168.1.230:
PORT STATE SERVICE
445/tcp open microsoft-ds
Nmap finished: 256 IP addresses (4 hosts up) scanned in 19.097 seconds
Nmap found three interesting hosts.We can enumerate the hosts or the services using
db_hosts and db_services.
msf > db_hosts
[*] Host: 192.168.1.220
[*] Host: 192.168.1.115
[*] Host: 192.168.1.230
msf > db_services
[*] Service: host=192.168.1.220 port=445 proto=tcp state=up name=microsoft-ds
[*] Service: host=192.168.1.115 port=445 proto=tcp state=up name=microsoft-ds
[*] Service: host=192.168.1.230 port=445 proto=tcp state=up name=microsoft-ds
This is the time to pause for a moment and inspect the host and service list. The goal
of db_autopwn is to throw as many exploits as possible against each of these IP
addresses on each of these ports. Always be very sure before choosing the Go button that
you have permission to exploit these hosts. If you??™re following along on your own network
and are comfortable with the list of hosts and services, move on to the db_
autopwn command.
msf > db_autopwn
[*] Usage: db_autopwn [options]
-h Display this help text
-t Show all matching exploit modules
-x Select modules based on vulnerability references
-p Select modules based on open ports
-e Launch exploits against all matched targets
-s Only obtain a single shell per target system (NONFUNCTIONAL)
-r Use a reverse connect shell
-b Use a bind shell on a random port
-I [range] Only exploit hosts inside this range
-X [range] Always exclude hosts inside this range
The db_autopwn module gives you a chance to show the list of exploits it plans to
use, and to select that list of exploits based on open ports (nmap) or vulnerability references
(nessus).
Pages:
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270