MS17010( Eternal Blue ) Vulnerability exploitation and recurrence
0X00 brief introduction
Eternal blue means 2017 year 4 month 14 Day and night , Hacker group Shadow
Brokers( Shadow broker ) Publish a large number of network attack tools , It contains “ Eternal Blue ” tool ,“ Eternal Blue ” utilize Windows Systematic SMB Vulnerabilities can obtain the highest privileges of the system .5 month 12 day , Criminals through reform “ Eternal Blue ” Made wannacry Blackmail virus , britain , Russia , The whole Europe as well as China's domestic campus network , Large enterprise intranet and government agency private network , Extortion to pay a high ransom to decrypt the recovery file .
0X01 Vulnerability overview
The eternal blue vulnerability is one of the key issues in the framework of vulnerability exploitation SMB Vulnerability of service attack , The vulnerability causes the attacker to execute arbitrary code on the target system
0X02 Environment for vulnerability recurrence
Win7 One
Kali linux One
0X03 Vulnerability exploitation
Use it first nmap View ports
find 445 port
use msf
Test it with the scan module first
Find out what you can use
Find attack module
Control success
View system information
rebound shell
Account added successfully
Get the account hash, Decode to get the code
Find the path shown to see a screenshot of the victim
Display success
Keep a good habit of clearing logs
m: week
qq405839848
Technology
Daily Recommendation