This machine had a vulnerability that is only found out if you are good at NMAP and if not so, then use help command in NMAP or use the GUI version of NMAP that is ZENMAP.
The first thing I do is run an NMAP on the target to see which ports are open.
SMB is always an easy loophole to exploit, so let’s enumerate that further, and see if this box is vulnerable to any known exploits.
It seems that this box is running Windows 7, and it’s vulnerable to ms170–010 / CVE-2017–0143. Let’s use searchsploit search to show us that the are several popular exploits.
We now fire up Metasploit and search modules for ms17–010. We choose the eternal blue exploit, and we set the correct options to run it.
Now that we have our options set, we can run it and get our shell.
Let’s GOOOOO its ROOT