Share
## https://sploitus.com/exploit?id=71C6EF9A-98BE-51AE-924F-2641818E1A9F
# System Exploitation & Privilege Escalation Lab

## ๐Ÿ“„ Project Overview
This project focuses on the exploitation phase of the Cyber Kill Chain. Using the **Metasploit Framework**, I targeted a vulnerable Windows 7 machine to demonstrate how unpatched services can lead to total system compromise.

### ๐ŸŽฏ Objective
- Exploitation of **MS17-010 (EternalBlue)** vulnerability.
- Establishing a reverse shell connection.
- Post-exploitation privilege verification and credential dumping.

---

## ๐Ÿ› ๏ธ Tools Used
- **Exploitation Framework:** Metasploit (msfconsole)
- **Payload:** windows/x64/meterpreter/reverse_tcp
- **Target:** Windows 7 Professional (Virtual Machine)

---

## ๐Ÿ“ธ Exploitation Walkthrough

### 1. Execution & Access
**Exploit:** `exploit/windows/smb/ms17_010_eternalblue`
**Methodology:**
1. Configured the exploit with the Target IP (`RHOSTS`) and my listener IP (`LHOST`).
2. Executed the attack, which sent a specially crafted packet to the SMBv1 service.
3. Successfully established a **Meterpreter** session, bypassing standard authentication.

### 2. Post-Exploitation (Proof of Impact)
Once inside, I verified my access level and demonstrated critical impact:
- **Privilege Check:** Ran `getuid` to confirm **NT AUTHORITY\SYSTEM** access (highest privilege level).
- **Credential Dumping:** Executed `hashdump` to retrieve NTLM password hashes from the SAM database.

![Metasploit Kill Chain](3_System_Exploitation_Metasploit.png)
*(Figure 1: Successful exploitation sequence showing SYSTEM access and hash retrieval)*

---

## ๐Ÿ›ก๏ธ Remediation
To prevent this attack:
1.  **Patch Management:** Apply Microsoft Security Bulletin **MS17-010** immediately.
2.  **Disable SMBv1:** Disable the legacy SMBv1 protocol via Group Policy.
3.  **Network Segmentation:** Block port 445 at the firewall level for external traffic.