配置kali中的ssh

# 修改ssh配置文件
vim /etc/ssh/sshd_config
PasswordAuthentication yes
PermitRootLogin yes

# 配置ssh跟隨系統(tǒng)啟動(dòng)運(yùn)行
systemctl enable
systemctl restart ssh

配置與metasploit關(guān)聯(lián)的PostgreSQL數(shù)據(jù)庫

systemctl start postgresql
msfdb init

# msfdb命令可以用來管理數(shù)據(jù)庫专挪，直接運(yùn)行可以查看相關(guān)的命令
msfdb

#metasploit關(guān)聯(lián)PostgreSQL數(shù)據(jù)庫配置文件路徑
/usr/share/metasploit-framework/config/database.yml

登錄msf查看數(shù)據(jù)庫是否連接

msfconsole
db_status # 查看數(shù)據(jù)庫連接狀態(tài)
db_disconnect  #斷開連接
db_connect   #連接與數(shù)據(jù)庫的連接

創(chuàng)建工作區(qū)

workspace -a book  #創(chuàng)建一個(gè)book工作區(qū)并使用
workspace 工作區(qū)名字  #直接跟一個(gè)存在的工作區(qū)名稱，就切換了工作區(qū)
workspace -h #查看更詳細(xì)的命令介紹

導(dǎo)入其它掃描器的結(jié)果 例如nmap

# 將nmap的掃結(jié)果保存為254.xml
nmap -A 192.168.10.254 -oX 254.xml

# 導(dǎo)入254.xml
msfconsole
workspace book #進(jìn)入一個(gè)工作區(qū)
db_import /root/254.xml

查看當(dāng)前工作區(qū)掃描過的主機(jī)

hosts  #列出主機(jī)信息

Hosts
=====

address         mac                name             os_name     os_flavor  os_sp  purpose  info  comments
-------         ---                ----             -------     ---------  -----  -------  ----  --------
14.215.178.80                                       Unknown                       device         
112.80.248.64                                       Unknown                       device         
120.209.138.64                                      Unknown                       device         
180.76.76.92                                        Unknown                       device         
192.168.10.1                                        Unknown                       device         
192.168.10.122  78:dd:08:ca:8d:dc  ROOT-TVI862UBEH  Windows XP                    client         
192.168.10.128  78:dd:08:ca:8d:dc  DH-CA8822AB9589  Windows XP             SP3    client         
192.168.10.254  78:dd:08:ca:8d:dc                   Linux                  2.6.X  server         
202.108.22.220                                      Unknown                       device         
220.181.37.10                                       Unknown                       device         
220.181.57.216                                      Unknown                       device         

# 通過 -c 指定顯示的列
hosts -c address,os_name

Hosts
=====

address         os_name
-------         -------
14.215.178.80   Unknown
112.80.248.64   Unknown
120.209.138.64  Unknown
180.76.76.92    Unknown
192.168.10.1    Unknown
192.168.10.122  Windows XP
192.168.10.128  Windows XP
192.168.10.254  Linux
202.108.22.220  Unknown
220.181.37.10   Unknown
220.181.57.216  Unknown

# 通過-S 搜索包含關(guān)鍵字啊的信息
hosts -S Windows

Hosts
=====

address         mac                name             os_name     os_flavor  os_sp  purpose  info  comments
-------         ---                ----             -------     ---------  -----  -------  ----  --------
192.168.10.122  78:dd:08:ca:8d:dc  ROOT-TVI862UBEH  Windows XP                    client         
192.168.10.128  78:dd:08:ca:8d:dc  DH-CA8822AB9589  Windows XP             SP3    client    

# 通過 -h 參數(shù)查看更詳細(xì)的信息 

msf > hosts -h
Usage: hosts [ options ] [addr1 addr2 ...]

