Kapil Verma
2 min readMar 14, 2020


IP of the Machine:

Let’s do a Nmap scan to enumerate the ports open and services running:

Command: nmap -A

Let’s do a nmap script scan over port 139 and 445:

Command: nmap — script=smb-vuln* -p139,445

It seems that this box is running Windows 7, and it’s vulnerable to ms17–010 / CVE-2017–0143.

Let’s fire up our Metasploit and search for the vulnerability for any available modules for the exploit

Cool, let’s use the ms17–010 eternal blue exploit.

Set the RHOST(Victim’s IP) and Run.

Cool, We got an Administrative level Shell.

Let’s explore and capture the flags.

Root Flag:

User Flag: