## https://sploitus.com/exploit?id=71C6EF9A-98BE-51AE-924F-2641818E1A9F
# System Exploitation & Privilege Escalation Lab
## ๐ Project Overview
This project focuses on the exploitation phase of the Cyber Kill Chain. Using the **Metasploit Framework**, I targeted a vulnerable Windows 7 machine to demonstrate how unpatched services can lead to total system compromise.
### ๐ฏ Objective
- Exploitation of **MS17-010 (EternalBlue)** vulnerability.
- Establishing a reverse shell connection.
- Post-exploitation privilege verification and credential dumping.
---
## ๐ ๏ธ Tools Used
- **Exploitation Framework:** Metasploit (msfconsole)
- **Payload:** windows/x64/meterpreter/reverse_tcp
- **Target:** Windows 7 Professional (Virtual Machine)
---
## ๐ธ Exploitation Walkthrough
### 1. Execution & Access
**Exploit:** `exploit/windows/smb/ms17_010_eternalblue`
**Methodology:**
1. Configured the exploit with the Target IP (`RHOSTS`) and my listener IP (`LHOST`).
2. Executed the attack, which sent a specially crafted packet to the SMBv1 service.
3. Successfully established a **Meterpreter** session, bypassing standard authentication.
### 2. Post-Exploitation (Proof of Impact)
Once inside, I verified my access level and demonstrated critical impact:
- **Privilege Check:** Ran `getuid` to confirm **NT AUTHORITY\SYSTEM** access (highest privilege level).
- **Credential Dumping:** Executed `hashdump` to retrieve NTLM password hashes from the SAM database.

*(Figure 1: Successful exploitation sequence showing SYSTEM access and hash retrieval)*
---
## ๐ก๏ธ Remediation
To prevent this attack:
1. **Patch Management:** Apply Microsoft Security Bulletin **MS17-010** immediately.
2. **Disable SMBv1:** Disable the legacy SMBv1 protocol via Group Policy.
3. **Network Segmentation:** Block port 445 at the firewall level for external traffic.