从新浪移动过来了

关于SMB版本的扫描

那个smb2的溢出,其实在metasploit里面有两个扫描器可以用,效果都差不多,只是一个判断的更加详细,一个只是粗略的判断。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
Welcome to the Metasploit Web Console!
_ _
_ | | (_)_
____ ____| |_ ____ ___ ____ | | ___ _| |_
| \ / _ ) _)/ _ |/___) _ \| |/ _ \| | _)
| | | ( (/ /| |_( ( | |___ | | | | | |_| | | |__
|_|_|_|\____)\___)_||_(___/| ||_/|_|\___/|_|\___)
|_|
=[ metasploit v3.4.2-dev [core:3.4 api:1.0]
+ -- --=[ 566 exploits - 283 auxiliary
+ -- --=[ 210 payloads - 27 encoders - 8 nops
=[ svn r9834 updated 329 days ago (2010.07.14)
Warning: This copy of the Metasploit Framework was last updated 329 days ago.
We recommend that you update the framework at least every other day.
For information on updating your copy of Metasploit, please see:
http://www.metasploit.com/redmine/projects/framework/wiki/Updating
>> search smb
[*] Searching loaded modules for pattern 'smb'...
Auxiliary
=========
Name Rank Description
---- ---- -----------
admin/oracle/ora_ntlm_stealer normal Oracle SMB Relay Code Execution
admin/smb/samba_symlink_traversal normal Samba Symlink Directory Traversal
dos/windows/smb/ms05_047_pnp normal Microsoft Plug and Play Service Registry Overflow
dos/windows/smb/ms06_035_mailslot normal Microsoft SRV.SYS Mailslot Write Corruption
dos/windows/smb/ms06_063_trans normal Microsoft SRV.SYS Pipe Transaction No Null
dos/windows/smb/ms09_001_write normal Microsoft SRV.SYS WriteAndX Invalid DataOffset
dos/windows/smb/ms09_050_smb2_negotiate_pidhigh normal Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
dos/windows/smb/ms09_050_smb2_session_logoff normal Microsoft SRV2.SYS SMB2 Logoff Remote Kernel NULL Pointer Dereference
dos/windows/smb/ms10_006_negotiate_response_loop normal Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop
dos/windows/smb/rras_vls_null_deref normal Microsoft RRAS InterfaceAdjustVLSPointers NULL Dereference
dos/windows/smb/vista_negotiate_stop normal Microsoft Vista SP0 SMB Negotiate Protocol DoS
fuzzers/smb/smb2_negotiate_corrupt normal SMB Negotiate SMB2 Dialect Corruption
fuzzers/smb/smb_create_pipe normal SMB Create Pipe Request Fuzzer
fuzzers/smb/smb_create_pipe_corrupt normal SMB Create Pipe Request Corruption
fuzzers/smb/smb_negotiate_corrupt normal SMB Negotiate Dialect Corruption
fuzzers/smb/smb_ntlm1_login_corrupt normal SMB NTLMv1 Login Request Corruption
fuzzers/smb/smb_tree_connect normal SMB Tree Connect Request Fuzzer
fuzzers/smb/smb_tree_connect_corrupt normal SMB Tree Connect Request Corruption
scanner/smb/pipe_auditor normal SMB Session Pipe Auditor
scanner/smb/pipe_dcerpc_auditor normal SMB Session Pipe DCERPC Auditor
scanner/smb/smb2 normal SMB 2.0 Protocol Detection
scanner/smb/smb_enumshares normal SMB Share Enumeration
scanner/smb/smb_enumusers normal SMB User Enumeration (SAM EnumUsers)
scanner/smb/smb_login normal SMB Login Check Scanner
scanner/smb/smb_lookupsid normal SMB Local User Enumeration (LookupSid)
scanner/smb/smb_version normal SMB Version Detection
server/capture/smb normal Authentication Capture: SMB
Exploits
========
Name Rank Description
---- ---- -----------
netware/smb/lsass_cifs average Novell NetWare LSASS CIFS.NLM Driver Stack Buffer Overflow
windows/browser/java_ws_arginject_altjvm excellent Sun Java Web Start Plugin Command Line Argument Injection
windows/browser/ms10_022_ie_vbscript_winhlp32 great Internet Explorer Winhlp32.exe MsgBox Code Execution
windows/fileformat/ursoft_w32dasm good URSoft W32Dasm Disassembler Function Buffer Overflow
windows/fileformat/vlc_smb_uri great VideoLAN Client (VLC) Win32 smb:// URI Buffer Overflow
windows/smb/ms03_049_netapi good Microsoft Workstation Service NetAddAlternateComputerName Overflow
windows/smb/ms04_007_killbill low Microsoft ASN.1 Library Bitstring Heap Overflow
windows/smb/ms04_011_lsass good Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow
windows/smb/ms04_031_netdde good Microsoft NetDDE Service Overflow
windows/smb/ms05_039_pnp good Microsoft Plug and Play Service Overflow
windows/smb/ms06_025_rasmans_reg good Microsoft RRAS Service RASMAN Registry Overflow
windows/smb/ms06_025_rras average Microsoft RRAS Service Overflow
windows/smb/ms06_040_netapi great Microsoft Server Service NetpwPathCanonicalize Overflow
