本地搭建环境:
宿主机Kali:192.168.43.209
虚拟机VirtualBox:
网络:桥接网络,使虚拟机和宿主机保持在一个网段 192.168.43.129
系统:win10专业版(Windows 10 Enterprise LTSC)
Responder
Python2
pip2
模拟
该实验需要依赖于Windows系统的WinRM远程服务,所以需要先开启服务
验证winrm服务是否开启
winrm e winrm/config/listener
配置远程连接(校验方式设置为Basic)
设置认证方式
winrm set winrm/config/service/auth "@{Basic="true"}"
否则会报错
raise InvalidCredentialsError("the specified credentials were rejected by the server")
winrm.exceptions.InvalidCredentialsError: the specified credentials were rejected by the server
允许远程连接
winrm set winrm/config/service "@{AllowUnencrypted="true"}"
开启服务(这块儿注意报错信息,winrm需要在专用网络中运行,如果是公网则报错,启动失败)
winrm quickconfig
kali远程访问,注意 一切python脚本运行在pyhton2
版本下,同时在sudo
下运行,否则在python2和python3共存的环境下安装包可能有问题
sudo pip2 install pywinrm
运行脚本
cd ch10
python2 ghwinrm.py -c -U fly%123456 -t 192.168.43.129 whoami