Share
## https://sploitus.com/exploit?id=676794E0-8312-580C-95A3-B5064D7FE3DF
# Windows-pentest-lab
Penetration testing and vulnerability assessment on windows 7
# ๐ก๏ธ Windows OS Penetration Testing & Vulnerability Assessment





> A full penetration testing engagement on a Windows 7 system conducted in an isolated lab environment. This project covers the complete PTES methodology โ from reconnaissance through post-exploitation โ and documents all findings with evidence and remediation recommendations.
---
## ๐ Project Summary
| Field | Details |
|-------|---------|
| Target OS | Windows 7 Professional SP1 |
| Environment | Isolated Lab (no production systems) |
| Testing Type | Black-box + Grey-box |
| Critical CVEs | MS17-010, CVE-2019-0708, MS08-067 |
| Access Achieved | NT AUTHORITY\SYSTEM |
| Report | [Download Full Report](report/Windows_Pentest_Report.docx) |
---
## ๐๏ธ Repository Structure
```
windows-pentest-lab/
โโโ README.md
โโโ report/
โ โโโ Windows_Pentest_Report.docx
โโโ methodology/
โ โโโ 01_reconnaissance.md
โ โโโ 02_scanning.md
โ โโโ 03_vulnerability_assessment.md
โ โโโ 04_exploitation.md
โ โโโ 05_post_exploitation.md
โโโ tools/
โ โโโ tools_used.md
โโโ findings/
โโโ vulnerability_summary.md
```
---
## ๐ Methodology
```mermaid
graph TD
A[๐ Reconnaissance] --> B[๐ก Scanning & Enumeration]
B --> C[๐ฌ Vulnerability Assessment]
C --> D[๐ฅ Exploitation]
D --> E[๐ต๏ธ Post-Exploitation]
E --> F[๐ Reporting]
```
---
## ๐จ Key Findings
| # | Vulnerability | CVE | Severity | CVSS |
|---|--------------|-----|----------|------|
| 1 | EternalBlue SMB RCE | MS17-010 | ๐ด CRITICAL | 9.8 |
| 2 | BlueKeep RDP RCE | CVE-2019-0708 | ๐ด CRITICAL | 9.8 |
| 3 | NetAPI RCE | MS08-067 | ๐ด CRITICAL | 10.0 |
| 4 | RDP DoS/RCE | MS12-020 | ๐ HIGH | 9.3 |
| 5 | Privilege Escalation | MS16-032 | ๐ HIGH | 7.8 |
| 6 | Weak Admin Password | N/A | ๐ HIGH | 8.1 |
| 7 | SMBv1 Enabled | N/A | ๐ HIGH | 7.5 |
| 8 | No Firewall Rules | N/A | ๐ก MEDIUM | 6.5 |
| 9 | No Antivirus/EDR | N/A | ๐ก MEDIUM | 6.2 |
| 10 | Guest Account Enabled | N/A | ๐ข LOW | 5.3 |
---
## ๐ ๏ธ Tools Used
| Tool | Purpose |
|------|---------|
| Nmap | Port scanning, OS fingerprinting |
| Metasploit Framework | Exploitation, Meterpreter sessions |
| Nessus | Automated vulnerability scanning |
| Netcat | Reverse shells, banner grabbing |
| Mimikatz | Credential extraction from LSASS |
| Wireshark | Network traffic analysis |
---
## โ
Top Recommendations
- ๐ด **Upgrade from Windows 7** โ EOL since January 2020, no security patches available
- ๐ด **Disable SMBv1** โ Primary attack vector for EternalBlue
- ๐ด **Patch immediately** โ MS17-010, MS08-067, CVE-2019-0708
- ๐ **Enforce strong passwords** โ Minimum 14 characters with complexity
- ๐ **Enable Host-based Firewall** โ Block ports 445, 135, 3389 from untrusted networks
- ๐ก **Deploy EDR solution** โ No endpoint protection was detected during testing
---
## โ ๏ธ Disclaimer
> This project was conducted **entirely in an isolated lab environment** for educational purposes only. No real systems were harmed. All techniques described are for **authorized security research only**. Unauthorized use of these techniques on systems you do not own is **illegal**.
---