Made a several scans to validate the vulnerability on this machine.
Search on google for possible INs on this machine. At this point we know that the Wins7 has a vulnerability on the SMB at port 445. On this scenario, we are going to use the msfconsole to gain an administrative access.
Command: msfconsole
On the msf6, we can leverage the capability of meta.
Several matching modules have been gathered. Be mindful on the enumeration gathering that made earlier. Let’s enumerate what’s the best on the 4 choices.
- Moving the 3, since this is a scanner and we already used this to validate the vulnerability on the machine.
- Moving 1 and 2- Although these are possible for exploitation and scanner . It’s best to be straight forward on the identified vulnerability.
- Choosing 0 — Straight forward and this might work as expected.
show info — let you observe the information on the system information of the machine.
OPTIONS — It’s essentially an overall between the attacker and victim. All we need is to setup / configure the IP by modifying the RHOSTS .
RHOSTS — victim machine
Once configured, hit run / exploit to run.
Command: shell
this command will let you have an interactive overview the machine you’ve compromised.