📚
OSCP
  • Pentesting
  • Proving Grounds practice
    • Warm up
      • Windows
        • Kevin
        • Internal
        • Metallus
      • Linux
        • ClamAV
        • Exfiltrated
        • Twiggy
    • Get to work
      • Windows
        • Slort
        • Billyboss
        • Fish
        • UT99
        • AuthBy
        • Jacko
        • Shenzi
      • Linux
        • Dibble
        • Pelican
        • Sorcerer
        • Zino
        • Zenphoto
        • Snookums
        • Nibbles
        • Chatty
        • Banzai
    • Try harder
      • Windows
        • Meathead
      • Linux
        • Sirol
        • Peppo
        • Clyde
  • Buffer overflow
    • Buffer Overflow Methodology
    • TryHackMe Practice
      • Overflow1
      • Overflow2
      • Overflow3
      • Overflow4
      • Overflow5
      • Overflow6
      • Overflow7
      • Overflow8
      • Overflow9
      • Overflow10
  • Active Directory
    • AD Authentication
      • NTLM Authentication
      • Kerberos Authentication
    • TryHackMe Practice
      • Attacktive Directory
      • Roasted
      • RazorBlack
    • PG Practice
      • Hutch
      • Vault
      • Heist
Powered by GitBook
On this page
  • Information Gathering
  • Exploit

Was this helpful?

  1. Proving Grounds practice
  2. Warm up
  3. Windows

Internal

Writeup for Internal from offsec Proving Grounds

PreviousKevinNextMetallus

Last updated 3 years ago

Was this helpful?

Information Gathering

sudo ./nmapAutomator.sh 192.168.200.40 all

Our nmapAutomator found a vuln for SMB. Let's check it out.

Exploit

Vulnerability: Microsoft Windows - 'srv2.sys' SMB Code Execution

Let's use Metasploit for this.

LogoMicrosoft Windows - 'srv2.sys' SMB Code Execution (Python) (MS09-050)Exploit Database