• B правой части каждого сообщения есть стрелки и . Не стесняйтесь оценивать ответы. Чтобы автору вопроса закрыть свой тикет, надо выбрать лучший ответ. Просто нажмите значок в правой части сообщения.

  • Курсы Академии Кодебай, стартующие в мае - июне, от команды The Codeby

    1. Цифровая криминалистика и реагирование на инциденты
    2. ОС Linux (DFIR) Старт: 16 мая
    3. Анализ фишинговых атак Старт: 16 мая Устройства для тестирования на проникновение Старт: 16 мая

    Скидки до 10%

    Полный список ближайших курсов ...

Вопрос по определению эксплойтов по баннерам

Th30ne3Hack

New member
08.07.2020
1
0
BIT
0
Вопрос по определению эксплойтов по баннерам
Беру Metasploitable и сканю nmap, эспортируя в xml файл

Код:
nmap -n -Pn -p- --open -sV -vvv --script banner Metasploitable.host -oX file.xml

Далее searchsploit ищю по файлу экплойты

Код:
searchsploit --nmap file.xml

Получаю, вот такое полотенце
Код:
Хранитель Библиотеки, [19.07.20 18:25]
Вопрос по определению эксплойтов по баннерам
Беру Metasploitable и сканю nmap, эспортируя в xml файл

nmap -n -Pn -p- --open -sV -vvv --script banner Metasploitable.host -oX file.xml

Далее searchsploit ищю по файлу экплойты

searchsploit --nmap file.xml

Получаю, вот такое полотенце


[i] SearchSploit's XML mode (without verbose enabled).   To enable: searchsploit -v --xml...
[i] Reading: 'file.xml'

[-] Skipping term: ftp   (Term is too general. Please re-search manually: /usr/bin/searchsploit -t ftp)

[i] /usr/bin/searchsploit -t proftpd
---------------------------------------------- ---------------------------------
Exploit Title                                |  Path
---------------------------------------------- ---------------------------------
FreeBSD - 'ftpd / ProFTPd' Remote Command Exe | freebsd/remote/18181.txt
ProFTPd - 'ftpdctl' 'pr_ctrls_connect' Local  | linux/local/394.c
ProFTPd - 'mod_mysql' Authentication Bypass   | multiple/remote/8037.txt
ProFTPd - 'mod_sftp' Integer Overflow Denial  | linux/dos/16129.txt
ProFTPd 1.2 - 'SIZE' Remote Denial of Service | linux/dos/20536.java
ProFTPd 1.2 < 1.3.0 (Linux) - 'sreplace' Remo | linux/remote/16852.rb
ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote | linux/remote/19475.c
ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote | linux/remote/19476.c
ProFTPd 1.2 pre6 - 'snprintf' Remote Root     | linux/remote/19503.txt
ProFTPd 1.2.0 pre10 - Remote Denial of Servic | linux/dos/244.java
ProFTPd 1.2.0 rc2 - Memory Leakage            | linux/dos/241.c
ProFTPd 1.2.10 - Remote Users Enumeration     | linux/remote/581.c
ProFTPd 1.2.7 < 1.2.9rc2 - Remote Code Execut | linux/remote/110.c
ProFTPd 1.2.7/1.2.8 - '.ASCII' File Transfer  | linux/dos/23170.c
ProFTPd 1.2.9 RC1 - 'mod_sql' SQL Injection   | linux/remote/43.pl
ProFTPd 1.2.9 rc2 - '.ASCII' File Remote Code | linux/remote/107.c
ProFTPd 1.2.9 rc2 - '.ASCII' File Remote Code | linux/remote/3021.txt
ProFTPd 1.2.x - 'STAT' Denial of Service      | linux/dos/22079.sh
ProFTPd 1.3 - 'mod_sql' 'Username' SQL Inject | multiple/remote/32798.pl
ProFTPd 1.3.0 (OpenSUSE) - 'mod_ctrls' Local  | unix/local/10044.pl
ProFTPd 1.3.0 - 'sreplace' Remote Stack Overf | linux/remote/2856.pm
ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' 'support'  | linux/local/3330.pl
ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' 'support'  | linux/local/3333.pl
ProFTPd 1.3.0/1.3.0a - 'mod_ctrls' exec-shiel | linux/local/3730.txt
ProFTPd 1.3.0a - 'mod_ctrls' 'support' Local  | linux/dos/2928.py
ProFTPd 1.3.2 rc3 < 1.3.3b (FreeBSD) - Telnet | linux/remote/16878.rb
ProFTPd 1.3.2 rc3 < 1.3.3b (Linux) - Telnet I | linux/remote/16851.rb
ProFTPd 1.3.3c - Compromised Source Backdoor  | linux/remote/15662.txt
ProFTPd 1.3.5 - 'mod_copy' Command Execution  | linux/remote/37262.rb
ProFTPd 1.3.5 - 'mod_copy' Remote Command Exe | linux/remote/36803.py
ProFTPd 1.3.5 - File Copy                     | linux/remote/36742.txt
ProFTPd 1.x - 'mod_tls' Remote Buffer Overflo | linux/remote/4312.c
ProFTPd IAC 1.3.x - Remote Command Execution  | linux/remote/15449.pl
ProFTPd-1.3.3c - Backdoor Command Execution ( | linux/remote/16921.rb
WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFT | linux/remote/19086.c
WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFT | linux/remote/19087.c
WU-FTPD 2.4/2.5/2.6 / Trolltech ftpd 1.2 / Pr | linux/remote/20690.sh
---------------------------------------------- ---------------------------------
Shellcodes: No Results
Papers: No Results


