(续)渗透测试靶机实战---系统篇06
上篇最后一个是中危漏洞,从这篇开始主要是针对中危漏洞的一些渗透:
1. awiki Multiple Local File Include Vulnerabilities
2.Check if Mailserver answer to VRFY and EXPN requests
msf5 auxiliary(scanner/http/ssl_version) > search VRFY
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 auxiliary/scanner/smtp/smtp_enum normal Yes SMTP User Enumeration Utility
msf5 auxiliary(scanner/http/ssl_version) > use auxiliary/scanner/smtp/smtp_enum
msf5 auxiliary(scanner/smtp/smtp_enum) > show options
Module options (auxiliary/scanner/smtp/smtp_enum):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target address range or CIDR identifier
RPORT 25 yes The target port (TCP)
THREADS 1 yes The number of concurrent threads
UNIXONLY true yes Skip Microsoft bannered servers when testing unix users
USER_FILE /usr/share/metasploit-framework/data/wordlists/unix_users.txt yes The file that contains a list of probable users accounts.
msf5 auxiliary(scanner/smtp/smtp_enum) > set RHOSTS 192.168.10.149
RHOSTS => 192.168.10.149
msf5 auxiliary(scanner/smtp/smtp_enum) > show options
Module options (auxiliary/scanner/smtp/smtp_enum):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 192.168.10.149 yes The target address range or CIDR identifier
RPORT 25 yes The target port (TCP)
THREADS 1 yes The number of concurrent threads
UNIXONLY true yes Skip Microsoft bannered servers when testing unix users
USER_FILE /usr/share/metasploit-framework/data/wordlists/unix_users.txt yes The file that contains a list of probable users accounts.
msf5 auxiliary(scanner/smtp/smtp_enum) > run
[*] 192.168.10.149:25 - 192.168.10.149:25 Banner: 220 metasploitable.localdomain ESMTP Postfix (Ubuntu)
[+] 192.168.10.149:25 - 192.168.10.149:25 Users found: , backup, bin, daemon, distccd, ftp, games, gnats, irc, libuuid, list, lp, mail, man, news, nobody, postgres, postmaster, proxy, service, sshd, sync, sys, syslog, user, uucp, www-data
[*] 192.168.10.149:25 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
上面UserFound可以看到系统里面有哪些用户。