用metasploit扫描mssqlserver2000

用的metasploit是4.5.0，安装在fedora 9上面。mssqlserver2000 + sp4安装在XP+sp3上面。关闭xp的防火墙，启动mssqlserver2000，新建SQL Server注册。然后运行metasploit。启动msfconsole要花好20秒左右，第一次不知道，还以为安装错了呢。

[root@localhost app]# pwd
/opt/metasploit-4.5.0/app
[root@localhost app]# msfconsole 


MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMM                MMMMMMMMMM
MMMN$                           vMMMM
MMMNl  MMMMM             MMMMM  JMMMM
MMMNl  MMMMMMMN       NMMMMMMM  JMMMM
MMMNl  MMMMMMMMMNmmmNMMMMMMMMM  JMMMM
MMMNI  MMMMMMMMMMMMMMMMMMMMMMM  jMMMM
MMMNI  MMMMMMMMMMMMMMMMMMMMMMM  jMMMM
MMMNI  MMMMM   MMMMMMM   MMMMM  jMMMM
MMMNI  MMMMM   MMMMMMM   MMMMM  jMMMM
MMMNI  MMMNM   MMMMMMM   MMMMM  jMMMM
MMMNI  WMMMM   MMMMMMM   MMMM#  JMMMM
MMMMR  ?MMNM             MMMMM .dMMMM
MMMMNm `?MMM             MMMM` dMMMMM
MMMMMMN  ?MM             MM?  NMMMMMN
MMMMMMMMNe                 JMMMMMNMMM
MMMMMMMMMMNm,eMMMMMNMMNMM
MMMMNNMNMMMMMNx        MMMMMMNMMNMMNM
MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM



       =[ metasploit v4.5.0-release [core:4.5 api:1.0]
+ -- --=[ 1000 exploits - 624 auxiliary - 168 post
+ -- --=[ 262 payloads - 28 encoders - 8 nops

msf > 

msf > use scanner/mssql/mssql_ping
msf  auxiliary(mssql_ping) > set RHOSTS 192.168.1.109
RHOSTS => 192.168.1.109
msf  auxiliary(mssql_ping) > run

[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf  auxiliary(mssql_ping) > run

[*] SQL Server information for 192.168.1.109:
[+]    ServerName      = 20100617-1003
[+]    InstanceName    = MSSQLSERVER
[+]    IsClustered     = No
[+]    Version         = 8.00.194
[+]    tcp             = 1433
[+]    np              = 20100617-1003pipesqlquery
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf  auxiliary(mssql_ping) > 

要服务器端关闭防火墙才可以扫描到mssqlserver的服务，如果开着防火墙就扫描不到了。

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!