管理平台接口是什么,了解接口的作用和用途
532
2022-10-02
Metasploit实战一之——使用OpenVAS进行漏洞扫描
Metasploit实战一之——使用OpenVAS进行漏洞扫描
攻击机: Kali 192.168.205.128
靶机: Win2012 R2 192.168.205.130
注:Kali中安装OpenVAS可以参考:《Kali之——OpenVAS 8.0 Vulnerability Scanning》
1.在Metasploit中加载OpenVAS插件
为了将OpenVAS整合到Metasploit中,首先需要在Metasploit中加载OpenVAS插件。
msfconsoleloadload openvasmsf > load load aggregator load db_credcollect load ips_filter load msfd load openvas load sample load sounds load token_hunter load alias load db_tracker load komand load msgrpc load pcap_log load session_notifier load sqlmap load wiki load auto_add_route load event_tester load lab load nessus load request load session_tagger load thread load wmap load beholder load ffautoregen load libnotify load nexpose load rssfeed load socket_logger load token_adduser msf > load openvas [*] Welcome to OpenVAS integration by kost and averagesecurityguy.[*] [*] OpenVAS integration requires a database connection. Once the [*] database is ready, connect to the OpenVAS server using openvas_connect.[*] For additional commands use openvas_help.[*] [*] Successfully loaded plugin: OpenVAS
2.将Metasploit中的OpenVAS插件与OpenVAS软件本身连接
可以通过在命令openvas_connect后面添加用户凭证、服务器地址、端口号和SSL状态实现,如下命令所示:
openvas_connect admin admin localhost 9390 okmsf > openvas_connect admin admin localhost 9390 ok[*] Connecting to OpenVAS instance at localhost:9390 with username admin.../usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.[+] OpenVAS connection successful
3.创建工作区
3-1.查看帮助信息
workspace -hmsf > workspace -hUsage: workspace List workspaces workspace -v List workspaces verbosely workspace [name] Switch workspace workspace -a [name] ... Add workspace(s) workspace -d [name] ... Delete workspace(s) workspace -D Delete all workspaces workspace -r
3-2.创建一个名为NetScan的工作区
workspace -a NetScanmsf > workspace -a NetScan[*] Added workspace: NetScan
3-3.切换到NetScan工作区
workspace NetScanmsf > workspace NetScan [*] Workspace: NetScan
4.创建目标
可以使用命令openvas_target_create来创建任意数量的目标。
openvas_target_createopenvas_target_create outer 192.168.205.130 Outer_Interfacemsf > openvas_target_create [*] Usage: openvas_target_create
这里,我们创建了IP地址为192.168.205.130的目标,名字为outer,备注为Outer-Interface,我们需要记住这个目标的ID:275520c1-9a9e-4e49-865a-cd22ca4f3c6f
5.定义策略
可以使用openvas_config_list命令列出示例策略。
openvas_config_listmsf > openvas_config_list/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.[+] OpenVAS list of configsID Name-- ----085569ce-73ed-11df-83c3-002264764cea empty2d3f051c-55ba-11e3-bf43-406186ea4fc5 Host Discovery698f691e-7489-11df-9d8c-002264764cea Full and fast ultimate708f25c4-7489-11df-8094-002264764cea Full and very deep74db13d6-7489-11df-91b9-002264764cea Full and very deep ultimate8715c877-47a0-438d-98a3-27c7a6ab2196 Discoverybbca7412-a950-11e3-9109-406186ea4fc5 System Discoverydaba56c8-73ec-11df-a475-002264764cea Full and fast
这里,我们选择Full and fast策略,同样我们需要记住这个策略ID:daba56c8-73ec-11df-a475-002264764cea
6.创建扫描任务
这里我们使用的命令是openvas_task_create
首先,我们查看下目标列表
openvas_target_listmsf > openvas_target_list/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.[+] OpenVAS list of targetsID Name Hosts Max Hosts In Use Comment-- ---- ----- --------- ------ -------275520c1-9a9e-4e49-865a-cd22ca4f3c6f outer 192.168.205.130 1 0 Outer_Interface
接着创建扫描任务