[-] Skipping term: ssh   (Term is too general. Please re-search manually: /usr/bin/searchsploit -t ssh)

[i] /usr/bin/searchsploit -t openssh
---------------------------------------------- ---------------------------------
Exploit Title                                |  Path
---------------------------------------------- ---------------------------------
Debian OpenSSH - (Authenticated) Remote SELin | linux/remote/6094.txt
Dropbear / OpenSSH Server - 'MAX_UNAUTH_CLIEN | multiple/dos/1572.pl
FreeBSD OpenSSH 3.5p1 - Remote Command Execut | freebsd/remote/17462.txt
glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x -  | linux/local/258.sh
Novell Netware 6.5 - OpenSSH Remote Stack Ove | novell/dos/14866.txt
OpenSSH 1.2 - '.scp' File Create/Overwrite    | linux/remote/20253.sh
OpenSSH 2.3 < 7.7 - Username Enumeration      | linux/remote/45233.py
OpenSSH 2.3 < 7.7 - Username Enumeration (PoC | linux/remote/45210.py
OpenSSH 2.x/3.0.1/3.0.2 - Channel Code Off-by | unix/remote/21314.txt
OpenSSH 2.x/3.x - Kerberos 4 TGT/AFS Token Bu | linux/remote/21402.txt
OpenSSH 3.x - Challenge-Response Buffer Overf | unix/remote/21578.txt
OpenSSH 3.x - Challenge-Response Buffer Overf | unix/remote/21579.txt
OpenSSH 4.3 p1 - Duplicated Block Remote Deni | multiple/dos/2444.sh
OpenSSH 6.8 < 6.9 - 'PTY' Local Privilege Esc | linux/local/41173.c
OpenSSH 7.2 - Denial of Service               | linux/dos/40888.py
OpenSSH 7.2p1 - (Authenticated) xauth Command | multiple/remote/39569.py
OpenSSH 7.2p2 - Username Enumeration          | linux/remote/40136.py
OpenSSH < 6.6 SFTP (x64) - Command Execution  | linux_x86-64/remote/45000.c
OpenSSH < 6.6 SFTP - Command Execution        | linux/remote/45001.py
OpenSSH < 7.4 - 'UsePrivilegeSeparation Disab | linux/local/40962.txt
OpenSSH < 7.4 - agent Protocol Arbitrary Libr | linux/remote/40963.txt
OpenSSH < 7.7 - User Enumeration (2)          | linux/remote/45939.py
OpenSSH SCP Client - Write Arbitrary Files    | multiple/remote/46516.py
OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users | linux/remote/26.sh
OpenSSH/PAM 3.6.1p1 - Remote Users Discovery  | linux/remote/25.c
OpenSSHd 7.2p2 - Username Enumeration         | linux/remote/40113.txt
Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing | multiple/remote/3303.sh
---------------------------------------------- ---------------------------------
Shellcodes: No Results
---------------------------------------------- ---------------------------------
Paper Title                                  |  Path
---------------------------------------------- ---------------------------------
Roaming Through the OpenSSH Client: CVE-2016- | english/39247-roaming-through-th
---------------------------------------------- ---------------------------------

[i] /usr/bin/searchsploit -t telnet
---------------------------------------------- ---------------------------------
Exploit Title                                |  Path
---------------------------------------------- ---------------------------------
3Com SuperStack II PS Hub 40 - TelnetD Weak P | hardware/remote/21011.pl
602Pro LAN SUITE 2002 - Telnet Proxy localhos | windows/dos/21694.pl
AbsoluteTelnet 10.16 - 'License name' Denial  | windows/dos/46874.py
AbsoluteTelnet 11.12 - 'license name' Denial  | windows/dos/48006.py
AbsoluteTelnet 11.12 - 'SSH1/username' Denial | windows/dos/48305.py
AbsoluteTelnet 11.12 - 'SSH2/username' Denial | windows/dos/48010.py
AbsoluteTelnet 11.12 - _license name_ Denial  | windows/dos/48005.py
AbsoluteTelnet 11.21 - 'Username' Denial of S | windows/dos/48493.py
APC WEB/SNMP Management Card (9606) Firmware  | hardware/dos/20654.pl
Apple Mac OSX 10.2 - Terminal.APP Telnet Link | osx/local/21815.txt
Arescom NetDSL-1000 - 'TelnetD' Remote Denial | hardware/dos/1464.c
Beck IPC GmbH IPC@CHIP - TelnetD Login Accoun | multiple/remote/20881.txt
BSD - 'TelnetD' Remote Command Execution (1)  | bsd/remote/409.c
BSD - 'TelnetD' Remote Command Execution (2)  | bsd/remote/19520.txt
Byte Fusion BFTelnet 1.1 - Long Username Deni | windows/dos/19596.txt
CCProxy 6.2 - Telnet Proxy Ping Overflow (Met | windows/remote/4360.rb
Celestial Software AbsoluteTelnet 2.0/2.11 -  | windows/remote/22229.pl
D-Link Devices - UPnP SOAP TelnetD Command Ex | unix/remote/28333.rb
FreeBSD - Telnet Service Encryption Key ID Bu | bsd/remote/18369.rb
FreeBSD 7.0-RELEASE - Telnet Daemon Privilege | freebsd/local/8055.txt
GNU inetutils < 1.9.4 - 'telnet.c' Multiple O | linux/dos/45982.txt
GoodTech Telnet Server 4.0 - Remote Denial of | windows/dos/23506.txt
GoodTech Telnet Server 5.0.6 - Remote Buffer  | windows/remote/16817.rb
GoodTech Telnet Server < 5.0.7 - Buffer Overf | windows/dos/882.cpp
GoodTech Telnet Server < 5.0.7 - Remote Buffe | windows/remote/883.c
GoodTech Telnet Server NT 2.2.1 - Denial of S | windows/dos/19666.txt
Herospeed - 'TelnetSwitch' Remote Stack Overf | hardware/remote/43997.py
Hilgraeve HyperTerminal 6.0 - Telnet Buffer O | windows/dos/20307.txt
IRIX 5.2/5.3/6.x - TelnetD Environment Variab | irix/remote/20149.c
Jordan Windows Telnet Server 1.0/1.2 - 'Usern | windows/remote/23491.pl
Jordan Windows Telnet Server 1.0/1.2 - 'Usern | windows/remote/23492.c
Jordan Windows Telnet Server 1.0/1.2 - 'Usern | windows/remote/23493.txt
Kroum Grigorov KpyM Telnet Server 1.0 - Remot | windows/dos/23530.c
Linux BSD-derived Telnet Service Encryption K | linux/remote/18368.rb
Microsoft Internet Explorer 5.0.1/5.5/6.0 - T | windows/remote/20680.html
Microsoft Windows 95/98 Internet Explorer 5/T | windows/local/19462.c
Microsoft Windows NT 3.5.1 SP2/3.5.1 SP3/3.5. | windows/remote/19113.txt
Microsoft Windows Server 2000 - 'telnet.exe'  | windows/remote/20222.cpp
Microsoft Windows Server 2000 - Telnet 'Usern | windows/dos/20907.sh
Microsoft Windows Server 2000 - Telnet Server | windows/dos/20047.txt
Multiple Vendor Telnet Client - Env_opt_add H | linux/dos/25303.txt
Netgear - 'TelnetEnable' Magic Packet (Metasp | hardware/remote/44245.rb
netkit-telnet-0.17 telnetd (Fedora 31) - 'Bra | linux/remote/48170.py
NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overf | hardware/remote/45427.py
Polycom HDX - Telnet Authentication Bypass (M | hardware/remote/24494.rb
Pragma Systems InterAccess TelnetD Server 4.0 | windows/dos/19755.txt
Pragma Systems InterAccess TelnetD Server 4.0 | windows/dos/19760.txt
Pragma Systems InterAccess TelnetD Server 4.0 | windows/dos/20904.pl
Pragma TelnetServer 7.0.4.589 - NULL-Pointer  | multiple/dos/30991.txt
PragmaSys TelnetServer 2000 - rexec Buffer Ov | windows/dos/20175.pl
ProFTPd 1.3.2 rc3 < 1.3.3b (FreeBSD) - Telnet | linux/remote/16878.rb
ProFTPd 1.3.2 rc3 < 1.3.3b (Linux) - Telnet I | linux/remote/16851.rb
Sagem F@st 3304-V2 - Telnet Crash (PoC)       | hardware/dos/36309.py
Sagem Router Fast 3304/3464/3504 - Telnet Aut | hardware/remote/17670.py

