sudo nmap -sC -sV 10.129.81.40
Right away, we can see that port 445 is open and that the box is running Windows 7 SP1, which makes me think of EternalBlue. (Also hinted by the name of this box).
nmap -p445 --script vuln 10.129.81.40
After verifying the box is vulnerable to EternalBlue, the easiest way to exploit it is to use the built in modules in Metasploit. So I open up msfconsole
and do a search for eternalblue
.
After waiting about 30 seconds, I had a shell on the box with Admin privileges.