Vulnerability Scanning With Nessus
Vulnerability Scanning With Nessus
Nessus is a proprietary vulnerability scanner developed by Tenable.
We can utilize Nessus to perform a vulnerability scan on a target system, after which, we can import the Nessus results in to MSF for analysis and exploitation.
Nessus automates the process of identifying vulnerabilities and also provides us with information pertinent to a vulnerability like the CVE code.
We can use the free version of Nessus (Nessus Essential), which allows us to scan up to 16 IPs.
使用 Nessus 进行漏洞扫描
使用 Nessus 进行漏洞扫描
Nessus 是由 Tenable 开发的专有漏洞扫描器。
我们可以利用 Nessus 对目标系统进行漏洞扫描,之后我们可以将 Nessus 结果导入 MSF 进行分析和利用。
Nessus 自动执行识别漏洞的过程,并为我们提供与漏洞相关的信息,例如 CVE 代码。
我们可以使用免费版的 Nessus(Nessus Essential),它允许我们最多扫描 16 个 IP。
Lab Environment
For the purposes of demonstrating the vulnerability scanning process, we will be utilizing an intentionally vulnerable virtual machine called Metasploitable3 that is based on Windows Server 2008.
Metasploitable3 was developed by Rapid7 to demonstrate how MSF can be used to perform exploitation of a Windows System.
Instruction on how this VM can be setup can be found here: https://bit.ly/3kASwns
实验室环境
为了演示漏洞扫描过程,我们将使用一个名为 Metasploitable3 的故意易受攻击的虚拟机,该虚拟机基于 Windows Server 2008。
Metasploitable3 由 Rapid7 开发,用于演示如何使用 MSF 执行 Windows 系统的利用。
可以在此处找到有关如何设置此 VM 的说明:https://bit.ly/3kASwns
Video
When it comes down to how Nessus performs vulnerability scanning, it will start off by performing host discovery. So it actually discovers the active hosts on a network. And if we provide a single IP, it will ping the device or the host to see if it’s up. After it has determined that that particular host is up, it will then begin performing port scanning and then grabbing the banners or the service information of all the services that are currently running on the open ports. It then utilizes its database. And this is what separates a manual vulnerability scanning from automated vulnerability scanning, is that pieces of software like Nessus have a vulnerability database that contains a list of services and exact versions and the vulnerabilities or exploits are pertinent to that specific version of the service. So it will then perform a check or a cross-reference between the services that are running on the target and the services that are currently within the vulnerability database and will then discover whether any of these services are vulnerable to a particular exploit, after which it will provide us with the CVE and any reference links that we can use to learn more about the vulnerability. And if there is a Metasploit module available, it will also provide us with that information.
1
2
3
4
chmod +x Nessus-10.0.0-debian6_amd64.deb
sudo dpkg -i Nessus-10.0.0-debian6_amd64.deb
sudo systemctl start nessusd.service
sudo systemctl status nessusd.service
New Scan->Basic Network Scan
1
2
Name: MS3
Targets: 10.10.10.4
Launch an authenticated vulnerability scan, you can provide the credentials here: Credentials.
You can also access or specify specific plugins that you want to utilize for your scan: Plugins.
Settings->DISCOVERY
Settings->ASSESSMENT
Settings->REPORT
Settings->ADVANCED
Save->Launch
Click on the Scan.
Vulnerabilities->Filter
1
Metasploit Exploit Framework->is equal to->true
1
Severity->is equal to->High
Export this report or this particular scan, and then import it into the Metasploit Framework.
Export->Nessus: an XML file.
Ensure that the postgresql database is started, because we’ll be importing the scan results into the database.
1
2
service postgresql start
msfconsole -q
Create a new workspace.
1
workspace -a MS3_Nessus
Import the results. It will give you an idea of all the tools that you can import, or rather the information from any of these tools.
1
db_import
Specify the location where you saved the report, or rather the output from Nessus.
1
db_import /home/kali/Downloads/MS3_fkthix.nessus
1
2
hosts
services
This will give you an idea of all vulnerabilities and their target port rather.
1
vulns
We’re looking for smb, which is port 445.
1
services
Limit the vulnerabilities displayed.
1
vulns -p 445
These are all of the vulnerabilities of that affect this version of SMB that’s running on the target.
How do we utilize this information to obtain exploits?
We can utilize the CVE code for each of these.
Take a look at probably some of the other ports.
1
2
3
vulns -p 80
vulns -p 8080
vulns -p 21
1
vulns
When it comes down to searching for exploit modules within the MSF with a CVE code.
All we need to do is utilize or specify the CVE year.
