Table of contents
HOW
TO EXPLOIT ETERNALROMANCE/SYNERGY TO GET A METERPRETER SESSION ON
WINDOWS SERVER 2016 ………………………………………………………………………………………………………………………………. 1
Introduction ……………………………………………………………………………………………………………………………….. 3
Lab environment ……………………………………………………………………………………………………………………… 3
Getting the exploit ………………………………………………………………………………………………………………………. 5
Resolving dependencies ……………………………………………………………………………………………………………. 5
Check if the exploit works …………………………………………………………………………………………………………….. 6
Authentication …………………………………………………………………………………………………………………………. 6
Parameters ……………………………………………………………………………………………………………………………… 6
Execution without shellcode ……………………………………………………………………………………………………… 7
Cooking the shellcode ………………………………………………………………………………………………………………….. 8
Creating .SCT file with PS1ENCODE …………………………………………………………………………………………….. 8
Allowing shellcode.sct download ……………………………………………………………………………………………….. 8
Alteration of exploit’s behavior …………………………………………………………………………………………………… 10
Executing the shellcode …………………………………………………………………………………………………………… 10
Getting the Meterpreter session …………………………………………………………………………………………………. 11
Final words… …………………………………………………………………………………………………………………………….. 13
Introduction ……………………………………………………………………………………………………………………………….. 3
Lab environment ……………………………………………………………………………………………………………………… 3
Getting the exploit ………………………………………………………………………………………………………………………. 5
Resolving dependencies ……………………………………………………………………………………………………………. 5
Check if the exploit works …………………………………………………………………………………………………………….. 6
Authentication …………………………………………………………………………………………………………………………. 6
Parameters ……………………………………………………………………………………………………………………………… 6
Execution without shellcode ……………………………………………………………………………………………………… 7
Cooking the shellcode ………………………………………………………………………………………………………………….. 8
Creating .SCT file with PS1ENCODE …………………………………………………………………………………………….. 8
Allowing shellcode.sct download ……………………………………………………………………………………………….. 8
Alteration of exploit’s behavior …………………………………………………………………………………………………… 10
Executing the shellcode …………………………………………………………………………………………………………… 10
Getting the Meterpreter session …………………………………………………………………………………………………. 11
Final words… …………………………………………………………………………………………………………………………….. 13
No comments:
Write comments