IP of the Machine:

Let’s do a Nmap scan to enumerate the ports open and services running:

Command: nmap -A

Let’s do a nmap script scan over port 139 and 445:

Command: nmap — script=smb-vuln* -p139,445

It seems that this box is running Windows 7, and it’s vulnerable to ms17–010 / CVE-2017–0143.

Let’s fire up our Metasploit and search for the vulnerability for any available modules for the exploit

Cool, let’s use the ms17–010 eternal blue exploit.

Set the RHOST(Victim’s IP) and Run.

Cool, We got an Administrative level Shell.

Let’s explore and capture the flags.

Root Flag:

User Flag:

Security researcher, Blogger, Bug Bounty hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store