Solaris 10/11 Telnet - Remote Authentication  | solaris/remote/9918.rb
Solaris 2.6/7/8 - 'TTYPROMPT in.telnet' Remot | solaris/remote/57.txt
Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x  | unix/remote/21018.c
Solaris TelnetD - 'TTYPROMPT' Remote Buffer O | solaris/remote/16327.rb
Solaris TelnetD - 'TTYPROMPT' Remote Buffer O | solaris/remote/9917.rb
Sun Solaris Telnet - Remote Authentication By | solaris/remote/16328.rb
SunOS 5.10/5.11 in.TelnetD - Remote Authentic | solaris/remote/3293.sh
Telnet-Ftp Service Server 1.x - (Authenticate | windows/remote/8273.c
TelnetD encrypt_keyid - Function Pointer Over | linux/remote/18280.c
Verso NetPerformer Frame Relay Access Device  | multiple/dos/28542.pl
---------------------------------------------- ---------------------------------
---------------------------------------------- ---------------------------------
Shellcode Title                              |  Path
---------------------------------------------- ---------------------------------
Google Android - Bind (1035/TCP) Telnetd Shel | android/38194.c
Linux/x86 - Reverse (200.182.207.235/TCP) Tel | linux_x86/13435.c
Windows/x86 - Add Administrator User (GAZZA/1 | windows_x86/13508.asm
---------------------------------------------- ---------------------------------
Papers: No Results


