ubuntu 安装MFS以及简单使用

参考文章：https://zhuanlan.zhihu.com/p/387455070

1.安装MSF

使用官方的脚本：（推荐）

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \chmod 755 msfinstall && \./msfinstall

如果不行，可以使用手动安装，进入参考文章里看。

2.安装并连接数据库postgres

我的本地已经有数据库了，直接连接即可

开启数据库：

pg_ctl start

更新一下MSF：

sudo msfupdate

启动MSF

msfconsole 

连接数据库：（自己根据用户名密码数据库进行修改）

db_connect postgres:hehehe@127.0.0.1/test //用户名，密码，地址，自己随意编造的名字。

查看数据库的状态：

db_status //查看数据库连接状态 

msf6 > db_status
[*] Connected to blogs. Connection type: postgresql.

简单使用：

测试是否可以访问目标机器：

ping 192.168.174.129

ping 192.168.174.129
[*] exec: ping 192.168.174.129
PING 192.168.174.129 (192.168.174.129) 56(84) bytes of data.
^C
--- 192.168.174.129 ping statistics ---
19 packets transmitted, 0 received, 100% packet loss, time 18412ms

根据漏洞的编号进行搜索：

search ms17_010
msf6 > search ms17_010
Matching Modules
================
   #  Name                                      Disclosure Date  Rank     Check  Description
   -  ----                                      ---------------  ----     -----  -----------
   0  exploit/windows/smb/ms17_010_eternalblue  2017-03-14       average  Yes    MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
   1  exploit/windows/smb/ms17_010_psexec       2017-03-14       normal   Yes    MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
   2  auxiliary/admin/smb/ms17_010_command      2017-03-14       normal   No     MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
   3  auxiliary/scanner/smb/smb_ms17_010                         normal   No     MS17-010 SMB RCE Detection
Interact with a module by name or index. For example info 3, use 3 or use auxiliary/scanner/smb/smb_ms17_010

搜索某年的漏洞：

msf6 > search cve-2023

Matching Modules
================
   #   Name                                                                                Disclosure Date  Rank       Check  Description
   -   ----                                                                                ---------------  ----       -----  -----------
   0   auxiliary/gather/adobe_coldfusion_fileread_cve_2023_26360                                            normal     No     Adobe ColdFusion Unauthenticated Arbitrary File Read
   1   exploit/multi/http/adobe_coldfusion_rce_cve_2023_26360                              2023-03-14       excellent  Yes    Adobe ColdFusion Unauthenticated Remote Code Execution
   2   exploit/windows/local/cve_2023_21768_afd_lpe                                        2023-01-10       excellent  Yes    Ancillary Function Driver (AFD) for WinSock Elevation of Privilege
   3   exploit/multi/misc/apache_activemq_rce_cve_2023_46604                               2023-10-27       excellent  Yes    Apache ActiveMQ Unauthenticated Remote Code Execution
   4   exploit/multi/http/apache_druid_cve_2023_25194                                      2023-02-07       excellent  Yes    Apache Druid JNDI Injection RCE
   5   exploit/linux/http/apache_nifi_h2_rce                                               2023-06-12       excellent  Yes    Apache NiFi H2 Connection String Remote Code Execution
...
   61  exploit/linux/http/vmware_vrni_rce_cve_2023_20887                                   2023-06-07       excellent  Yes    VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE
   62  exploit/windows/fileformat/winrar_cve_2023_38831                                    2023-08-23       excellent  No     WinRAR CVE-2023-38831 Exploit
   63  exploit/windows/local/cve_2023_28252_clfs_driver                                    2023-04-11       good       Yes    Windows Common Log File System Driver (clfs.sys) Elevation of Privilege Vulnerability
   64  exploit/multi/http/wp_royal_elementor_addons_rce                                    2023-11-23       excellent  Yes    WordPress Royal Elementor Addons RCE
   65  exploit/multi/http/wp_plugin_fma_shortcode_unauth_rce                               2023-05-31       excellent  Yes    Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode
   66  auxiliary/scanner/http/wp_paid_membership_pro_code_sqli                             2023-01-12       normal     Yes    Wordpress Paid Membership Pro code Unauthenticated SQLi
   67  auxiliary/scanner/http/wp_woocommerce_payments_add_user                             2023-03-22       normal     Yes    Wordpress Plugin WooCommerce Payments Unauthenticated Admin Creation
   68  exploit/unix/webapp/zoneminder_snapshots                                            2023-02-24       excellent  Yes    ZoneMinder Snapshots Command Injection
   69  exploit/linux/misc/zyxel_ike_decoder_rce_cve_2023_28771                             2023-03-31       great      Yes    Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution
   70  exploit/linux/misc/zyxel_multiple_devices_zhttp_lan_rce                             2022-02-01       good       Yes    Zyxel Unauthenticated LAN Remote Code Execution
   71  exploit/linux/http/zyxel_lfi_unauth_ssh_rce                                         2022-02-01       excellent  Yes    Zyxel chained RCE using LFI and weak password derivation algorithm
   72  exploit/aix/local/invscout_rpm_priv_esc                                             2023-04-24       excellent  Yes    invscout RPM Privilege Escalation
   73  auxiliary/gather/owncloud_phpinfo_reader                                            2023-11-21       normal     No     ownCloud Phpinfo Reader
   74  exploit/unix/http/pfsense_config_data_exec                                          2023-03-18       excellent  Yes    pfSense Restore RRD Data Command Injection
   75  exploit/linux/http/pyload_js2py_exec                                                2023-01-13       excellent  Yes    pyLoad js2py Python Execution
Interact with a module by name or index. For example info 75, use 75 or use exploit/linux/http/pyload_js2py_exec