System Designer

메타스플로잇을 이용한 취약점 점검 하기 예제 

msf > use auxiliary/scanner/smb/smb_login

→ 사용할 모듈이나 익스플로잇을 선택

msf auxiliary(scanner/smb/smb_login) > show options

→ 사용할 모듈이나 익스플로잇의 설정가능한 옵션

Module options (auxiliary/scanner/smb/smb_login):

   Name              Current Setting  Required  Description

   ----              ---------------  --------  -----------

   ABORT_ON_LOCKOUT  false            yes       Abort the run when an account lockout is detected

   BLANK_PASSWORDS   false            no        Try blank passwords for all users

   BRUTEFORCE_SPEED  5                yes       How fast to bruteforce, from 0 to 5

   DB_ALL_CREDS      false            no        Try each user/password couple stored in the current database

   DB_ALL_PASS       false            no        Add all passwords in the current database to the list

   DB_ALL_USERS      false            no        Add all users in the current database to the list

   DETECT_ANY_AUTH   true             no        Enable detection of systems accepting any authentication

   PASS_FILE                          no        File containing passwords, one per line

   PRESERVE_DOMAINS  true             no        Respect a username that contains a domain name.

   Proxies                            no        A proxy chain of format type:host:port[,type:host:port][...]

   RECORD_GUEST      false            no        Record guest-privileged random logins to the database

   RHOSTS                             yes       The target address range or CIDR identifier

   RPORT             445              yes       The SMB service port (TCP)

   SMBDomain         .                no        The Windows domain to use for authentication

   SMBPass                            no        The password for the specified username

   SMBUser                            no        The username to authenticate as

   STOP_ON_SUCCESS   false            yes       Stop guessing when a credential works for a host

   THREADS           1                yes       The number of concurrent threads

   USERPASS_FILE                      no        File containing users and passwords separated by space, one pair per line

   USER_AS_PASS      false            no        Try the username as the password for all users

   USER_FILE                          no        File containing usernames, one per line

   VERBOSE           true             yes       Whether to print output for all attempts

msf auxiliary(scanner/smb/smb_login) > set RHOSTS 127.0.0.1

→ 특정 변수를 설정

RHOSTS => 127.0.0.1

msf auxiliary(scanner/smb/smb_login) > exploit

→  공격을 시작

[*] 127.0.0.1:445         - 127.0.0.1:445 - Starting SMB login bruteforce

[-] 127.0.0.1:445         - This system accepts authentication with any credentials, brute force is ineffective.

[*] Scanned 1 of 1 hosts (100% complete)

[*] Auxiliary module execution completed

msf auxiliary(scanner/smb/smb_login) >