 Protocol Detection

scanner/smb/smb_enumshares normal SMB Share Enumeration

scanner/smb/smb_enumusers normal SMB User Enumeration (SAM EnumUsers)

scanner/smb/smb_login normal SMB Login Check Scanner

scanner/smb/smb_lookupsid normal SMB Local User Enumeration (LookupSid)

scanner/smb/smb_version normal SMB Version Detection

server/capture/smb normal Authentication Capture: SMB

Exploits

========

Name Rank Description

---- ---- -----------

netware/smb/lsass_cifs average Novell NetWare LSASS CIFS.NLM Driver Stack Buffer Overflow

windows/browser/java_ws_arginject_altjvm excellent Sun Java Web Start Plugin Command Line Argument Injection

windows/browser/ms10_022_ie_vbscript_winhlp32 great Internet Explorer Winhlp32.exe MsgBox Code Execution

windows/fileformat/ursoft_w32dasm good URSoft W32Dasm Disassembler Function Buffer Overflow

windows/fileformat/vlc_smb_uri great VideoLAN Client (VLC) Win32 smb:// URI Buffer Overflow

windows/smb/ms03_049_netapi good Microsoft Workstation Service NetAddAlternateComputerName Overflow

windows/smb/ms04_007_killbill low Microsoft ASN.1 Library Bitstring Heap Overflow

windows/smb/ms04_011_lsass good Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow

windows/smb/ms04_031_netdde good Microsoft NetDDE Service Overflow

windows/smb/ms05_039_pnp good Microsoft Plug and Play Service Overflow

windows/smb/ms06_025_rasmans_reg good Microsoft RRAS Service RASMAN Registry Overflow

windows/smb/ms06_025_rras average Microsoft RRAS Service Overflow

windows/smb/ms06_040_netapi great Microsoft Server Service NetpwPathCanonicalize Overflow

windows/smb/ms06_066_nwapi good Microsoft Services MS06-066 nwapi32.dll

windows/smb/ms06_066_nwwks good Microsoft Services MS06-066 nwwks.dll

windows/smb/ms06_070_wkssvc normal Microsoft Workstation Service NetpManageIPCConnect Overflow

windows/smb/ms08_067_netapi great Microsoft Server Service Relative Path Stack Corruption

windows/smb/ms09_050_smb2_negotiate_func_index good Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference

windows/smb/msdns_zonename great Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB)

windows/smb/netidentity_xtierrpcpipe great Novell NetIdentity Agent XTIERRPCPIPE Named Pipe Buffer Overflow.

windows/smb/psexec excellent Microsoft Windows Authenticated User Code Execution

windows/smb/smb_relay excellent Microsoft Windows SMB Relay Code Execution

windows/smb/timbuktu_plughntcommand_bof great Timbuktu <= 8.6.6 PlughNTCommand Named Pipe Buffer Overflow

>> use auxiliary/scanner/smb/smb2

>> info

Name: SMB 2.0 Protocol Detection

Version: 9550

License: Metasploit Framework License (BSD)

Rank: Normal

Provided by:

hdm <hdm@metasploit.com>

Basic options:

Name Current Setting Required Description

---- --------------- -------- -----------

RHOSTS yes The target address range or CIDR identifier

RPORT 445 yes The target port

THREADS 1 yes The number of concurrent threads

Description:

Detect systems that support the SMB 2.0 protocol

>> set RHOSTS 172.16.1.0/24

RHOSTS => 172.16.1.0/24

>> set THREADS 100

THREADS => 100

>> info

Name: SMB 2.0 Protocol Detection

Version: 9550

License: Metasploit Framework License (BSD)

Rank: Normal

Provided by:

hdm <hdm@metasploit.com>

Basic options:

Name Current Setting Required Description

---- --------------- -------- -----------

RHOSTS 172.16.1.0/24 yes The target address range or CIDR identifier

RPORT 445 yes The target port

THREADS 100 yes The number of concurrent threads

Description:

