Share
## https://sploitus.com/exploit?id=24546307-59BA-5CDF-A770-71D979AA3941
# Cybersecurity Penetration Testing Project

## Project Overview
This repository contains documentation and resources for a cybersecurity penetration testing exercise demonstrating the exploitation of the MS17-010 EternalBlue vulnerability on a Windows 7 target system.

## Project Details
- **Student**: Ahmed Mohamed Said
- **Target System**: Windows 7 (IP: 192.168.43.136)
- **Vulnerability**: MS17-010 EternalBlue (CVE-2017-0143)
- **Tools Used**: Kali Linux, Nmap, Metasploit Framework

## Project Structure
```
โ”œโ”€โ”€ README.md                              # This file
โ”œโ”€โ”€ To-Do.txt                             # Step-by-step penetration testing guide
โ”œโ”€โ”€ Ahmed Mohamed Said 221003440.pdf      # Project documentation (PDF)
โ””โ”€โ”€ imgs/                                 # Screenshots from testing process
    โ”œโ”€โ”€ Screenshot 2024-05-24 021617.png
    โ”œโ”€โ”€ Screenshot 2024-05-24 021747.png
    โ””โ”€โ”€ ... (11 screenshots total)
```

## Methodology
The penetration testing followed these key phases:

1. **Reconnaissance**: Network discovery and target identification
2. **Scanning**: Service enumeration and OS detection using Nmap
3. **Vulnerability Assessment**: Testing for MS17-010 EternalBlue vulnerability
4. **Exploitation**: Using Metasploit's ms17_010_eternalblue module
5. **Post-Exploitation**: System information gathering and file upload demonstration

## Key Findings
- Target system confirmed vulnerable to CVE-2017-0143 (EternalBlue)
- Risk factor: **HIGH**
- Successful exploitation achieved with Metasploit framework
- Remote code execution demonstrated

## Tools and Commands Used
- `nmap -sV -O` for service and OS detection
- `nmap --script smb-vuln-ms17-010` for vulnerability testing
- Metasploit `exploit/windows/smb/ms17_010_eternalblue` module
- Meterpreter payload for post-exploitation

## Screenshots
The `imgs/` directory contains comprehensive screenshots documenting each step of the penetration testing process, captured during the testing session on May 24, 2024.

## Educational Purpose
โš ๏ธ **IMPORTANT DISCLAIMER**: This project is for educational purposes only. The techniques demonstrated should only be used in authorized testing environments with proper permissions. Unauthorized access to computer systems is illegal.

## Course Information
- **Course**: Cybersecurity
- **Term**: 4
- **Academic Year**: 2024

---
*This repository documents a controlled cybersecurity exercise conducted in a lab environment for educational purposes.*