Showing posts from June, 2018

MS17-010 Vulnerability - Over the WAN LAB with NGROK - EternalBlue and EternalRomance exploits on Windows 10, Windows 7 and Windows 2018 R2

In this video we will use the "Over the WAN" LAB that was configured in the previous post, in order to exploit the MS17-010 Vulnerability. We will use the EternalBlue and EternalRomance / EternalChampion exploit modules in Metasploit, together with NGROK. This video will heavily use information that was presented in my previous posts. Please review the posts below, as needed: 1.  Over the WAN Penetration Testing LAB - Installing and using NGROK and NETCAT 2.  MS17-010 Vulnerability - Scanning using Metasploit on KALI Linux 3.  MS17-010 Vulnerability - Using EternalBlue exploit module in Metasploit 4.  Metasploit Tips - reverse_https vs reverse_tcp payloads (also covers the "multihandler" exploit) 5.  MS17-010 Vulnerability - New EternalRomance / EternalSynergy / EternalChampion SMB modules for Metasploit - Exploiting Windows10 and Windows2008R2 STDAPI In order to be able to use the "sysinfo", "getuid" and "ipconfig" co

Over the WAN Penetration Testing LAB - Installing and using NGROK and NETCAT

In this video we will discuss some common challenges faced during external penetration testing exercises. We will then configure the LAB to simulate an "over the WAN" environment. We will install and configure NGROK, then we will see how port forwarding via the NGROK site might help in an "over the WAN" scenario. As we progress with the new LAB configuration, we will perform connectivity testing using NETCAT. NGROK NGROK is a multiplatform tunnelling, reverse proxy software that establishes secure tunnels from a public endpoint such as internet, to a locally running network service. Check the following link for more details about NGROK: Sign up for a free NGROK account by using the following link: In order to establish a TCP tunnel exposing port 80 on the local Kali Linux machine, we will use the following command: ./ngrok tcp 80 NETCAT NETCAT is a computer networking utility used