关联漏洞
标题:
Microsoft Windows SMB 输入验证错误漏洞
(CVE-2017-0144)
描述:Microsoft Windows和Microsoft Windows Server都是美国微软(Microsoft)公司的产品。Microsoft Windows是一套个人设备使用的操作系统。Microsoft Windows Server是一套服务器操作系统。Server Message Block(SMB)Server是其中的一个为计算机提供身份验证用以访问服务器上打印机和文件系统的组件。 Microsoft Windows中的SMBv1服务器存在远程代码执行漏洞。远程攻击者可借助特制的数据包利用该
介绍
# CVE-2017-0144---EtneralBlue-MS17-010-Remote-Code-Execution
The attacker machine is Kali Linux and Windows Server 2008 R2 as the target machine.
Import the windows 2008 R2 Server from the given https://drive.google.com/drive/folders/146ViggeQl0pSpzotcAhpd3h9UP7fFOxJ?usp=sharing into your virtual box and set the network to bridge adaptor.
**Follow the below steps inorder to exploit the vulnerability.**
<b>Step 1:</b> Checking the attacker machine Ip address and it has been confirmed as 192.168.29.58.
<b>Step 2:</b> Using the Advanced IP Scanner we are scanning the entire network to find the Windows Server 2008 R2.
<b>Step 3:</b> checking whether the target machine is reachable or not using a ping command and it has been confirmed the target system is reachable.
<b>Step 4:</b> With the help of Nmap tool we are checking the service and version detection using -sC / -sV.
<b>Step 5:</b> We can use Nmap as an alternative to the Metasploit scanner to discover if a target is vulnerable to EternalBlue. The Nmap Scripting Engine is a powerful feature of the core tool that allows all kinds of scripts to run against a target.
Here, we'll be using the smb-vuln-ms17-010 script to check for the vulnerability. We can specify a single script to run with the --script option, along with our target's IP address.
Nmap will start running and shouldn't take too long since we are only running one script. At the bottom of the output, we'll find the results.
<b>Step 6:</b> Use the search command within Metasploit to locate a suitable module to use.
Once we have determined that our target is indeed vulnerable to EternalBlue, we can use the following exploit module from the search we just did.
<b>Step 7:</b> We can take a look at the current settings with the show options command. Then set rhosts IP which is fixing the target IP to attack. That should be everything, so the only thing left to do is launch the exploit. Use the Exploit command to fire it off.
<b>Step 8:</b> We see a few things happen here, like the SMB connection being established and the exploit packet being sent. At last, we see a "WIN" session is opened.
<b>Step 9:</b> We can verify that we have compromised the target by running commands such as ipconfig to obtain the target IP address.
<b>Step 10:</b> “Whoami” prints the effective username of the current user when invoked and net users will show you the user accounts on the computer.
<b>Step 11:</b> Creating a user zack and adding the user to local group Administrator and Remote Desktop users.
<b>Step 12:</b> Checking the information of the user account zack.
<b>Step 13:</b> Connecting the target machine using the created user and password through Remote Desktop Connection.
<b>Step 14:</b> Successfully logged into the target system using the created user accounts.
**Follow the below steps inorder to patch the vulnerability.**
step 1: download the patch file from https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-010?redirectedfrom=MSDN and install in the affected machine
Step 2: once patch is installed check with the metasploit auxilary module
**Steps to run Auxilary module:**
(i)use auxilary/scanner/smb/smb_ms17_010
(ii)set rhosts 192.168.29.162
(iii)run
文件快照
[4.0K] /data/pocs/bde9d772fbeb2fd785d0ecf821d4be4a1129e1ad
└── [4.9K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。