So if the exploit was released or rather the vulnerability was disclosed in the year 2017, we can copy that.
1
search cve:2017 name:smb
1
2
search cve:2012 name:rdp
search MS12-020
1
2
3
4
5
search cve:2015 name:ManageEngine
use exploit/windows/http/manageengine_connectionid_write
show options
set RHOSTS 10.10.10.4
run
1
2
3
4
sessions
sessions 1
sysinfo
exit
Take a look at Nessus.
1
Filter->Metasploit Exploit Framework->is equal to->true
We can use the results here to identify the various exploits or the exploit modules we can utilize.
For example, if we take a look at this RDP exploit.
1
Microsoft RDP RCE (CVE-2019-0708)(BlueKeep)(uncredentialed check)
1
2
back
search cve:2019 name:rdp
If you can find the exact module name: Exploitable With, you can then copy it directly from here.
1
2
Metasploit (MS12-020 Microsoft Remote Desktop Checker)
Metasploit (PHP CGI Argument Injection)
1
search PHP CGI Argument Injection
Whenver you’re interacting or utilizing the MSF, take advantage of the various third party tools that can be integrated or interpolated with the MSF. And examples of that are Nessus, Nmap, so on and so forth.
You should be familiar with how to essentially get the Nessus Essentials installed on Kali Linux, and then how to set it up, and how to use it to perform a vulnerability scan. And then how to export the results from a vulnerability scan, and then import them into the MSF database. And then how to sort through all of that data and find the vulnerabilities, or how to find the exploit codes for the specific vulnerabilities.
1
2
3
hosts
services
vulns
You can also utilize the Nessus Web Interface to find the exact MSF module names during exploitation.
Home Lab
Environment: Microsoft Windows Server 2008 R2 Standard Target: 192.168.248.133
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
┌──(root㉿kali)-[~]
└─# systemctl start nessusd.service
┌──(root㉿kali)-[~]
└─# systemctl status nessusd.service
● nessusd.service - The Nessus Vulnerability Scanner
Loaded: loaded (/lib/systemd/system/nessusd.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2023-01-09 22:32:07 EST; 15s ago
Main PID: 10189 (nessus-service)
Tasks: 16 (limit: 2283)
Memory: 1023.4M
CPU: 20.492s
CGroup: /system.slice/nessusd.service
├─10189 /opt/nessus/sbin/nessus-service -q
└─10191 nessusd -q
Jan 09 22:32:07 kali systemd[1]: Started The Nessus Vulnerability Scanner.
Jan 09 22:32:17 kali nessus-service[10191]: Cached 251 plugin libs in 100msec
Jan 09 22:32:17 kali nessus-service[10191]: Cached 251 plugin libs in 39msec
1
2
3
4
5
6
7
8
9
┌──(root㉿kali)-[~]
└─# /opt/nessus/sbin/nessuscli lsuser
kali
┌──(root㉿kali)-[~]
└─# /opt/nessus/sbin/nessuscli chpasswd kali
New password:
New password (again):
Password changed for kali
1
/root/Downloads/MS3_lkffvk.nessus
1
2
3
msf6 > workspace -a MS3_Nessus
[*] Added workspace: MS3_Nessus
[*] Workspace: MS3_Nessus
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Usage: db_import <filename> [file2...]
Filenames can be globs like *.xml, or **/*.xml which will search recursively
Currently supported file types include:
Acunetix
Amap Log
Amap Log -m
Appscan
Burp Session XML
Burp Issue XML
CI
Foundstone
FusionVM XML
Group Policy Preferences Credentials
IP Address List
IP360 ASPL
IP360 XML v3
Libpcap Packet Capture
Masscan XML
Metasploit PWDump Export
Metasploit XML
Metasploit Zip Export
Microsoft Baseline Security Analyzer
NeXpose Simple XML
NeXpose XML Report
Nessus NBE Report
Nessus XML (v1)
Nessus XML (v2)
NetSparker XML
Nikto XML
Nmap XML
OpenVAS Report
OpenVAS XML
Outpost24 XML
Qualys Asset XML
Qualys Scan XML
Retina XML
Spiceworks CSV Export
Wapiti XML
1
2
3
4
msf6 > db_import /root/Downloads/MS3_lkffvk.nessus
[*] Importing 'Nessus XML (v2)' data
[*] Importing host 192.168.248.133
[*] Successfully imported /root/Downloads/MS3_lkffvk.nessus
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
msf6 > hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
192.168.248.133 00:0c:29:f7:9e:3f 192.168.248.133 Windows 2008 server
