Metasploit从文件中读取目标地址

　　本文简单介绍如何使用Metasploit从文件中读取目标地址，来执行检测。

　　以检测MS17-010漏洞为例，在设定RHOSTS参数时，可设定目标地址范围和CIDR地址块，设定单个IP的目标也是可以的。

　　参考：Metasploit set rhosts file

msf > use auxiliary/scanner/smb/smb_ms17_010 msf auxiliary(smb_ms17_010) > show optionsModule options (auxiliary/scanner/smb/smb_ms17_010):Name Current Setting Required Description---- --------------- -------- -----------CHECK_DOPU true yes Check for DOUBLEPULSAR on vulnerable hostsRHOSTS yes The target address range or CIDR identifierRPORT 445 yes The SMB service port (TCP)SMBDomain . no The Windows domain to use for authenticationSMBPass no The password for the specified usernameSMBUser no The username to authenticate asTHREADS 1 yes The number of concurrent threads

　　但如何设定从文件中读取目标地址呢？

　　其实可以使用file指定读取的目标文件...如下：

msf auxiliary(smb_ms17_010) > set rhosts file:/root/pentest/10-all.txt # 设置读取的文件 rhosts => file:/root/pentest/10-all.txt msf auxiliary(smb_ms17_010) > show optionsModule options (auxiliary/scanner/smb/smb_ms17_010):Name Current Setting Required Description---- --------------- -------- -----------CHECK_DOPU true yes Check for DOUBLEPULSAR on vulnerable hostsRHOSTS file:/root/pentest/10-all.txt yes The target address range or CIDR identifierRPORT 445 yes The SMB service port (TCP)SMBDomain . no The Windows domain to use for authenticationSMBPass no The password for the specified usernameSMBUser no The username to authenticate asTHREADS 1 yes The number of concurrent threadsmsf auxiliary(smb_ms17_010) > set threads 10 threads => 10 msf auxiliary(smb_ms17_010) > show optionsModule options (auxiliary/scanner/smb/smb_ms17_010):Name Current Setting Required Description---- --------------- -------- -----------CHECK_DOPU true yes Check for DOUBLEPULSAR on vulnerable hostsRHOSTS file:/root/pentest/10-all.txt yes The target address range or CIDR identifierRPORT 445 yes The SMB service port (TCP)SMBDomain . no The Windows domain to use for authenticationSMBPass no The password for the specified usernameSMBUser no The username to authenticate asTHREADS 10 yes The number of concurrent threads

　　设置完成之后，就可以执行扫描了。

msf auxiliary(smb_ms17_010) > spool ms17-010.txt # 输出记录写入到文件 [*] Spooling to file ms17-010.txt... msf auxiliary(smb_ms17_010) > exploit # 执行检测[-] 10.0.0.17:445 - An SMB Login Error occurred while connecting to the IPC$ tree. [-] 10.0.0.13:445 - Host does NOT appear vulnerable. [-] 10.0.0.14:445 - Host does NOT appear vulnerable. [-] 10.0.0.2:445 - Host does NOT appear vulnerable. [-] 10.0.0.11:445 - Host does NOT appear vulnerable.[-] 10.2.2.25:445 - Host does NOT appear vulnerable. [-] 10.2.3.160:445 - Host does NOT appear vulnerable. [-] 10.2.3.162:445 - Host does NOT appear vulnerable. [-] 10.5.0.2:445 - An SMB Login Error occurred while connecting to the IPC$ tree. [-] 10.5.0.11:445 - Host does NOT appear vulnerable. [-] 10.5.0.13:445 - Host does NOT appear vulnerable. [-] 10.5.0.24:445 - Host does NOT appear vulnerable. [+] 10.5.0.25:445 - Host is likely VULNERABLE to MS17-010! (Windows Server 2012 R2 Standard 9600)

　　扫描结束之后，使用spool off，即可停止记录。

　　ms17-010.txt文件中将会保存所有的检测记录。

转载于:https://www.cnblogs.com/Hi-blog/p/Metasploit-Read-Target-from-File.html

与50位技术专家面对面20年技术见证，附赠技术全景图

总结

以上是生活随笔为你收集整理的Metasploit从文件中读取目标地址的全部内容，希望文章能够帮你解决所遇到的问题。

如果觉得生活随笔网站内容还不错，欢迎将生活随笔推荐给好友。