|
for
authentication
SMBPass no The password
for
Pdf ko'rish
|
| bet | 167/225 | | Sana | 14.05.2024 | | Hajmi | 22,59 Mb. | | #232856 |
Bog'liq learningkalilinuxfor
authentication
SMBPass no The password
for
the specified username
SMBUser no The username to authenticate as
THREADS
1
yes The number of concurrent threads
msf auxiliary
(
scanner/smb/smb_ms17_010
)
>
set
RHOSTS 192.168.86.48
RHOSTS
=
> 192.168.86.48
msf auxiliary
(
scanner/smb/smb_ms17_010
)
>
set
THREADS 10
THREADS
=
> 10
msf auxiliary
(
scanner/smb/smb_ms17_010
)
> run
[
+
]
192.168.86.48:445 - Host is likely VULNERABLE to MS17-010! - Windows Server
2008
R2 Standard
7601
Service Pack
1
x64
(
64-bit
)
[
*
]
Scanned
1
of
1
hosts
(
100%
complete
)
[
*
]
Auxiliary module execution completed
Once we have identified that the vulnerability exists, either through a vulnerability
scanner like OpenVAS or by testing via modules in Metasploit, we can move on to
exploitation. Don’t expect, though, that running through a vulnerability scanner will
give you all the vulnerabilities on a system. This is where performing port scans and
other reconnaissance is important. Getting a list of services and applications will give
us additional clues for exploits to look for. Using the search function in Metasploit
will give us modules to use based on services that are open and the applications that
are listening on the open ports.
Exploiting Your Target
We will take advantage of the EternalBlue vulnerability to get into our target system.
We’re going to run this exploit twice. The first time, we’ll use the default payload. The
second time through, we’ll change the payload to get a different interface. The first
time, we load up the exploit, as shown in
Example 6-7
. No options need to be
|
| |