OPTIONS:
  -a,--add          Add the hosts instead of searching
  -d,--delete       Delete the hosts instead of searching
  -c <col1,col2>    Only show the given columns (see list below)
  -C <col1,col2>    Only show the given columns until the next restart (see list below)
  -h,--help         Show this help information
  -u,--up           Only show hosts which are up
  -o <file>         Send output to a file in csv format
  -O <column>       Order rows by specified column number
  -R,--rhosts       Set RHOSTS from the results of the search
  -S,--search       Search string to filter by
  -i,--info         Change the info of a host
  -n,--name         Change the name of a host
  -m,--comment      Change the comment of a host
  -t,--tag          Add or specify a tag to a range of hosts

Available columns: address, arch, comm, comments, created_at, cred_count, detected_arch, exploit_attempt_count, host_detail_count, info, mac, name, note_count, os_family, os_flavor, os_lang, os_name, os_sp, purpose, scope, service_count, state, updated_at, virtual_host, vuln_count, tags

查看當(dāng)前工作區(qū)掃描過的主機(jī)的端口信息

# 查看所有的端口服務(wù)
services

Services
========

host            port  proto  name            state  info
----            ----  -----  ----            -----  ----
192.168.10.1    80    tcp                    open   
192.168.10.122  21    tcp    ftp             open   Microsoft ftpd
192.168.10.122  80    tcp    http            open   Microsoft IIS httpd 6.0
192.168.10.122  135   tcp    msrpc           open   Microsoft Windows RPC
192.168.10.122  139   tcp    netbios-ssn     open   Microsoft Windows netbios-ssn
192.168.10.122  445   tcp    microsoft-ds    open   Windows Server 2003 3790 microsoft-ds
192.168.10.122  777   tcp    multiling-http  open   
192.168.10.122  1025  tcp    msrpc           open   Microsoft Windows RPC
192.168.10.122  1026  tcp    msrpc           open   Microsoft Windows RPC
192.168.10.122  1027  tcp    msrpc           open   Microsoft Windows RPC
192.168.10.122  1029  tcp    msrpc           open   Microsoft Windows RPC
192.168.10.122  6002  tcp    http            open   SafeNet Sentinel Protection Server 7.3

# 查看特定的服務(wù)
services -s ftp

Services
========

host            port  proto  name  state  info
----            ----  -----  ----  -----  ----
192.168.10.122  21    tcp    ftp   open   Microsoft ftpd
192.168.10.254  21    tcp    ftp   open   ProFTPD 1.3.1

# 查看特定的端口
services -p 22
Services
========

host            port  proto  name  state  info
----            ----  -----  ----  -----  ----
192.168.10.254  22    tcp    ssh   open   OpenSSH 4.7p1 Debian 8ubuntu1 protocol 2.0

# 查看只包含關(guān)鍵字的信息
services -S Apache

Services
========

host            port  proto  name   state  info
----            ----  -----  ----   -----  ----
192.168.10.254  80    tcp    http   open   Apache httpd 2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch
192.168.10.254  8009  tcp    ajp13  open   Apache Jserv Protocol v1.3
192.168.10.254  8180  tcp    http   open   Apache Tomcat/Coyote JSP engine 1.1


# 通過 -h 查看更詳細(xì)的使用幫助

Usage: services [-h] [-u] [-a] [-r <proto>] [-p <port1,port2>] [-s <name1,name2>] [-o <filename>] [addr1 addr2 ...]

  -a,--add          Add the services instead of searching
  -d,--delete       Delete the services instead of searching
  -c <col1,col2>    Only show the given columns
  -h,--help         Show this help information
  -s <name1,name2>  Search for a list of service names
  -p <port1,port2>  Search for a list of ports
  -r <protocol>     Only show [tcp|udp] services
  -u,--up           Only show services which are up
  -o <file>         Send output to a file in csv format
  -O <column>       Order rows by specified column number
  -R,--rhosts       Set RHOSTS from the results of the search
  -S,--search       Search string to filter by

Available columns: created_at, info, name, port, proto, state, updated_at