While performing a vulnerability scan, I ran across an unpatched Windows 7 machine that is vulnerable to eternalblue.
Gather intel about the target with, sysinfo.
Find out what level of privileges you have with, getuid. Fortunately, I acquired SYSTEM privileges!!!
Now it’s time to pwn the box by getting a shell on the target with, shell.
Quickly gain persistence but creating a new user, preferably with a username that would blend in to other usernames on the system. I didn’t do that here, I created a root user for effect.
Grab the hashes incase you lose connection to the victim. You can crack them offline and come back later. I should’ve done this before I opened a shell, but I exited back out to the meterpreter shell and ran hashdump.
When you are finished, wipe out the logs and cover your tracks with, clearev.