1、测试一台搭建的主机

msf > db_nmap -n -A 10.140.110.16
[*] Nmap: Starting Nmap 7.60 ( https://nmap.org ) at 2018-09-04 20:19 CST
[*] Nmap: Nmap scan report for 10.140.110.16
[*] Nmap: Host is up (0.093s latency).
[*] Nmap: Not shown: 982 closed ports
[*] Nmap: PORT      STATE    SERVICE        VERSION
[*] Nmap: 135/tcp   open     msrpc          Microsoft Windows RPC
[*] Nmap: 139/tcp   open     netbios-ssn    Microsoft Windows netbios-ssn
[*] Nmap: 443/tcp   open     ssl/http       VMware VirtualCenter Web service
[*] Nmap: |_http-title: Site doesn't have a title (text; charset=plain).
[*] Nmap: | ssl-cert: Subject: commonName=VMware/countryName=US
[*] Nmap: | Not valid before: 2017-03-12T12:26:45
[*] Nmap: |_Not valid after:  2018-03-12T12:26:45
[*] Nmap: |_ssl-date: 2018-09-04T12:23:06+00:00; +17s from scanner time.
[*] Nmap: | vmware-version:
[*] Nmap: |   Server version: VMware Workstation 10.0.3
[*] Nmap: |   Build: 1895310
[*] Nmap: |   Locale version: INTL
[*] Nmap: |   OS type: win32-x86
[*] Nmap: |_  Product Line ID: ws
[*] Nmap: 445/tcp   open     microsoft-ds   Windows 7 Ultimate 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
[*] Nmap: 514/tcp   filtered shell
[*] Nmap: 902/tcp   open     nagios-nsca    Nagios NSCA
[*] Nmap: 912/tcp   open     vmware-auth    VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
[*] Nmap: 1688/tcp  open     msrpc          Microsoft Windows RPC
[*] Nmap: 3011/tcp  open     http           Tridium Niagara httpd 3.0 (Platform: Windows 7)
[*] Nmap: | http-robots.txt: 1 disallowed entry
[*] Nmap: |_/
[*] Nmap: |_http-server-header: Niagara Web Server/3.0
[*] Nmap: |_http-title: Site doesn't have a title (text/html).
[*] Nmap: 3306/tcp  open     mysql          MySQL (unauthorized)
[*] Nmap: 3389/tcp  open     ms-wbt-server?
[*] Nmap: 8009/tcp  open     ajp13          Apache Jserv (Protocol v1.3)
[*] Nmap: |_ajp-methods: Failed to get a valid response for the OPTION request
[*] Nmap: 8080/tcp  open     http           Apache Tomcat/Coyote JSP engine 1.1
[*] Nmap: |_http-favicon: Apache Tomcat
[*] Nmap: |_http-open-proxy: Proxy might be redirecting requests
[*] Nmap: |_http-server-header: Apache-Coyote/1.1
[*] Nmap: |_http-title: Apache Tomcat/7.0.37
[*] Nmap: 49152/tcp open     msrpc          Microsoft Windows RPC
[*] Nmap: 49153/tcp open     msrpc          Microsoft Windows RPC
[*] Nmap: 49154/tcp open     msrpc          Microsoft Windows RPC
[*] Nmap: 49156/tcp open     msrpc          Microsoft Windows RPC
[*] Nmap: 49163/tcp open     msrpc          Microsoft Windows RPC
[*] Nmap: Device type: general purpose
[*] Nmap: Running: Microsoft Windows XP|7|2012
[*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012
[*] Nmap: OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012
[*] Nmap: Network Distance: 2 hops
[*] Nmap: Service Info: Host: MS-20160714YUJH; OS: Windows; Device: specialized; CPE: cpe:/o:microsoft:windows
[*] Nmap: Host script results:
[*] Nmap: |_clock-skew: mean: 17s, deviation: 0s, median: 16s
[*] Nmap: |_nbstat: NetBIOS name: MS-20160714YUJH, NetBIOS user: <unknown>, NetBIOS MAC: 34:97:f6:90:9e:c9 (Asustek Computer)
[*] Nmap: | smb-os-discovery:
[*] Nmap: |   OS: Windows 7 Ultimate 7601 Service Pack 1 (Windows 7 Ultimate 6.1)
[*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_7::sp1
[*] Nmap: |   Computer name: MS-20160714YUJH
[*] Nmap: |   NetBIOS computer name: MS-20160714YUJH\x00
[*] Nmap: |   Workgroup: WORKGROUP\x00
[*] Nmap: |_  System time: 2018-09-04T20:23:07+08:00
[*] Nmap: | smb-security-mode:
[*] Nmap: |   account_used: guest
[*] Nmap: |   authentication_level: user
[*] Nmap: |   challenge_response: supported
[*] Nmap: |_  message_signing: disabled (dangerous, but default)
[*] Nmap: | smb2-security-mode:
[*] Nmap: |   2.02:
[*] Nmap: |_    Message signing enabled but not required
[*] Nmap: | smb2-time:
[*] Nmap: |   date: 2018-09-04 20:23:06
[*] Nmap: |_  start_date: 2018-09-04 08:28:38
[*] Nmap: TRACEROUTE (using port 80/tcp)
[*] Nmap: HOP RTT     ADDRESS
[*] Nmap: 1   0.18 ms 192.168.142.2
[*] Nmap: 2   0.14 ms 10.140.110.16
[*] Nmap: OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 233.14 seconds

