Eternal Vulnyx (Very Easy- Windows)

Escaneo de puertos

nmap -p- --open -sS --min-rate 5000 -vvv -n -Pn <IP>
nmap -sCV -p<PORTS> <IP>

Info:

Starting Nmap 7.95 ( https://nmap.org ) at 2025-07-25 03:31 EDT
Nmap scan report for 192.168.5.66
Host is up (0.0047s latency).

PORT      STATE SERVICE      VERSION
135/tcp   open  msrpc        Microsoft Windows RPC
139/tcp   open  netbios-ssn  Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds Windows 7 Enterprise 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
5357/tcp  open  http         Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-title: Service Unavailable
|_http-server-header: Microsoft-HTTPAPI/2.0
49152/tcp open  msrpc        Microsoft Windows RPC
49154/tcp open  msrpc        Microsoft Windows RPC
49155/tcp open  msrpc        Microsoft Windows RPC
49157/tcp open  msrpc        Microsoft Windows RPC
MAC Address: 08:00:27:0B:D9:5E (PCS Systemtechnik/Oracle VirtualBox virtual NIC)
Service Info: Host: MIKE-PC; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_clock-skew: mean: 19m58s, deviation: 1h09m16s, median: 59m58s
| smb2-time: 
|   date: 2025-07-25T08:32:01
|_  start_date: 2025-07-25T08:30:20
| smb-security-mode: 
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
| smb2-security-mode: 
|   2:1:0: 
|_    Message signing enabled but not required
|_nbstat: NetBIOS name: MIKE-PC, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:0b:d9:5e (PCS Systemtechnik/Oracle VirtualBox virtual NIC)
| smb-os-discovery: 
|   OS: Windows 7 Enterprise 7601 Service Pack 1 (Windows 7 Enterprise 6.1)
|   OS CPE: cpe:/o:microsoft:windows_7::sp1
|   Computer name: MIKE-PC
|   NetBIOS computer name: MIKE-PC\x00
|   Workgroup: WORKGROUP\x00
|_  System time: 2025-07-25T10:32:01+02:00

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 64.55 seconds

Veremos varios puertos interesantes, pero entre ellos veremos un SAMBA abierto, tambien sabemos que es un Windows 7 por lo que podremos de deducir que puede ser vulnerable a Eternal Blue por lo que vamos a utilizar un script de nmap para poder identificarlo.

Info:

Metasploit

Una vez que estemos dentro, vamos a buscar el siguiente modulo (exploit) para aprovechar dicha vulnerabilidad.

Ahora dentro de dicho modulo, vamos a configurarlo de la siguiente forma:

Info:

Veremos que ha funcionado, por lo que vamos a leer las flags del usuario y de root.

user.txt

root.txt

PreviousExperience Vulnyx (Very Easy- Windows)NextBuild Vulnyx (Very Easy- Windows)

Last updated