[i] /usr/bin/searchsploit -t linux telnetd
[i] /usr/bin/searchsploit -t smtp
---------------------------------------------- ---------------------------------
Exploit Title                                |  Path
---------------------------------------------- ---------------------------------
AA SMTP Server 1.1 - Crash (PoC)              | windows/dos/14990.txt
Alt-N MDaemon 6.5.1 - IMAP/SMTP Remote Buffer | windows/remote/473.c
Alt-N MDaemon 6.5.1 SMTP Server - Multiple Co | windows/remote/24624.c
Alt-N MDaemon Server 2.71 SP1 - SMTP HELO Arg | windows/dos/23146.c
Apache James Server 2.2 - SMTP Denial of Serv | multiple/dos/27915.pl
BaSoMail 1.24 - SMTP Server Command Buffer Ov | windows/dos/22668.txt
BaSoMail Server 1.24 - POP3/SMTP Remote Denia | windows/dos/594.pl
BL4 SMTP Server < 0.1.5 - Remote Buffer Overf | windows/dos/1721.pl
Blat 2.7.6 SMTP / NNTP Mailer - Local Buffer  | windows/local/38472.py
BulletProof FTP Server 2019.0.0.50 - 'SMTP Se | windows/dos/46422.py
Cisco PIX Firewall 4.x/5.x - SMTP Content Fil | hardware/remote/20231.txt
Citadel SMTP 7.10 - Remote Overflow           | windows/remote/4949.txt
Cobalt Raq3 PopRelayD - Arbitrary SMTP Relay  | linux/remote/20994.txt
CodeBlue 5.1 - SMTP Response Buffer Overflow  | windows/remote/21643.c
CommuniCrypt Mail 1.16 - 'ANSMTP.dll/AOSMTP.d | windows/remote/12663.html
CommuniCrypt Mail 1.16 - SMTP ActiveX Stack B | windows/remote/16566.rb
Computalynx CMail 2.3 SP2/2.4 - SMTP Buffer O | windows/remote/19495.c
DeepOfix SMTP Server 3.3 - Authentication Byp | linux/remote/29706.txt
dSMTP Mail Server 3.1b (Linux) - Format Strin | linux/remote/981.c
EasyMail Objects 'EMSMTP.DLL 6.0.1' - ActiveX | windows/remote/10007.html
EType EServ 2.9x - SMTP Remote Denial of Serv | windows/dos/22123.pl
Eudora 7.1 - SMTP ResponseRemote Remote Buffe | windows/remote/3934.py
Exim ESMTP 4.80 - glibc gethostbyname Denial  | linux/dos/35951.py
FloosieTek FTGate PRO 1.22 - SMTP MAIL FROM B | windows/dos/22568.pl
FloosieTek FTGate PRO 1.22 - SMTP RCPT TO Buf | windows/dos/22569.pl
Free SMTP Server 2.2 - Spam Filter            | windows/remote/1193.pl
Free SMTP Server 2.5 - Denial of Service (PoC | windows/dos/46937.py
GoodTech SMTP Server 5.14 - Denial of Service | windows/dos/1162.pl
Hastymail 1.x - IMAP SMTP Command Injection   | php/webapps/28777.txt
i.Scribe SMTP Client 2.00b - 'wscanf' Remote  | windows/dos/7249.php
Inetserv 3.23 - SMTP Denial of Service        | windows/dos/16035.py
Inframail Advantage Server Edition 6.0 < 6.37 | windows/dos/1165.pl
Ipswitch Imail Server 5.0 - SMTP HELO Argumen | windows/dos/23145.c
iScripts AutoHoster - 'main_smtp.php' Travers | php/webapps/38889.txt
Jack De Winter WinSMTP 1.6 f/2.0 - Buffer Ove | windows/dos/20221.pl

