Post-infiltration buffer overflow experiment

Enterprise 2023-05-05 06:24:25 views: null

Table of contents

1. Experimental project name

2. The purpose of the experiment

3. Experimental content

4. Experimental environment

5. Experimental steps

6. Experimental results 

7. Experimental summary 

1. Experimental project name

Post-infiltration buffer overflow experiment

2. The purpose of the experiment

1. Master the usage of metasploit framework

2. Master the exploit method of "Eternal Blue" vulnerability

3. Experimental content

By continuing to scan the intranet, we found a Windows host with port 445 open, and used the metasploit framework to exploit the "Eternal Blue" vulnerability on the target to obtain the system privileges of the target host.

4. Experimental environment

1. Experimental platform: CSIITR platform

2. Experiment target: 172.18.206.15 X

3.工具:kali、proxychains、metasploit framework

5. Experimental steps

1. Continue to detect the intranet to find out if there are still targets

 

 

2. Find the target host, use the nmap vulnerability script to scan and detect whether there is a vulnerability in the target target machine, and there is an eternal blue vulnerability

 

3. Use the Eternal Blue exploit module in msf to perform a penetration test on the target machine 

 

6. Experimental results 

In this experiment, the name of the vulnerability module selected in the Metasploit framework is:

windows/smb/ms17_010_eternalblue

After successfully exploiting the vulnerability, the authority to obtain the target server is:

SYSTEM

Take a screenshot of the target server, write the command used, and paste the screenshot below:

testified

7. Experimental summary 

1. What is a buffer overflow vulnerability?

The principle of the buffer overflow vulnerability is that the process does not check the validity of the length of the data when storing temporary data, resulting in some important data in the memory being overwritten. "Buffer" refers to a section of memory used to save temporary data in the process, which can be divided into stack buffer and heap buffer. Attacks on buffer overflow vulnerabilities will lead to consequences such as process death, system downtime, and host restart.

2. What is the scope of the "Eternal Blue" vulnerability? (Please describe the scope of impact in terms of operating system, kernel version, etc.)

Windows XP、 Windows Server 2003. Windows Vista、Windows Server 2008、 Windows 7. Windows Server2008 R2、Windows 8.1、Windows Server 2012. Windows10、Windows Server 2012 R2、Windows Server 2016

3. How to defend against the "Eternal Blue" vulnerability?

1. Disable the SMB1 protocol

2. Open Windows Update, or manually install the patch

3. Use a firewall to block connections to port 445, or use inbound/outbound rules to block connections to port 445

4. Do not open unfamiliar files at will

5. Install anti-virus software and update the virus database in time

Supongo que te gusta

Origin blog.csdn.net/xiongIT/article/details/129473348
Recomendado
Clasificación
Diario
Más
2024-05-29(1)
2024-05-28(0)
2024-05-27(1)
2024-05-26(1)
2024-05-25(0)
2024-05-24(13)
2024-05-23(34)
2024-05-22(10)
2024-05-21(34)
2024-05-20(5)

Code World

© 2018 codetd.com