msf中mssql扫描以及漏洞利用模块

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了msf中mssql扫描以及漏洞利用模块相关的知识,希望对你有一定的参考价值。

auxiliary/admin/mssql/mssql_enum       normal     Microsoft SQL Server Configuration Enumerator

auxiliary/admin/mssql/mssql_enum_domain_accounts     normal     Microsoft SQL Server SUSER_SNAME Windows Domain Account Enumeration

auxiliary/admin/mssql/mssql_enum_domain_accounts_sqli Microsoft SQL Server SQLi SUSER_SNAME Windows Domain Account Enumeration

auxiliary/admin/mssql/mssql_enum_sql_logins    normal     Microsoft SQL Server SUSER_SNAME SQL Logins Enumeration

auxiliary/admin/mssql/mssql_escalate_dbowner   normal     Microsoft SQL Server Escalate Db_Owner

auxiliary/admin/mssql/mssql_escalate_dbowner_sqli    normal     Microsoft SQL Server SQLi Escalate Db_Owner

auxiliary/admin/mssql/mssql_escalate_execute_as      normal     Microsoft SQL Server Escalate EXECUTE AS

auxiliary/admin/mssql/mssql_escalate_execute_as_sqli normal     Microsoft SQL Server SQLi Escalate Execute AS

auxiliary/admin/mssql/mssql_exec   normal     Microsoft SQL Server xp_cmdshell Command Execution

auxiliary/admin/mssql/mssql_findandsampledata  normal     Microsoft SQL Server Find and Sample Data

auxiliary/admin/mssql/mssql_idf    normal     Microsoft SQL Server Interesting Data Finder

auxiliary/admin/mssql/mssql_ntlm_stealer       normal     Microsoft SQL Server NTLM Stealer

auxiliary/admin/mssql/mssql_ntlm_stealer_sqli  normal     Microsoft SQL Server SQLi NTLM Stealer

auxiliary/admin/mssql/mssql_sql    normal     Microsoft SQL Server Generic Query

auxiliary/admin/mssql/mssql_sql_file     normal     Microsoft SQL Server Generic Query from File

auxiliary/analyze/jtr_mssql_fast   normal     John the Ripper MS SQL Password Cracker (Fast Mode)

auxiliary/gather/lansweeper_collector    normal     Lansweeper Credential Collector

auxiliary/scanner/mssql/mssql_hashdump   normal     MSSQL Password Hashdump

auxiliary/scanner/mssql/mssql_login      normal     MSSQL Login Utility

auxiliary/scanner/mssql/mssql_ping       normal     MSSQL Ping Utility

auxiliary/scanner/mssql/mssql_schemadump       normal     MSSQL Schema Dump

auxiliary/server/capture/mssql     normal     Authentication Capture: MSSQL

exploit/windows/iis/msadc    excellent  MS99-025 Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution

exploit/windows/mssql/lyris_listmanager_weak_pass   2005-12-08 excellent  Lyris ListManager MSDE Weak sa Password

exploit/windows/mssql/ms02_039_slammer    2002-07-24 good MS02-039 Microsoft SQL Server Resolution Overflow

exploit/windows/mssql/ms02_056_hello    2002-08-05 good MS02-056 Microsoft SQL Server Hello Overflow

exploit/windows/mssql/ms09_004_sp_replwritetovarbin 2008-12-09 good MS09-004 Microsoft SQL Server sp_replwritetovarbin Memory Corruption

exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli  2008-12-09 excellent  MS09-004 Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection

exploit/windows/mssql/mssql_clr_payload 1999-01-01 excellent  Microsoft SQL Server Clr Stored Procedure Payload Execution

exploit/windows/mssql/mssql_linkcrawler 2000-01-01 great      Microsoft SQL Server Database Link Crawling Command Execution

exploit/windows/mssql/mssql_payload 2000-05-30      excellent  Microsoft SQL Server Payload Execution

exploit/windows/mssql/mssql_payload_sqli       2000-05-30 excellent  Microsoft SQL Server Payload Execution via SQL Injection

post/windows/gather/credentials/mssql_local_hashdump normal     Windows Gather Local SQL Server Hash Dump

post/windows/manage/mssql_local_auth_bypass    normal     Windows Manage Local Microsoft SQL Server Authorization Bypass


以上是关于msf中mssql扫描以及漏洞利用模块的主要内容,如果未能解决你的问题,请参考以下文章

黑客入门之漏洞复现——MSF中Jboss模块直接利用

利用kali查找网站漏洞教学

MSF基本操作流程

ms17010漏洞的简单利用

漏洞利用渗透框架MSF&CS&Ladon&特定脚本

利用MSF的MS08_067模块攻击windows server 2003 SP2中文版系统