LeadTools Imaging LEADSmtp - ActiveX Control  | windows/remote/35880.html
Lotus Domino 4.6.1/4.6.4 Notes - SMTPA MTA Ma | multiple/dos/19368.sh
Lotus Domino SMTP Router & Email Server and C | multiple/dos/17549.txt
MailEnable 1.x - SMTP 'HELO' Remote Denial of | windows/dos/28103.pl
MailEnable 2.x - SMTP NTLM Multiple Authentic | windows/dos/28735.pl
MailEnable 3.13 SMTP Service - 'VRFY/EXPN' De | windows/dos/5235.py
MailEnable Enterprise 1.x - SMTP Remote Denia | windows/dos/916.pl
MAILsweeper SMTP 4.2.1 + F-Secure Anti-Virus  | windows/dos/21006.txt
Mailtraq 2.1.0.1302 - Remote Format String SM | windows/dos/22780.txt
Majordomo2 - 'SMTP/HTTP' Directory Traversal  | multiple/remote/16103.txt
MDaemon SMTP Server 5.0.5 - Null Password Aut | windows/remote/23002.txt
Mercury/32 Mail Server 3.32 < 4.51 - SMTP EIP | windows/remote/4316.cpp
Mercury/32 Mail SMTPD - AUTH CRAM-MD5 Buffer  | windows/remote/16821.rb
Mercury/32 Mail SMTPD - Remote Stack Overrun  | windows/dos/4294.pl
Mercury/32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 R | windows/remote/4301.cpp
Microsoft Exchange Server 4.0/5.0 - SMTP HELO | windows/remote/23113.c
Microsoft IIS 4.0/5.0 - SMTP Service Encapsul | windows/remote/21613.txt
Microsoft Windows - ANI LoadAniIcon() Chunk S | windows/remote/16698.rb
MIMEsweeper For SMTP - Multiple Cross-Site Sc | asp/webapps/38318.txt
Mock SMTP Server 1.0 - Remote Crash (PoC)     | windows/dos/37954.py
nbSMTP 0.99 - 'util.c' Client-Side Command Ex | linux/remote/1138.c
NetcPlus SmartServer 3.5.1 - SMTP Buffer Over | windows/remote/19494.c
Network Associates Webshield SMTP 4.5 - Inval | windows/dos/20432.txt
NJStar Communicator 3.00 - MiniSMTP Server Re | windows/remote/18057.rb
NJStar Communicator MiniSmtp - Buffer Overflo | windows/dos/18196.py
OpenSMTPD - MAIL FROM Remote Code Execution ( | linux/remote/48038.rb
OpenSMTPD - OOB Read Local Privilege Escalati | linux/local/48185.rb
OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Esc | openbsd/remote/48051.pl
OpenSMTPD 6.6.2 - Remote Code Execution       | linux/remote/47984.py
OpenSMTPD 6.6.3 - Arbitrary File Read         | linux/remote/48139.c
OpenSMTPD < 6.6.3p1 - Local Privilege Escalat | openbsd/remote/48140.c
Postcast Server Pro 3.0.61 / Quiksoft EasyMai | windows/remote/4328.html
Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Re | linux/remote/34896.py
Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man I | multiple/local/43500.txt
QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overfl | windows/remote/2649.c
QK SMTP 3.01 - 'RCPT TO' Remote Buffer Overfl | windows/remote/3067.txt
QK SMTP 3.01 - 'RCPT TO' Remote Denial of Ser | windows/dos/2625.c
QK SMTP Server - Malformed Commands Multiple  | multiple/dos/30885.txt
Qmail SMTP - Bash Environment Variable Inject | linux/remote/42938.rb
Qwik SMTP 0.3 - Format String                 | linux/remote/620.c
Sitemagic CMS - 'SMTpl' Directory Traversal   | php/webapps/35877.txt
SmartMax MailMax 1.0 - SMTP Buffer Overflow   | windows/remote/20600.c
Softek MailMarshal 4 / Trend Micro ScanMail 1 | multiple/remote/21029.pl
SoftiaCom wMailServer 1.0 - SMTP Remote Buffe | windows/remote/1463.pm
SPECTral Personal SMTP Server 0.4.2 - Denial  | windows/dos/899.pl
SquirrelMail PGP Plugin - Command Execution ( | linux/remote/16888.rb
sSMTP 2.62 - 'standardize()' Buffer Overflow  | linux/dos/34375.txt
SynaMan 4.0 build 1488 - SMTP Credential Disc | windows/webapps/45387.txt
SysGauge 1.5.18 - SMTP Validation Buffer Over | windows/remote/41672.rb
TABS MailCarrier 2.51 - SMTP 'EHLO' / 'HELO'  | windows/remote/598.py
TABS MailCarrier 2.51 - SMTP EHLO Overflow (M | windows/remote/16822.rb
YahooPOPs 1.6 - SMTP Port Buffer Overflow     | windows/remote/577.c
YahooPOPs 1.6 - SMTP Remote Buffer Overflow   | windows/remote/582.c
---------------------------------------------- ---------------------------------
Shellcodes: No Results
Papers: No Results


[i] /usr/bin/searchsploit -t postfix smtpd
[i] /usr/bin/searchsploit -t domain
[-] Skipping output: domain   (Too many results, 100+. You'll need to force a search: /usr/bin/searchsploit -t domain)

[i] /usr/bin/searchsploit -t isc bind
---------------------------------------------- ---------------------------------
Exploit Title                                |  Path
---------------------------------------------- ---------------------------------
ISC BIND (Linux/BSD) - Remote Buffer Overflow | linux/remote/19111.c
ISC BIND (Multiple OSes) - Remote Buffer Over | linux/remote/19112.c
ISC BIND 4.9.7 -T1B - named SIGINT / SIGIOT S | linux/local/19072.txt
ISC BIND 4.9.7/8.x - Traffic Amplification an | multiple/remote/19749.txt
ISC BIND 8 - Remote Cache Poisoning (1)       | linux/remote/30535.pl
ISC BIND 8 - Remote Cache Poisoning (2)       | linux/remote/30536.pl
ISC BIND 8.1 - Host Remote Buffer Overflow    | unix/remote/20374.c
ISC BIND 8.2.2 / IRIX 6.5.17 / Solaris 7.0 -  | unix/dos/19615.c
ISC BIND 8.2.2-P5 - Denial of Service         | linux/dos/20388.txt
ISC BIND 8.2.x - 'TSIG' Remote Stack Overflow | linux/remote/277.c
ISC BIND 8.2.x - 'TSIG' Remote Stack Overflow | linux/remote/279.c
ISC BIND 8.2.x - 'TSIG' Remote Stack Overflow | linux/remote/282.c
ISC BIND 8.2.x - 'TSIG' Remote Stack Overflow | solaris/remote/280.c
ISC BIND 8.3.x - OPT Record Large UDP Denial  | linux/dos/22011.c
ISC BIND 9 - Denial of Service                | multiple/dos/40453.py
ISC BIND 9 - Remote Dynamic Update Message De | multiple/dos/9300.c
ISC BIND 9 - TKEY (PoC)                       | multiple/dos/37721.c
ISC BIND 9 - TKEY Remote Denial of Service (P | multiple/dos/37723.py
Microsoft Windows Kernel - 'win32k!NtQueryCom | windows/dos/42750.cpp
Zabbix 2.0.5 - Cleartext ldap_bind_Password P | php/webapps/36157.rb
---------------------------------------------- ---------------------------------
Shellcodes: No Results
Papers: No Results


[-] Skipping term: http   (Term is too general. Please re-search manually: /usr/bin/searchsploit -t http)

[i] /usr/bin/searchsploit -t apache httpd
---------------------------------------------- ---------------------------------
Exploit Title                                |  Path
---------------------------------------------- ---------------------------------
Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-c | cgi/remote/20435.txt
Apache 1.1 / NCSA HTTPd 1.5.2 / Netscape Serv | multiple/dos/19536.txt
Apache Httpd mod_proxy - Error Page Cross-Sit | multiple/webapps/47688.md
Apache Httpd mod_rewrite - Open Redirects     | multiple/webapps/47689.md
NCSA 1.3/1.4.x/1.5 / Apache HTTPd 0.8.11/0.8. | multiple/remote/20595.txt
---------------------------------------------- ---------------------------------
Shellcodes: No Results
Papers: No Results


