OSCP - NetSec Focus

The Journey to Try Harder: TJnull’s Preparation Guide for PWK/OSCP |... https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Ha...
1 of 41 2/29/2020, 10:29 PM
2 of 41 2/29/2020, 10:29 PM
3 of 41 2/29/2020, 10:29 PM
4 of 41 2/29/2020, 10:29 PM
5 of 41 2/29/2020, 10:29 PM
6 of 41 2/29/2020, 10:29 PM
7 of 41 2/29/2020, 10:29 PM
8 of 41 2/29/2020, 10:29 PM
9 of 41 2/29/2020, 10:29 PM
10 of 41 2/29/2020, 10:29 PM
11 of 41 2/29/2020, 10:29 PM
12 of 41 2/29/2020, 10:29 PM
13 of 41 2/29/2020, 10:29 PM
14 of 41 2/29/2020, 10:29 PM
searchsploit MS‐17‐010
root@kali:~# searchsploit ms17-010

-----------------------------------------------------------
Exploit Title
-----------------------------------------------------------
Microsoft Windows - 'EternalRomance'/'EternalSynergy'/'Eter
Microsoft Windows - SMB Remote Code Execution Scanner (MS17
Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SM
Microsoft Windows Windows 7/2008 R2 - 'EternalBlue' SMB Rem
Microsoft Windows Windows 7/8.1/2008 R2/2012 R2/2016 R2 - '
Microsoft Windows Windows 8/8.1/2012 R2 (x64) - 'EternalBlu
-----------------------------------------------------------
Shellcodes: No Result
15 of 41 2/29/2020, 10:29 PM
searchsploit ‐x /usr/share/exploitdb/exploits/windows/remote
/43970.rb
root@kali:~# searchsploit -x /usr/share/exploitdb/exploits/
Snippet of the exploit:

##
# This module requires Metasploit: https://metasploit.com/d
# Current source: https://github.com/rapid7/metasploit-fram
##
# Windows XP systems that are not part of a domain default

# network logons as if they were Guest. This prevents SMB r
# gaining administrative access to these systems. This sett
# under:
#
# Local Security Settings >
# Local Policies >
# Security Options >
# Network Access: Sharing and security model for local
class MetasploitModule < Msf::Exploit::Remote

Rank = NormalRanking
include Msf::Exploit::Remote::SMB::Client::Psexec_MS17_01
include Msf::Exploit::Powershell
include Msf::Exploit::EXE
include Msf::Exploit::WbemExec
include Msf::Auxiliary::Report
16 of 41 2/29/2020, 10:29 PM
def initialize(info = {})

super(update_info(info,
'Name' => 'MS17-010 EternalRomance/EternalS
'Description' => %q{
This module will exploit SMB with vulnerabilities i
primitive. This will then be used to overwrite the
Administrator session. From there, the normal psexe
Exploits a type confusion between Transaction and W

Transaction requests, as seen in the EternalRomance
exploits. This exploit chain is more reliable than
named pipe.
17 of 41 2/29/2020, 10:29 PM
Python ‐m SimpleHTTPServer 80
Python3 ‐m http.server 80
Python ‐m pyftpdlib ‐p 21 ‐w
Python3 ‐m pyftpdlib ‐p 21 ‐w
18 of 41 2/29/2020, 10:29 PM
19 of 41 2/29/2020, 10:29 PM
20 of 41 2/29/2020, 10:29 PM
21 of 41 2/29/2020, 10:29 PM
22 of 41 2/29/2020, 10:29 PM
23 of 41 2/29/2020, 10:29 PM
24 of 41 2/29/2020, 10:29 PM
25 of 41 2/29/2020, 10:29 PM
26 of 41 2/29/2020, 10:29 PM
27 of 41 2/29/2020, 10:29 PM
28 of 41 2/29/2020, 10:29 PM
29 of 41 2/29/2020, 10:29 PM
30 of 41 2/29/2020, 10:29 PM
31 of 41 2/29/2020, 10:29 PM
32 of 41 2/29/2020, 10:29 PM
33 of 41 2/29/2020, 10:29 PM
34 of 41 2/29/2020, 10:29 PM
35 of 41 2/29/2020, 10:29 PM
36 of 41 2/29/2020, 10:29 PM
37 of 41 2/29/2020, 10:29 PM
38 of 41 2/29/2020, 10:29 PM
39 of 41 2/29/2020, 10:29 PM
40 of 41 2/29/2020, 10:29 PM
41 of 41 2/29/2020, 10:29 PM

OSCP - NetSec Focus

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

OSCP - NetSec Focus

Uploaded by

Copyright:

Available Formats

The Journey to Try Harder: TJnull’s Preparation Guide for PWK/OSCP |... https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Ha...

root@kali:~# searchsploit ms17-010

root@kali:~# searchsploit -x /usr/share/exploitdb/exploits/

Snippet of the exploit:

# Windows XP systems that are not part of a domain default

class MetasploitModule < Msf::Exploit::Remote

def initialize(info = {})

Exploits a type confusion between Transaction and W

You might also like