openvas_task_createopenvas_task_create Netscan ScanForVulns 策略id 目标idmsf > openvas_task_create [*] Usage: openvas_task_create
这里的目标id就是第4步中创建的目标id,策略id就是第5步中创建的策略id
这里,我们也需要记下这个任务id:f1311593-6ffb-4eef-817f-3c0f1df521b7
7.开始扫描
openvas_task_startopenvas_task_start 任务idmsf > openvas_task_start[*] Usage: openvas_task_start
这里的任务id就是第6步中得出的任务id
8.查看任务进度
openvas_task_listmsf > openvas_task_list /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.[+] OpenVAS list of tasksID Name Comment Status Progress-- ---- ------- ------ --------f1311593-6ffb-4eef-817f-3c0f1df521b7 Netscan ScanForVulns Running 94msf > openvas_task_list /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.[+] OpenVAS list of tasksID Name Comment Status Progress-- ---- ------- ------ --------f1311593-6ffb-4eef-817f-3c0f1df521b7 Netscan ScanForVulns Done -1
9.列出扫描报告
openvas_report_listmsf > openvas_report_list /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead./usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.[+] OpenVAS list of reportsID Task Name Start Time Stop Time-- --------- ---------- ---------cdfbf3e8-cf79-4f5e-a34d-6076457bd16b Netscan 2019-01-20T09:39:11Z 2019-01-20T09:44:11Z
这些报告可以下载,如果需要导出报告,那么我们就要选择一个报告id
10.查看所有的格式ID
openvas_format_listmsf > openvas_format_list /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.[+] OpenVAS list of report formatsID Name Extension Summary-- ---- --------- -------5057e5cc-b825-11e4-9d0e-28d24461215b Anonymous XML xml Anonymous version of the raw XML report50c9950a-f326-11e4-800c-28d24461215b Verinice ITG vna Greenbone Verinice ITG Report, v1.0.1.5ceff8ba-1f62-11e1-ab9f-406186ea4fc5 CPE csv Common Product Enumeration CSV table.6c248850-1f62-11e1-b082-406186ea4fc5 HTML html Single page HTML report.77bd6c4a-1f62-11e1-abf0-406186ea4fc5 ITG csv German "IT-Grundschutz-Kataloge" report.9087b18c-626c-11e3-8892-406186ea4fc5 CSV Hosts csv CSV host summary.910200ca-dc05-11e1-954f-406186ea4fc5 ARF xml Asset Reporting Format v1.0.0.9ca6fe72-1f62-11e1-9e7c-406186ea4fc5 NBE nbe Legacy OpenVAS report.9e5e5deb-879e-4ecc-8be6-a71cd0875cdd Topology SVG svg Network topology SVG image.a3810a62-1f62-11e1-9219-406186ea4fc5 TXT txt Plain text report.a684c02c-b531-11e1-bdc2-406186ea4fc5 LaTeX tex LaTeX source file.a994b278-1f62-11e1-96ac-406186ea4fc5 XML xml Raw XML report.c15ad349-bd8d-457a-880a-c7056532ee15 Verinice ISM vna Greenbone Verinice ISM Report, v3.0.0.c1645568-627a-11e3-a660-406186ea4fc5 CSV Results csv CSV result list.c402cc3e-b531-11e1-9163-406186ea4fc5 PDF pdf Portable Document Format report.
11.将报告导入数据库
这里使用openvas_report_import命令后面加上报告ID和格式ID导入到数据库中。
openvas_report_import 报告id 格式idmsf > openvas_report_import cdfbf3e8-cf79-4f5e-a34d-6076457bd16b a994b278-1f62-11e1-96ac-406186ea4fc5/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead./usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.[*] Importing report to database.
12.查看MSF中的漏洞数据库
将报告成功导入数据库之后,就可以使用vulns命令查看MSF中的漏洞数据库,如下所示:
msf > vulns[*] Time: 2019-01-20 09:48:02 UTC Vuln: host=192.168.205.130 name=ICMP Timestamp Detection refs=CVE-1999-0524
13.通过浏览器访问
所有的漏洞都已经保存到了数据库中,我们还可以通过浏览器9392端口来登录Greenbone助手,对漏洞数量进行交替确认,并深入了解这些漏洞的细节。如下图所示:
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
相关文章
发表评论
暂时没有评论,来抢沙发吧~