最新消息:欢迎大家关注安全工具箱微信公众号,域名信息查询,微信搜索安全工具箱添加关注即可,或访问在线安全工具箱

MS17-010(永恒之蓝) Python Exploit

内网安全 表哥C 1107浏览 0评论

文件如下:

  • BUG.txt MS17-010 bug detail and some analysis
  • checker.py Script for finding accessible named pipe
  • eternalblue_exploit7.py Eternalblue exploit for windows 7/2008
  • eternalblue_exploit8.py Eternalblue exploit for windows 8/2012 x64
  • eternalblue_poc.py Eternalblue PoC for buffer overflow bug
  • eternalblue_kshellcode_x64.asm x64 kernel shellcode for my Eternalblue exploit. This shellcode should work on Windows Vista and later
  • eternalblue_kshellcode_x86.asm x86 kernel shellcode for my Eternalblue exploit. This shellcode should work on Windows Vista and later
  • eternalblue_sc_merge.py Script for merging eternalblue x86 and x64 shellcode. Eternalblue exploit, that support both x86 and x64, with merged shellcode has no need to detect a target architecture
  • eternalchampion_leak.py Eternalchampion PoC for leaking info part
  • eternalchampion_poc.py Eternalchampion PoC for controlling RIP
  • eternalchampion_poc2.py Eternalchampion PoC for getting code execution
  • eternalromance_leak.py Eternalromance PoC for leaking info part
  • eternalromance_poc.py Eternalromance PoC for OOB write
  • eternalromance_poc2.py Eternalromance PoC for controlling a transaction which leading to arbitrary read/write
  • eternalsynergy_leak.py Eternalsynergy PoC for leaking info part
  • eternalsynergy_poc.py Eternalsynergy PoC for demonstrating heap spraying with large paged pool
  • infoleak_uninit.py PoC for leaking info from uninitialized transaction data buffer
  • mysmb.py Extended Impacket SMB class for easier to exploit MS17-010 bugs
  • npp_control.py PoC for controlling nonpaged pool allocation with session setup command
  • zzz_exploit.py Exploit for Windows 2000 and later (requires access to named pipe)

正常zzz_exploit.py就包含了所有的系统,不过默认执行的payload只是在c盘写了一个文件

需要修改 972行

在smbconn下加上

service_exec(conn, r’cmd /c copy c:\pwned.txt c:\pwned_exec.txt’)

把后面执行的cmd改成自己需要执行的命令即可,因为他是创建一个服务去执行命令,可能会出现错误

地址:https://github.com/worawit/MS17-010/

转载请注明:安全工具箱 » MS17-010(永恒之蓝) Python Exploit

发表我的评论
取消评论
表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址