msf6 > services
Services
========
host port proto name state info
---- ---- ----- ---- ----- ----
192.168.248.133 135 tcp epmap open
192.168.248.133 137 udp netbios-ns open
192.168.248.133 139 tcp smb open
192.168.248.133 445 tcp cifs open
192.168.248.133 3389 tcp open
192.168.248.133 5355 udp llmnr open
192.168.248.133 49152 tcp dce-rpc open
192.168.248.133 49153 tcp dce-rpc open
192.168.248.133 49154 tcp dce-rpc open
192.168.248.133 49155 tcp dce-rpc open
192.168.248.133 49156 tcp dce-rpc open
192.168.248.133 49157 tcp dce-rpc open
192.168.248.133 49158 tcp dce-rpc open
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
msf6 > vulns
Vulnerabilities
===============
Timestamp Host Name References
--------- ---- ---- ----------
2023-01-10 04:39:32 UTC 192.168.248.133 OS Security Patch Assessment Not Available IAVB-0001-B-0515,NSS-117886
2023-01-10 04:39:32 UTC 192.168.248.133 Nessus Scan Information NSS-19506
2023-01-10 04:39:32 UTC 192.168.248.133 Common Platform Enumeration (CPE) NSS-45590
2023-01-10 04:39:32 UTC 192.168.248.133 Target Credential Status by Authentication Protocol - No Credentials Pr IAVB-0001-B-0504,NSS-110723
ovided
2023-01-10 04:39:32 UTC 192.168.248.133 MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) ( CVE-2016-0128,BID-86002,MSFT-MS16-047,CERT-813296,IAVA-2016-A-0093,MSKB-
Badlock) (uncredentialed check) 3148527,MSKB-3149090,MSKB-3147461,MSKB-3147458,NSS-90510
2023-01-10 04:39:32 UTC 192.168.248.133 Device Type NSS-54615
2023-01-10 04:39:32 UTC 192.168.248.133 MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (E CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CV
TERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaC E-2017-0148,BID-96703,BID-96704,BID-96705,BID-96706,BID-96707,BID-96709,
ry) (EternalRocks) (Petya) (uncredentialed check) EDB-ID-41891,EDB-ID-41987,MSFT-MS17-010,IAVA-2017-A-0065,MSKB-4012212,MS
KB-4012213,MSKB-4012214,MSKB-4012215,MSKB-4012216,MSKB-4012217,MSKB-4012
606,MSKB-4013198,MSKB-4013429,MSKB-4012598,CISA-KNOWN-EXPLOITED-2022/05/
03,CISA-KNOWN-EXPLOITED-2022/08/10,CISA-KNOWN-EXPLOITED-2022/04/15,CISA-
KNOWN-EXPLOITED-2022/04/27,CISA-KNOWN-EXPLOITED-2022/06/14,MSF-SMB DOUBL
EPULSAR Remote Code Execution,NSS-97833
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Cipher Block Chaining Cipher Suites Supported NSS-70544
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Session Resume Supported NSS-51891
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Medium Strength Cipher Suites Supported (SWEET32) CVE-2016-2183,NSS-42873
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Perfect Forward Secrecy Cipher Suites Supported NSS-57041
2023-01-10 04:39:33 UTC 192.168.248.133 SSL/TLS Recommended Cipher Suites NSS-156899
2023-01-10 04:39:33 UTC 192.168.248.133 SSL RC4 Cipher Suites Supported (Bar Mitzvah) CVE-2013-2566,CVE-2015-2808,BID-58796,BID-73684,NSS-65821
2023-01-10 04:39:33 UTC 192.168.248.133 TLS Version 1.0 Protocol Detection NSS-104743
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Cipher Suites Supported NSS-21643
2023-01-10 04:39:33 UTC 192.168.248.133 Unsupported Windows OS (remote) IAVA-0001-A-0501,NSS-108797
2023-01-10 04:39:33 UTC 192.168.248.133 OS Identification NSS-11936
2023-01-10 04:39:33 UTC 192.168.248.133 Ethernet Card Manufacturer Detection NSS-35716
2023-01-10 04:39:33 UTC 192.168.248.133 VMware Virtual Machine Detection NSS-20094
2023-01-10 04:39:33 UTC 192.168.248.133 Ethernet MAC Addresses NSS-86420
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Self-Signed Certificate NSS-57582
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Certificate Cannot Be Trusted NSS-51192
2023-01-10 04:39:33 UTC 192.168.248.133 Microsoft Windows SMB NativeLanManager Remote System Information Disclo NSS-10785
sure
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Certificate Signed Using Weak Hashing Algorithm CVE-2004-2761,BID-11849,BID-33065,CERT-836068,CWE-310,NSS-35291
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Certificate Information NSS-10863