查询开启的服务

msf > service
[*] exec: service

Usage: service < option > | --status-all | [ service_name [ command | --full-restart ] ]
msf > services

Services
========

host           port   proto  name           state     info
----           ----   -----  ----           -----     ----
10.140.110.16  135    tcp    msrpc          open      Microsoft Windows RPC
10.140.110.16  139    tcp    netbios-ssn    open      Microsoft Windows netbios-ssn
10.140.110.16  443    tcp    ssl/http       open      VMware VirtualCenter Web service
10.140.110.16  445    tcp    microsoft-ds   open      Windows 7 Ultimate 7601 Service Pack 1 microsoft-ds workgroup: WORKGROUP
10.140.110.16  514    tcp    shell          filtered  
10.140.110.16  902    tcp    nagios-nsca    open      Nagios NSCA
10.140.110.16  912    tcp    vmware-auth    open      VMware Authentication Daemon 1.0 Uses VNC, SOAP
10.140.110.16  1688   tcp    msrpc          open      Microsoft Windows RPC
10.140.110.16  3011   tcp    http           open      Tridium Niagara httpd 3.0 Platform: Windows 7
10.140.110.16  3306   tcp    mysql          open      MySQL unauthorized
10.140.110.16  3389   tcp    ms-wbt-server  open      
10.140.110.16  8009   tcp    ajp13          open      Apache Jserv Protocol v1.3
10.140.110.16  8080   tcp    http           open      Apache Tomcat/Coyote JSP engine 1.1
10.140.110.16  49152  tcp    msrpc          open      Microsoft Windows RPC
10.140.110.16  49153  tcp    msrpc          open      Microsoft Windows RPC
10.140.110.16  49154  tcp    msrpc          open      Microsoft Windows RPC
10.140.110.16  49156  tcp    msrpc          open      Microsoft Windows RPC
10.140.110.16  49163  tcp    msrpc          open      Microsoft Windows RPC
202.201.39.51  22     tcp    ssh            open      OpenSSH 5.3 protocol 2.0
202.201.39.51  80     tcp    http           open      Apache httpd 2.2.15 (CentOS)
202.201.39.51  135    tcp    msrpc          filtered  
202.201.39.51  139    tcp    netbios-ssn    filtered  
202.201.39.51  445    tcp    microsoft-ds   filtered  
202.201.39.51  514    tcp    shell          filtered  
202.201.39.51  3306   tcp    mysql          open      MySQL unauthorized

Metasploit (二)的更多相关文章

  1. Metasploit是一款开源的安全漏洞检测工具,

    Metasploit是一款开源的安全漏洞检测工具,可以帮助安全和IT专业人士识别安全性问题,验证漏洞的缓解措施,并管理专家驱动的安全性进行评估,适合于需要核实漏洞的安全专家,同时也适合于强大进攻能力的 ...

  2. HW弹药库之红队作战手册

    红方人员实战手册 声明 Author : By klion Date : 2020.2.15 寄语 : 愿 2020 后面的每一天都能一切安好 分享初衷 一来, 旨在为 "攻击" ...

