IP of the Machine:

Let’s do a Nmap scan to enumerate the ports open and services running:

Command: nmap -A

Let’s do a nmap script scan over port 139 and 445:

Command: nmap — script=smb-vuln* -p139,445

It seems that this box is running Windows 7, and it’s vulnerable to ms17–010 / CVE-2017–0143.

Let’s fire up our Metasploit and search for the vulnerability for any available modules for the exploit

Cool, let’s use the ms17–010 eternal blue exploit.

Set the RHOST(Victim’s IP) and Run.

Cool, We got an Administrative level Shell.

Let’s explore and capture the flags.

Root Flag:

User Flag:




Security researcher, Blogger, Bug Bounty hunter

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Workforce Management Tool | Resource Optimizer™ | Cloud Sloka

What does a name mean in Ruby?

Presearch Nodes Open Beta

AWS Automation with Python (Boto3) Basics — Part 1

Windows Subsystem for Linux

How This One Trick Could Increase Your Sales By Nearly 400% In 20 Minutes

The best python extensions to install in visual studio code when you are a python newbie.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kapil Verma

Kapil Verma

Security researcher, Blogger, Bug Bounty hunter

More from Medium

HTB — CAP Walkthrough

TryHackMe | CTF | Walkthrough | Raven

HackTheBox — Resolute

Sense HTB Writeup