2023-01-10 04:39:33 UTC 192.168.248.133 SSL / TLS Versions Supported NSS-56984
2023-01-10 04:39:33 UTC 192.168.248.133 Terminal Services Use SSL/TLS NSS-64814
2023-01-10 04:39:33 UTC 192.168.248.133 SMB Signing not required NSS-57608
2023-01-10 04:39:33 UTC 192.168.248.133 Traceroute Information NSS-10287
2023-01-10 04:39:33 UTC 192.168.248.133 TCP/IP Timestamps Supported NSS-25220
2023-01-10 04:39:33 UTC 192.168.248.133 Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check) NSS-106716
2023-01-10 04:39:33 UTC 192.168.248.133 Link-Local Multicast Name Resolution (LLMNR) Detection NSS-53513
2023-01-10 04:39:33 UTC 192.168.248.133 ICMP Timestamp Request Remote Date Disclosure CVE-1999-0524,CWE-200,NSS-10114
2023-01-10 04:39:33 UTC 192.168.248.133 Server Message Block (SMB) Protocol Version 1 Enabled (uncredentialed c IAVT-0001-T-0710,NSS-96982
heck)
2023-01-10 04:39:33 UTC 192.168.248.133 Microsoft Windows SMB Versions Supported (remote check) NSS-100871
2023-01-10 04:39:33 UTC 192.168.248.133 Nessus Windows Scan Not Performed with Admin Privileges IAVB-0001-B-0505,NSS-24786
2023-01-10 04:39:33 UTC 192.168.248.133 WMI Not Available NSS-135860
2023-01-10 04:39:33 UTC 192.168.248.133 Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Regis IAVB-0001-B-0506,NSS-26917
try
2023-01-10 04:39:33 UTC 192.168.248.133 Nessus SYN scanner NSS-11219
2023-01-10 04:39:33 UTC 192.168.248.133 Nessus SYN scanner NSS-11219
2023-01-10 04:39:33 UTC 192.168.248.133 Nessus SYN scanner NSS-11219
2023-01-10 04:39:33 UTC 192.168.248.133 Nessus SYN scanner NSS-11219
2023-01-10 04:39:33 UTC 192.168.248.133 Windows NetBIOS / SMB Remote Host Information Disclosure NSS-10150
2023-01-10 04:39:33 UTC 192.168.248.133 DCE Services Enumeration NSS-10736
2023-01-10 04:39:33 UTC 192.168.248.133 DCE Services Enumeration NSS-10736
2023-01-10 04:39:33 UTC 192.168.248.133 DCE Services Enumeration NSS-10736
2023-01-10 04:39:33 UTC 192.168.248.133 DCE Services Enumeration NSS-10736
2023-01-10 04:39:33 UTC 192.168.248.133 DCE Services Enumeration NSS-10736
2023-01-10 04:39:33 UTC 192.168.248.133 DCE Services Enumeration NSS-10736
2023-01-10 04:39:33 UTC 192.168.248.133 DCE Services Enumeration NSS-10736
2023-01-10 04:39:33 UTC 192.168.248.133 DCE Services Enumeration NSS-10736
2023-01-10 04:39:33 UTC 192.168.248.133 DCE Services Enumeration NSS-10736
2023-01-10 04:39:33 UTC 192.168.248.133 Microsoft Windows SMB Service Detection NSS-11011
2023-01-10 04:39:33 UTC 192.168.248.133 Microsoft Windows SMB Service Detection NSS-11011
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
msf6 > vulns -p 445
Vulnerabilities
===============
Timestamp Host Name References
--------- ---- ---- ----------
2023-01-10 04:39:32 UTC 192.168.248.133 MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (E CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CV
TERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaC E-2017-0148,BID-96703,BID-96704,BID-96705,BID-96706,BID-96707,BID-96709,
ry) (EternalRocks) (Petya) (uncredentialed check) EDB-ID-41891,EDB-ID-41987,MSFT-MS17-010,IAVA-2017-A-0065,MSKB-4012212,MS
KB-4012213,MSKB-4012214,MSKB-4012215,MSKB-4012216,MSKB-4012217,MSKB-4012
606,MSKB-4013198,MSKB-4013429,MSKB-4012598,CISA-KNOWN-EXPLOITED-2022/05/
03,CISA-KNOWN-EXPLOITED-2022/08/10,CISA-KNOWN-EXPLOITED-2022/04/15,CISA-
KNOWN-EXPLOITED-2022/04/27,CISA-KNOWN-EXPLOITED-2022/06/14,MSF-SMB DOUBL
EPULSAR Remote Code Execution,NSS-97833
2023-01-10 04:39:33 UTC 192.168.248.133 Microsoft Windows SMB NativeLanManager Remote System Information Disclo NSS-10785
sure
2023-01-10 04:39:33 UTC 192.168.248.133 SMB Signing not required NSS-57608
2023-01-10 04:39:33 UTC 192.168.248.133 Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check) NSS-106716
2023-01-10 04:39:33 UTC 192.168.248.133 Server Message Block (SMB) Protocol Version 1 Enabled (uncredentialed c IAVT-0001-T-0710,NSS-96982
heck)
2023-01-10 04:39:33 UTC 192.168.248.133 Microsoft Windows SMB Versions Supported (remote check) NSS-100871