  3. ApacheCN Kali Linux 译文集 20211020 更新

    Kali Linux 秘籍 中文版 第一章 安装和启动Kali 第二章 定制 Kali Linux 第三章 高级测试环境 第四章 信息收集 第五章 漏洞评估 第六章 漏洞利用 第七章 权限提升 第八章 ...

  4. 羽翼metasploit第一,二季学习笔记

    -----------------第一季-------------------- 启动Metasploit:msfconsole 升级和更新:./msfupdate 直接退出:exit 退回上一级:q ...

  5. 使用Metasploit渗透攻击windows系统(二)

    后渗透攻击: 介绍常用的一些命令: 查看进程:ps 查看当前进程号:getpid 查看系统信息:sysinfo 查看目标机是否为虚拟机:run post/windows/gather/checkvm ...

  6. metasploit framework(十二):sql server扫描

    mssql_ping模块,如果1433端口开放的话,直接连接这个1433端口,如果没开放,就通过UDP的1434去查询TCP的sql server端口 run,就扫描出来了数据库的tcp端口 得到tc ...

  7. metasploit framework(二):记一次入侵

    msfconsole use 其中一个 exploit前台执行注入 后台执行shell 加-j 通过sessions查看后台执行的shell,可以看到这个会话的id号为2 进入会话,sessions ...

  8. chapter1 渗透测试与metasploit

    网络对抗技术课程学习 chapter1 渗透测试与metasploit 一.读书笔记 二.渗透测试 通过模拟恶意攻击者的技术与方法进行攻击,挫败目标系统安全控制措施,取得访问控制权,并发现具备业务影响 ...

  9. Kali Linux Web 渗透测试— 第十二课-websploit

    Kali Linux Web 渗透测试— 第十二课-websploit 文/玄魂 目录 Kali Linux Web 渗透测试— 第十二课-websploit..................... ...

随机推荐

  1. vue 导航栏切换

    <template> <footer class="menu"> <router-link to="/" class=" ...

  2. E - Emptying the Baltic Kattis - emptyingbaltic (dijkstra堆优化)

    题目链接: E - Emptying the Baltic Kattis - emptyingbaltic 题目大意:n*m的地图, 每个格子有一个海拔高度, 当海拔<0的时候有水. 现在在(x ...

  3. JSP表达式语音EF--2

    JSP 表达式语言 | 菜鸟教程 http://www.runoob.com/jsp/jsp-expression-language.html

  4. Django学习手册 - 连接mysql数据库

    版本问题: 首先确认django.msql.python版本是统一支持 当前所用的版本信息: Django setting.py 配置 替换之前的DATABASES 配置: DATABASES = { ...

  5. 微信小程序滚动Tab选项卡:左右可滑动切换

    最终效果如上.问题: 1.tab标题总共8个,所以一屏无法全部显示. 2.tab内容区左右滑动切换时,tab标题随即做标记(active). 3.当active的标题不在当前屏显示时,要使其能显示到当 ...

  6. 论文笔记系列-iCaRL: Incremental Classifier and Representation Learning

    导言 传统的神经网络都是基于固定的数据集进行训练学习的,一旦有新的,不同分布的数据进来,一般而言需要重新训练整个网络,这样费时费力,而且在实际应用场景中也不适用,所以增量学习应运而生. 增量学习主要旨 ...

  7. Faster_RCNN 1.准备工作

    总结自论文:Faster_RCNN,与Pytorch代码: 代码结构:  simple-faster-rcnn-pytorch.py data __init__.py dataset.py util. ...

  8. Pytorch tutorial 之Transfer Learning

    引自官方:  Transfer Learning tutorial Ng在Deeplearning.ai中讲过迁移学习适用于任务A.B有相同输入.任务B比任务A有更少的数据.A任务的低级特征有助于任务 ...

  9. nginx指定文件路径有两种方式root和alias

    背景 一直没明白这个配置啥意思,反正凑合用吧,不过老凑合总不是个事,没搞明白更容易忘,别人问还答不上来.反正也很简单,就搞明白点记下来. 知识点 root实例: location ^~ /t/ { r ...

  10. Statically Linking freeglut

    It’s possible statically link freeglut into your applications, instead of dynamically linking agains ...