Mr. BLue

Enumeration

From Nmap there are a handful of open ports

Decided to check the web service first and found the below, in the page source, the image has  an alt-text that reads "Mr Blue aka MS17-010" indicating EternalBlue SMBv1 Vulnerability.

Using the below Nmap script, I was able to confirm the vulnerability does exists on the machine:

nmap -p139,445 --script "smb-vuln-* and not(smb-vuln-regsvc-dos)" --script-args smb-vuln-cve-2017-7494.check-version,unsafe=1 10.150.150.242

Using Mestaploit, I was able to find a working Exploit

and I have a shell