2023-01-10 04:39:33 UTC 192.168.248.133 WMI Not Available NSS-135860
2023-01-10 04:39:33 UTC 192.168.248.133 Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Regis IAVB-0001-B-0506,NSS-26917
try
2023-01-10 04:39:33 UTC 192.168.248.133 Nessus SYN scanner NSS-11219
2023-01-10 04:39:33 UTC 192.168.248.133 DCE Services Enumeration NSS-10736
2023-01-10 04:39:33 UTC 192.168.248.133 Microsoft Windows SMB Service Detection NSS-11011
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
msf6 > vulns -p 3389
Vulnerabilities
===============
Timestamp Host Name References
--------- ---- ---- ----------
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Cipher Block Chaining Cipher Suites Supported NSS-70544
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Session Resume Supported NSS-51891
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Medium Strength Cipher Suites Supported (SWEET32) CVE-2016-2183,NSS-42873
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Perfect Forward Secrecy Cipher Suites Supported NSS-57041
2023-01-10 04:39:33 UTC 192.168.248.133 SSL/TLS Recommended Cipher Suites NSS-156899
2023-01-10 04:39:33 UTC 192.168.248.133 SSL RC4 Cipher Suites Supported (Bar Mitzvah) CVE-2013-2566,CVE-2015-2808,BID-58796,BID-73684,NSS-65821
2023-01-10 04:39:33 UTC 192.168.248.133 TLS Version 1.0 Protocol Detection NSS-104743
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Cipher Suites Supported NSS-21643
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Self-Signed Certificate NSS-57582
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Certificate Cannot Be Trusted NSS-51192
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Certificate Signed Using Weak Hashing Algorithm CVE-2004-2761,BID-11849,BID-33065,CERT-836068,CWE-310,NSS-35291
2023-01-10 04:39:33 UTC 192.168.248.133 SSL Certificate Information NSS-10863
2023-01-10 04:39:33 UTC 192.168.248.133 SSL / TLS Versions Supported NSS-56984
2023-01-10 04:39:33 UTC 192.168.248.133 Terminal Services Use SSL/TLS NSS-64814
2023-01-10 04:39:33 UTC 192.168.248.133 Nessus SYN scanner NSS-11219
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
msf6 > search cve:2017 name:smb
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/windows/smb/ms17_010_eternalblue 2017-03-14 average Yes MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
1 exploit/windows/smb/ms17_010_psexec 2017-03-14 normal Yes MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
2 auxiliary/admin/smb/ms17_010_command 2017-03-14 normal No MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
3 auxiliary/scanner/smb/smb_ms17_010 normal No MS17-010 SMB RCE Detection
4 exploit/windows/smb/smb_doublepulsar_rce 2017-04-14 great Yes SMB DOUBLEPULSAR Remote Code Execution
Interact with a module by name or index. For example info 4, use 4 or use exploit/windows/smb/smb_doublepulsar_rce
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
msf6 > search MS17-010
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/windows/smb/ms17_010_eternalblue 2017-03-14 average Yes MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
1 exploit/windows/smb/ms17_010_psexec 2017-03-14 normal Yes MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
2 auxiliary/admin/smb/ms17_010_command 2017-03-14 normal No MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
3 auxiliary/scanner/smb/smb_ms17_010 normal No MS17-010 SMB RCE Detection
4 exploit/windows/smb/smb_doublepulsar_rce 2017-04-14 great Yes SMB DOUBLEPULSAR Remote Code Execution
Interact with a module by name or index. For example info 4, use 4 or use exploit/windows/smb/smb_doublepulsar_rce
1
2
3
4
5
6
7
8
9
10
11
msf6 > search SMB DOUBLEPULSAR Remote Code Execution
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/windows/smb/smb_doublepulsar_rce 2017-04-14 great Yes SMB DOUBLEPULSAR Remote Code Execution
Interact with a module by name or index. For example info 0, use 0 or use exploit/windows/smb/smb_doublepulsar_rce
