MS17-010 Vulnerability Exploitation

Jan 7, 2025159

AI Translation

This post is translated from Chinese into English through AI.View Original

AI-generated summary

The document describes the use of the Metasploit Framework for exploiting the MS17-010 vulnerability. It outlines the steps to access the msfconsole, search for relevant modules, and use the `smb_ms17_010` scanner for scanning. It then details the use of the `ms17_010_eternalblue` exploit to gain a shell. Common commands for navigating local and remote directories, uploading files, and invoking a remote shell are provided. Additionally, it mentions using the `net` command in the shell to create users and add RDP access permissions.

Using Metasploit Framework#

Execute the msfconsole command to enter the msf terminal.
Search for ms17-010 related modules
Use the auxiliary/scanner/smb/smb_ms17_010 module for scanning
Use the exploit/windows/smb/ms17_010_eternalblue module for exploitation
Successfully exploit to get a shell, use the help command to see supported commands

Common commands:
lcd Switch local directory
lls Browse local files

cd Switch remote directory
ls Browse remote files

upload local_file remote_location Upload file

shell Invoke remote shell

In cmd, you can use the net command to create users and add RDP access permissions