• Scanning for Targets | 181
    		•

    Learning Kali Linux




    Download 22,59 Mb.
    Pdf ko'rish
    bet166/225
    Sana14.05.2024
    Hajmi22,59 Mb.
    #232856
    1   ...   162   163   164   165   166   167   168   169   ...   225
    Bog'liq
    learningkalilinux

    Vulnerability Scans
    SMB is a good target to investigate further, simply because of how commonly it’s
    used. Even without credentials, we can perform vulnerability scans from inside Meta‐
    sploit. Over the years, vulnerabilities have been exposed in Windows related to SMB
    and the Common Internet File System (CIFS). Some of those vulnerabilities have
    exploits available in Metasploit, but before going through the process of running the
    exploit, you can check whether the system may be vulnerable to the known issue. The
    SMB vulnerabilities are not the only ones that have checks available, but since we are
    working with a Windows system and have been looking at the SMB systems, we may
    as well check for vulnerabilities. In 
    Example 6-6
    , we’ll take a look to see if our Meta‐
    sploitable 3 system is vulnerable to MS17-010, also known as 
    EternalBlue
    .
    EternalBlue is one of the exploits that was developed by the
    National Security Agency (NSA), later leaked by the Shadow Brok‐
    ers group. It was used as part of the WannaCry ransomware attack.
    Scanning for Targets | 181

    We’re going to load another auxiliary module that will check for the vulnerability
    for us.
    Example 6-6. Scanning a target for MS17-010
    msf auxiliary
    (
    scanner/smb/smb_enumshares
    )
    > use auxiliary/scanner/smb/smb_ms17_010
    msf auxiliary
    (
    scanner/smb/smb_ms17_010
    )
    > show options
    Module options 
    (
    auxiliary/scanner/smb/smb_ms17_010
    )
    :
    Name Current Setting Required Description
    ---- --------------- -------- -----------
    CHECK_ARCH
    true
    yes Check 
    for
    architecture on vulnerable hosts
    CHECK_DOPU
    true
    yes Check 
    for
    DOUBLEPULSAR on vulnerable hosts
    RHOSTS yes The target address range or CIDR identifier
    RPORT
    445
    yes The SMB service port 
    (
    TCP
    )
    SMBDomain . no The Windows domain to use 

    Download 22,59 Mb.
    1   ...   162   163   164   165   166   167   168   169   ...   225




    Download 22,59 Mb.
    Pdf ko'rish