windows/smb/ms06_066_nwapi good Microsoft Services MS06-066 nwapi32.dll
windows/smb/ms06_066_nwwks good Microsoft Services MS06-066 nwwks.dll
windows/smb/ms06_070_wkssvc normal Microsoft Workstation Service NetpManageIPCConnect Overflow
windows/smb/ms08_067_netapi great Microsoft Server Service Relative Path Stack Corruption
windows/smb/ms09_050_smb2_negotiate_func_index good Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
windows/smb/msdns_zonename great Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB)
windows/smb/netidentity_xtierrpcpipe great Novell NetIdentity Agent XTIERRPCPIPE Named Pipe Buffer Overflow.
windows/smb/psexec excellent Microsoft Windows Authenticated User Code Execution
windows/smb/smb_relay excellent Microsoft Windows SMB Relay Code Execution
windows/smb/timbuktu_plughntcommand_bof great Timbuktu <= 8.6.6 PlughNTCommand Named Pipe Buffer Overflow
>> use auxiliary/scanner/smb/smb2
>> info
Name: SMB 2.0 Protocol Detection
Version: 9550
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
hdm < hdm @metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
RPORT 445 yes The target port
THREADS 1 yes The number of concurrent threads
Description:
Detect systems that support the SMB 2.0 protocol
>> set RHOSTS 172.16.1.0/24
RHOSTS => 172.16.1.0/24
>> set THREADS 100
THREADS => 100
>> info
Name: SMB 2.0 Protocol Detection
Version: 9550
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
hdm < hdm @metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 172.16.1.0/24 yes The target address range or CIDR identifier
RPORT 445 yes The target port
THREADS 100 yes The number of concurrent threads
Description:
Detect systems that support the SMB 2.0 protocol
>> run
[*] 172.16.1.102 supports SMB 2 [dialect 255.2] and has been online for 23 hours
[*] 172.16.1.107 supports SMB 2 [dialect 255.2] and has been online for 2 hours
[*] 172.16.1.110 supports SMB 2 [dialect 255.2] and has been online for 6 hours
[*] Scanned 042 of 256 hosts (016% complete)
[*] Scanned 055 of 256 hosts (021% complete)
[*] Scanned 084 of 256 hosts (032% complete)
[*] Scanned 104 of 256 hosts (040% complete)
[*] Scanned 128 of 256 hosts (050% complete)
[*] Scanned 155 of 256 hosts (060% complete)
[*] Scanned 184 of 256 hosts (071% complete)
[*] Scanned 205 of 256 hosts (080% complete)
[*] Scanned 235 of 256 hosts (091% complete)
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
>> back
>> use auxiliary/scanner/smb/smb_version
>> info
Name: SMB Version Detection
Version: 9827
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
hdm < hdm @metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
THREADS 1 yes The number of concurrent threads
Description:
Display version information about each system
>> set RHOSTS 172.16.1.0/24
RHOSTS => 172.16.1.0/24
>> set THREADS 100
THREADS => 100
>> info
Name: SMB Version Detection
Version: 9827
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
hdm < hdm @metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 172.16.1.0/24 yes The target address range or CIDR identifier
THREADS 100 yes The number of concurrent threads
Description:
Display version information about each system
>> run
[*] Scanned 026 of 256 hosts (010% complete)
[*] Scanned 061 of 256 hosts (023% complete)
[*] Scanned 087 of 256 hosts (033% complete)
[*] 172.16.1.107 is running Windows 7 Ultimate (Build 7600) (language: Unknown) (name:PC) (domain:WORKGROUP)
[*] 172.16.1.110 is running Windows 7 Ultimate (Build 7600) (language: Unknown) (name:YANG*-PC) (domain:WORKGROUP)
[*] 172.16.1.102 is running Windows 7 Ultimate (Build 7600) (language: Unknown) (name:WANG*) (domain:YANGYANGWO)
[*] 172.16.1.111 is running Windows XP Service Pack 3 (language: Chinese - Traditional) (name:WWW-95A235B5556) (domain:WORKGROUP)
[*] Scanned 112 of 256 hosts (043% complete)
[*] Scanned 133 of 256 hosts (051% complete)
[*] Scanned 168 of 256 hosts (065% complete)
[*] Scanned 181 of 256 hosts (070% complete)
[*] Scanned 208 of 256 hosts (081% complete)
[*] Scanned 232 of 256 hosts (090% complete)
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed                                                                                                  

