metasploit 모듈을 이용한 네트워크 스캔

칼리 리눅스 또는 백트랙에서 진행합니다.

metasploit 홈페이지

SMB 버전 스캐너

1. msfconsole 실행

A database appears to be already configured, skipping initialization
                                                  

                 _---------.
             .' #######   ;."
  .---,.    ;@             @@`;   .---,..
." @@@@@'.,'@@            @@@@@',.'@@@@ ".
'-.@@@@@@@@@@@@@          @@@@@@@@@@@@@ @;
   `.@@@@@@@@@@@@        @@@@@@@@@@@@@@ .'
     "--'.@@@  -.@        @ ,'-   .'--"
          ".@' ; @       @ `.  ;'
            |@@@@ @@@     @    .
             ' @@@ @@   @@    ,
              `.@@@@    @@   .
                ',@@     @   ;           _____________
                 (   3 C    )     /|___ / Metasploit! \
                 ;@'. __*__,."    \|--- \_____________/
                  '(.,...."/


Frustrated with proxy pivoting? Upgrade to layer-2 VPN pivoting with
Metasploit Pro -- learn more on http://rapid7.com/metasploit

       =[ metasploit v4.11.5-2016010401                   ]
+ -- --=[ 1517 exploits - 875 auxiliary - 257 post        ]
+ -- --=[ 437 payloads - 37 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

msf >

2. smb_version 모듈 사용
 . auxiliary/scanner/smb/smb_version 사용 선택

msf > use auxiliary/scanner/smb/smb_version 
msf auxiliary(smb_version) > show options

Module options (auxiliary/scanner/smb/smb_version):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   RHOSTS                      yes       The target address range or CIDR identifier
   SMBDomain  .                no        The Windows domain to use for authentication
   SMBPass                     no        The password for the specified username
   SMBUser                     no        The username to authenticate as
   THREADS    1                yes       The number of concurrent threads

msf auxiliary(smb_version) >

3. 스캔 할 네트워크 대역 설정 
 . rhosts 에 검색할 대역 1-255 (/24) 

msf auxiliary(smb_version) > set rhosts 200.200.200.1-255
rhosts => 200.200.200.1-255
msf auxiliary(smb_version) > thread 10
[-] Unknown command: thread.

4. 스캔 실행

msf auxiliary(smb_version) > run

[*] 200.200.200.3:445 is running Windows 7 Enterprise SP1 (build:7601) (name:VMW7-PC) (domain:WORKGROUP)
[*] Scanned  26 of 255 hosts (10% complete)
[*] 200.200.200.44:445 is running Windows XP SP3 (language:Korean) (name:KJK-9EB673B1C66) (domain:KJK-9EB673B1C66)
[*] Scanned  51 of 255 hosts (20% complete)
[*] Scanned  77 of 255 hosts (30% complete)
[*] Scanned 102 of 255 hosts (40% complete)
[*] Scanned 128 of 255 hosts (50% complete)
[*] Scanned 153 of 255 hosts (60% complete)
[*] Scanned 179 of 255 hosts (70% complete)
[*] Scanned 204 of 255 hosts (80% complete)
[*] Scanned 230 of 255 hosts (90% complete)
[*] Scanned 255 of 255 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(smb_version) >