Detect systems that support the SMB 2.0 protocol

>> run

[*] 172.16.1.102 supports SMB 2 [dialect 255.2] and has been online for 23 hours

[*] 172.16.1.107 supports SMB 2 [dialect 255.2] and has been online for 2 hours

[*] 172.16.1.110 supports SMB 2 [dialect 255.2] and has been online for 6 hours

[*] Scanned 042 of 256 hosts (016% complete)

[*] Scanned 055 of 256 hosts (021% complete)

[*] Scanned 084 of 256 hosts (032% complete)

[*] Scanned 104 of 256 hosts (040% complete)

[*] Scanned 128 of 256 hosts (050% complete)

[*] Scanned 155 of 256 hosts (060% complete)

[*] Scanned 184 of 256 hosts (071% complete)

[*] Scanned 205 of 256 hosts (080% complete)

[*] Scanned 235 of 256 hosts (091% complete)

[*] Scanned 256 of 256 hosts (100% complete)

[*] Auxiliary module execution completed

>> back

>> use auxiliary/scanner/smb/smb_version

>> info

Name: SMB Version Detection

Version: 9827

License: Metasploit Framework License (BSD)

Rank: Normal

Provided by:

hdm <hdm@metasploit.com>

Basic options:

Name Current Setting Required Description

---- --------------- -------- -----------

RHOSTS yes The target address range or CIDR identifier

THREADS 1 yes The number of concurrent threads

Description:

Display version information about each system

>> set RHOSTS 172.16.1.0/24

RHOSTS => 172.16.1.0/24

>> set THREADS 100

THREADS => 100

>> info

Name: SMB Version Detection

Version: 9827

License: Metasploit Framework License (BSD)

Rank: Normal

Provided by:

hdm <hdm@metasploit.com>

Basic options:

Name Current Setting Required Description

---- --------------- -------- -----------

RHOSTS 172.16.1.0/24 yes The target address range or CIDR identifier

THREADS 100 yes The number of concurrent threads

Description:

Display version information about each system

>> run

[*] Scanned 026 of 256 hosts (010% complete)

[*] Scanned 061 of 256 hosts (023% complete)

[*] Scanned 087 of 256 hosts (033% complete)

[*] 172.16.1.107 is running Windows 7 Ultimate (Build 7600) (language: Unknown) (name:PC) (domain:WORKGROUP)

[*] 172.16.1.110 is running Windows 7 Ultimate (Build 7600) (language: Unknown) (name:YANG*-PC) (domain:WORKGROUP)

[*] 172.16.1.102 is running Windows 7 Ultimate (Build 7600) (language: Unknown) (name:WANG*) (domain:YANGYANGWO)

[*] 172.16.1.111 is running Windows XP Service Pack 3 (language: Chinese - Traditional) (name:WWW-95A235B5556) (domain:WORKGROUP)

[*] Scanned 112 of 256 hosts (043% complete)

[*] Scanned 133 of 256 hosts (051% complete)

[*] Scanned 168 of 256 hosts (065% complete)

[*] Scanned 181 of 256 hosts (070% complete)

[*] Scanned 208 of 256 hosts (081% complete)

[*] Scanned 232 of 256 hosts (090% complete)

[*] Scanned 256 of 256 hosts (100% complete)

[*] Auxiliary module execution completed

渗透杂记-2013-07-13 关于SMB版本的扫描的更多相关文章

  1. http://www.cnblogs.com/younggun/archive/2013/07/16/3193800.html

    http://www.cnblogs.com/younggun/archive/2013/07/16/3193800.html

  2. Archlinux安装指南~小米笔记本Air 13.3英寸版本

    小米笔记本Air 13.3英寸版本,配置为:Intel Core i5-6200U处理器.8GB内存.256GB固态硬盘.NVIDIA GeForce 940MX独立显卡,13.3英寸1920X108 ...

  3. http://www.ruanyifeng.com/blog/2013/07/gpg.html

    http://www.ruanyifeng.com/blog/2013/07/gpg.html

  4. 多线程博文地址 http://www.cnblogs.com/nokiaguy/archive/2008/07/13/1241817.html

    http://www.cnblogs.com/nokiaguy/archive/2008/07/13/1241817.html

  5. <2013 07 31> 没有必然的理由

    <2013 07 31> 没有必然的理由 没有必然的理由 人类从野蛮走向文明 也可能,从野蛮走向更野蛮 没有必然的理由 人群从疯狂走向理智 也可能,从疯狂走向更疯狂 没有必然的理由 你我从 ...

