Enumeration

Nmap

Initial Nmap scan revealed SMB and other common ports were open.

00 - nmap

At first I tried SMB Null session but it was not available. So I re-run the nmap scan with vuln script and found out that the machine is vulnerable to CVE-2009-3103 through SMB.

01 - vuln nmap

Exploitation (Directyly SYSTEM)

CVE-2009-3103

After some research I found an exploit on github.

02 - exploit

It was explaining how to use metasploit for this CVE. So I simply used it and got a SYSTEM shell.

03 - done

<
Previous Post
Hutch - Proving Grounds Practice
>
Next Post
Jacko - Proving Grounds Practice