Experimental environment :
virtual machine :kali-linux windows 7( Not patched )
obtain IP address
kali-linux : 192.168.146.136
windows7 : 192.168.146.129
input service postgresql status Check if it is on postgresql service
implement service postgresql start
,
input msfconsole start-up msf( If not root Landing needs sudo Increase authority )
Right here win7 Scan for vulnerabilities
Use first nmap nmap Scan and collect information
The reason is that win7 Network sharing is not on
enter win7 virtual machine Network open sharing
Once in a scan
View vulnerability module ——search ms17-010
You can see that there are auxiliary( auxiliary ) Modules and exploit( attack ) modular
You can use the auxiliary scanning module to test first use auxiliary/scanner/smb/smb_ms17_010
Using the scan result of auxiliary module, it is found that only configuration is needed rhosts This parameter It's the segment you're going to scan If only one host needs to be scanned Only this host is given ip Just ok
Then just set it up IP Just address and attack
The scan below shows that it is very vulnerable ms17-010 The attack of
If the result begins with a plus sign, that host has the vulnerability
Bind target and host And set payload establish TCP connect
1: Eternal Blue successfully covered
2: The target host and attacker set up a network shell connect , Conversation is session 1
3: Get it shell
4: stay meterpreter Input under conversation ps You can get the current process of the target host
Meterpreter > webcam list
We didn't find the camera Try to use mimikatz Get password (tspkg and wdigest Getting passwords is more violent )
Technology