  6. 宝爷Debug小记——Cocos2d-x(3.13之前的版本)底层BUG导致Spine渲染花屏

    最近在工作中碰到不少棘手的BUG,其中的一个是Spine骨骼的渲染花屏,在战斗中派发出大量士兵之后有概率出现花屏闪烁(如下图所示),这种莫名奇妙且难以重现的BUG最为蛋疼.   前段时间为了提高Spi ...

  7. Archlinux配置~小米笔记本Air 13.3英寸版本

    1 .zsh echo $ SHELL \\查看当前正在使用shell: pacman -S zsh zsh-syntax-highlighting git wget wget https://raw ...

  8. RUEI 13.1.1版本在OEL 5.7上的安装

    准备工作 ntp的工作和同步 /sbin/chkconfig --list | grep ntpd ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off /sb ...

  9. <2013 07 06> "极路由" 与 “家庭服务器” 报道两则

    跟我做!打造家庭服务器 很久没有更新了,因为之前托朋友帮我弄的mini PC终于到手了.阴差阳错地,原来只打算弄一台将就可用的低功耗下载机,结果到手的却是一台支持1080p(宣称,还没烧过),还带遥控 ...

随机推荐

  1. 利用vmware 搭建分布式集群

    前言:      我们需要至少3台服务器来实现分布式,鉴于没那么多钱买真机器,从学习和开发的角度看,只有虚拟机一条路了. 软件选择:     虚拟机使用VMware软件,因为主流而且资料比较多,学习成 ...

  2. Dubbo学习

    可以看这个文档 http://dubbo.io/User+Guide-zh.htm 1.简介 Dubbo是一个框架,它能够暴露某个系统的服务接口,使得其他系统能够使用该系统的接口 Dubbo的框架如下 ...

  3. 第四篇:白话tornado源码之褪去模板外衣的前戏

    加班程序员最辛苦,来张图醒醒脑吧! ... ... ... 好了,醒醒吧,回归现实看代码了!! 执行字符串表示的函数,并为该函数提供全局变量 本篇的内容从题目中就可以看出来,就是为之后剖析tornad ...

  4. android获取textview的行数

    最近项目需求,需要获取Textview的行数,通过行数与TextView的maxLines进行比较来确定是否显示TextView下方的展开按钮是否显示,废话少说直接上代码,mTextView.getL ...

  5. win7下开启telnet命令

    win7下开启telnet命令 win7上telnet这条命令默认被关闭了. 开启telnet方法如下: 一,打开控制面版 二,选择程序 三,选择打开或关闭windows功能 在弹出窗口中把 Teln ...

  6. SpringMVC问题- MultipartConfig 配置问题以及解决方式

    http://www.cnblogs.com/weilu2/p/springmvc_fileupload_with_servlet_3_0.html

  7. Issue 6: 装机系列1,PC下windows系统安装指南

    0.前言 接触电脑将近7年时间,多次说要写下这篇文章,一直未曾提笔,始终怕给人以误导.到如今,来来回回装系统的次数得超过百次了.本着不误导人的想法,本文试着总结一下装系统的基本方法和思路,但不会过多涉 ...

  8. spring的多个PropertyPlaceholderConfigurer实例装配的问题

    1. 默认情况下,使用PropertyPlaceholderConfigurer多实例装配出现异常 在项目中尝试 在不同的spring的配置文件中分别引入相应的properties文件,这样会在spr ...

  9. 经历alidns在国外的严重延时

    有个域名,是在国外1und1申请的,但dns的解析,国外的空间的功能弱爆了. 之前是放在dnspod,后来又试过dnspod的海外, 最后放回alidns,之前一直都很好的. 这2天国内没问题,在德国 ...

  10. arrayToJson将数组转化为json格式的js代码 ///////////////////////zzzzzzzzzzzzzzzz

    //去除空格 function trim(str) {   return str.replace(/\s|\xA0/g,""); } /** *js数组转json * */ fun ...