Blue
window- easy machine
Enumeration
Nmap
the nmap scan shows up couple number of ports.
let’s try to see the vulnerabilities in port 445 as it is open for a Windows 7 version.
nmap -p 445 10.10.10.40 --script=smb-vuln-ms17-010.nse
There is a code execution vulnerability in here and also provided a CVE for this version
let’s try to find that one CVE using metasploit
I search for the CVE and the target that is window7
searched for the eternalblue
Then i found this sl.no 24 that is a smb vulnerability.
Use that no.24
Then set the rhosts target machine ip 10.10.10.40.
Then hit exploit
Here i found that Host is likely VULNERABLE to MS17-010! - Windows 7 Professional 7601 Service Pack 1 x64 (64-bit)
Then i search for that exploit.
Then hit use 0
again set the rhosts and lhost which is my localhosts ip.
Then hits exploit again
Now i was able to enter inside the target machine’s computer
User Flag
Root Flag
Machine completed
Learning
- improved on using metasploit
- exploit outdated versions.