使用kali下的msf对windows 2003进行测试

使用kali下的msf对windows 2003进行测试

测试环境：

windows 2003 192.168.145.132

kali: 192.168.145.146

使用kali查看windows2003下开放的端口以及对应端口是否存在漏洞：

nmap --script=vuln 192.168.145.132

root@kali:~# nmap --script=vuln 192.168.145.132

Starting Nmap 7.70 ( https://nmap ) at 2019-07-01 23:26 EDT

Nmap scan report for bogon (192.168.145.132)

Host is up (0.0033s latency).

Not shown: 993 closed ports

PORT     STATE SERVICE

21/tcp   open  ftp

|_sslv2-drown:

80/tcp   open  http

|_http-csrf: Couldn't find any CSRF vulnerabilities.

|_http-dombased-xss: Couldn't find any DOM based XSS.

| http-enum:

|_  /robots.txt: Robots file

|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

1025/tcp open  NFS-or-IIS

1027/tcp open  IIS

MAC Address: 00:0C:29:3E:BE:DF (VMware)


Host script results:

| smb-vuln-ms08-067:

|   VULNERABLE:

|   Microsoft Windows system vulnerable to remote code execution (MS08-067)

|     State: VULNERABLE

|     IDs:  CVE:CVE-2008-4250

|           The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2,

|           Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary

|           code via a crafted RPC request that triggers the overflow during path canonicalization.

|           

|     Disclosure date: 2008-10-23

|     References:

|       https://cve.mitre/cgi-bin/cvename.cgi?name=CVE-2008-4250

|_      https://technet.microsoft/en-us/library/security/ms08-067.aspx

|_smb-vuln-ms10-054: false

|