Legacy
Easy Windows XP machine vulnerable to MS08‑067 EternalBlue SMB exploit for root.
TL;DR
Recon
Ping
the machine has a TTL of 127, which means is a windows machine
.
Nmap
1000 first TCP ports
Using the option --script=smb-vuln* we found that the SMB is vulnerable to RCE
We will try to use CVE-2008-4250
EXPLOITATION
MetaSploit Framework
Looking through msf, we could find an exploit for the discovered CVE-2008-4250
Using the exploit after completing the options, we can run a shell as NT AUTHORITY\SYSTEM