[i] /usr/bin/searchsploit -t netbios ssn
[i] /usr/bin/searchsploit -t samba smbd
[i] /usr/bin/searchsploit -t mysql
[-] Skipping output: mysql   (Too many results, 100+. You'll need to force a search: /usr/bin/searchsploit -t mysql)

Хранитель Библиотеки, [19.07.20 18:25]
[i] /usr/bin/searchsploit -t distccd
[i] /usr/bin/searchsploit -t postgresql
---------------------------------------------- ---------------------------------
Exploit Title                                |  Path
---------------------------------------------- ---------------------------------
PostgreSQL - 'bitsubstr' Buffer Overflow      | linux/dos/33571.txt
PostgreSQL 6.3.2/6.5.3 - Cleartext Passwords  | immunix/local/19875.txt
PostgreSQL 7.x - Multiple Vulnerabilities     | linux/dos/25076.c
PostgreSQL 8.01 - Remote Reboot (Denial of Se | multiple/dos/946.c
PostgreSQL 8.2/8.3/8.4 - UDF for Command Exec | linux/local/7855.txt
PostgreSQL 8.3.6 - Conversion Encoding Remote | linux/dos/32849.txt
PostgreSQL 8.3.6 - Low Cost Function Informat | multiple/local/32847.txt
PostgreSQL 8.4.1 - JOIN Hashtable Size Intege | multiple/dos/33729.txt
PostgreSQL 9.3 - COPY FROM PROGRAM Command Ex | multiple/remote/46813.rb
PostgreSQL 9.4-0.5.3 - Privilege Escalation   | linux/local/45184.sh
---------------------------------------------- ---------------------------------
Shellcodes: No Results
---------------------------------------------- ---------------------------------
Paper Title                                  |  Path
---------------------------------------------- ---------------------------------
Advanced PostgreSQL SQL Injection and Filter  | docs/english/12909-advanced-post
Having Fun With PostgreSQL                    | english/13084-having-fun-with-po
---------------------------------------------- ---------------------------------


[i] /usr/bin/searchsploit -t postgresql db
[i] /usr/bin/searchsploit -t ajp13
[i] /usr/bin/searchsploit -t apache jserv
[i] /usr/bin/searchsploit -t apache tomcat coyote jsp engine


Вопрос, я должен посмотреть версию и перепробывать все эксплойты под уязвимые демоны, и как узнать что именно этот демон уязвим не перебирая все что мне выдано ?
 

amstrot

Green Team
30.04.2016
23
5
BIT
0
Юзай AutoSploit через shodan, он "прочекает" все эксплойты которые есть в Metasploit плюс автоматизация всего процесса до получения сессии...
 

rwxrwxrwx

Green Team
25.11.2020
114
46
BIT
0
Он показал тебе все эксплоиты для твоей версии,т.е если ссш версии 7.2p2 то он будет показывать все эксплоиты под эту версию,т.е для 7.2p2,для 7.3,для 7.4 и т.д,можешь юзать любой из них,но нужно смотреть что определенный эксплоит делает
так же на экслоиты можно сканить вручную,а можно автоматически,тот же самый скрипт в nmap начинающий скан на уязвимости --script vuln
вручную это делается тоже просто, сделать скан с помощью флага -sV который показвает версии сервисов,к примеру sudo nmap -sV -sC -oN *название файла с результатом скана* *TARGET*
после того как мы узнали версию сервисов запущенных на сервере,просто в ручками ищем уязвимости для сервиса,если например версия ссш 4.4 то можем взять любой эксплоит предназначенный для версии выше 4.4 (для 4.5,4.6 и т.д) и пытаемся эксплуатировать.
 
Мы в соцсетях:

Обучение наступательной кибербезопасности в игровой форме. Начать игру!