当前位置：网站首页>Cve-2019-0708 vulnerability exploitation of secondary vocational network security 2022 national competition

Cve-2019-0708 vulnerability exploitation of secondary vocational network security 2022 national competition

2022-04-23 10:30:00 【Ba1_ Ma0】

brief introduction

I made a simple environment to reproduce this vulnerability , If you need virtual machine environment, you can add me qq：3316735898, If you don't know anything, you can also ask me
Insert picture description here

1. Via local PC Medium penetration test platform Kali For the target scene Server1 Conduct system service and version scanning penetration test , With xml Format to output information to the specified file （ Using tools Nmap）, Will be with xml Format the parameters that must be used to output information to the specified file as Flag Value submission

nmap Output scanned content to .xml The parameters of the file are

-oX    // (XML  Output )  Write the output directly to  filespec  designated  xml  file , Got  xml  Files can be created by the browser , Or other programming languages ,Java,python  To analyze .XML  The output references a  XSL  Style sheets , Used to format the output, which is similar to  HTML  You can use the browser to preview

Insert picture description here

2. In the local PC Penetration test platform Kali in , Use the command to initialize MSF Database and use this command as Flag Value submission

start-up postgresql database

service postgresql start

initialization msfconsole The order is

msfdb init

Insert picture description here

3. In the local PC Penetration test platform Kali in , open MSF, Use db_import Import the scan results into the database , And view the imported data , Use the command to view the data as Flag Value submission

Import ：

db_import /home/kali/test1.xml

Insert picture description here
View the data ：

hosts

Insert picture description here

4. stay MSF In tools search The command to search CVE-2019-0708 Exploit module , Take the vulnerability disclosure time in the echo result as Flag value （ Such as ：2017-10-16） Submit

Search for exploit modules

search 2019_0708

Insert picture description here
Time is ：

2019-5-14

5. stay MSF Call in tools CVE-2019-0708 Vulnerability attack module , And detect whether there are loopholes in the target , Take the last word in the echo result as Flag Value submission

Using modules

use auxiliary/scanner/rdp/cve_2019_0708_bluekeep

Set the target IP

set rhosts 192.168.0.102

Insert picture description here
perform

run

Insert picture description here
The last word in the echo result is ：

completed

summary

If you don't understand anything, you can ask me , This is the environment I built myself , You can call me if you need

版权声明
本文为[Ba1_ Ma0]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/04/202204231007387661.html

当前位置：网站首页>Cve-2019-0708 vulnerability exploitation of secondary vocational network security 2022 national competition

Cve-2019-0708 vulnerability exploitation of secondary vocational network security 2022 national competition

brief introduction

2. In the local PC Penetration test platform Kali in , Use the command to initialize MSF Database and use this command as Flag Value submission

3. In the local PC Penetration test platform Kali in , open MSF, Use db_import Import the scan results into the database , And view the imported data , Use the command to view the data as Flag Value submission

4. stay MSF In tools search The command to search CVE-2019-0708 Exploit module , Take the vulnerability disclosure time in the echo result as Flag value （ Such as ：2017-10-16） Submit

5. stay MSF Call in tools CVE-2019-0708 Vulnerability attack module , And detect whether there are loopholes in the target , Take the last word in the echo result as Flag Value submission

summary

边栏推荐

猜你喜欢

随机推荐