本文转自文东会博客51CTO博客,原文链接http://blog.51cto.com/hackerwang/1247880如需转载请自行联系原作者
谢文东666

渗透杂记-2013-07-13相关推荐

  1. (2013.01.18-2013.07.15)179天的学习小记

    (2013.01.18-2013.07.15)179天的学习小记 好久没有做个小小结咯,我的第一天学习小记是从2011.07.04开始,那时说好了在大学期间要每天记录,自我监督,就这样,这事也干了两年 ...

  2. 木叶Ghost_Win7 SP1 64位 装机版 2013.07

    木叶Ghost_Win7 SP1 64位 装机版 2013.07 最新ghost win7系统<木叶Ghost_Win7 SP1 64位 装机版 2013.07>,木叶Ghost精品系统系 ...

  3. 【第五组】头脑风暴+核心竞争力+NABCD+个人(用例+功能+技术说明书) 最后修改时间 2017.07.13...

    2017.07.13版 因为对之前版本做了较多修改,所以重新发了,并且在博客下方保留原有版本作为记录. 头脑风暴结果: 刚开始我们无法确定要做一个什么样的应用程序,总结之前可视化课程的作业,我们提出了 ...

  4. 2010.07.13_19:30

    又是地铁中,音乐在响,离目的地一半,又一天上班结束. 转载于:https://www.cnblogs.com/sunxi2003/archive/2010/07/13/1776724.html

  5. 张珺 2015/07/13 个人文档

    姓名 张珺 日期 2015/07/13 主要工作及心得 今天主要和任笑萱一起完成了对客户端中提供者的调试以及数据库的修改工作. 通过今天的调试工作,我对整个项目有了更深入的认识,对于用java编写客户 ...

  6. 哔哩哔哩“2021.07.13 我们是这样崩的”报告的学习-1

    哔哩哔哩"2021.07.13 我们是这样崩的"报告的学习-1 这份报告是我学计算机两年来第一次真实看到大厂的员工到底在干什么.出现了很多专有名词,以及当前最先进的互联网企业的应用 ...

  7. 深度技术GHOST WIN7 SP1 装机旗舰版 2013 07

    深度技术GHOST WIN7 SP1 装机旗舰版  2013 07 本系统主要适用于笔记本.品牌机,也支持组装兼容机,安装后自动激活 可供品牌机专卖店及普通用户安装使用,系统安装简便快速,10分钟内即 ...

  8. 21 07 13学习总结

    21.07.13学习总结 Column: July 13, 2021 Tags: learning experience LOL的终极魔典真好玩(逃), 今天B站还被拿下了, 笑嘻了 00:30-03 ...

  9. 苏嵌学习日志03 07.13

    学习日志      姓名:刘易中      日期:2018/07/13 今日学习任务 结构体.结构体和链表.内存管理.关键字union.enum.typedef等.   今日任务完成情况 (详细说明本 ...

  10. 2013.10.13 数据库SQL:很好的SQL语句

    MYSQL 14.LOCATE 返回在目标字符串中第一次出现指定字符的位置,如下:结果为 2 SELECT LOCATE('a','baa') 13.排序,并将sort为null的行排在is not ...

最新文章

  1. matlab生成实指数序列、matlab茎状图
  2. Windows7查看本地Java安装是否成功和路径的方法
  3. Hive中的一种假NULL
  4. 前端学习(927):淘宝flexiblejs源码分析之pageshow原理
  5. 校验用户登录手机端还是PC端,是否微信浏览器打开
  6. JavaScript(五)——错误处理
  7. Maven学习笔记5:Maven属性、profile和资源过滤
  8. kvm虚拟机设置万兆网卡_kvm已经设置桥接网卡的虚拟机无法连接宿主机?
  9. Php超出高度隐藏,html字符超出指定高度后省略显示_html/css_WEB-ITnose
  10. linux 查找并删除
  11. pythontuple数据类型_Python数据类型之Tuple元组实例详解
  12. 新媒体素材采集工具,帮你采集新媒体素材,提高效率
  13. 华硕笔记本电池0%充不进电_华硕笔记本电池不充电怎么办
  14. 抽奖游戏 js php,jQuery实现简单的抽奖游戏技术分享
  15. hdu 5773 (The All-purpose Zero)
  16. http转https后资源加载不显示
  17. win10连无线但是无网络连接到服务器,简单几步解决win10连接wifi显示无internet访问的问题...
  18. 一款清爽的CSS表格样式
  19. 解决百度网盘刷新不出来二维码
  20. 谷歌drive收费_Google Drive的系统设计分析

热门文章

  1. 罗氏旗下乳腺癌创新靶向药帕捷特又一适应症在中国获批
  2. 计算机 bat文件夹加密,bat文件加密介绍【图解】
  3. VIO深蓝学院第五章PPT以及作业
  4. oracle中update子查询,UPDATE语句-简单形式-子查询形式
  5. 查询使用计算机的处理器型号是,计算机CPU信息如何查看
  6. 俄罗斯最先进的计算机系统,世界上最先进的防空导弹系统:俄S-400实力强大,堪称空天防御的集大成者...
  7. latex 使用 enumitem 宏包调整 enumerate 或 itemize 的上下左右缩进间距
  8. Ebay封号后资金能不能退?
  9. SQL基础综合练习二
  10. 设计模式学习(四):Decorator