Welcome!

Enumeration First we enumerate using the usual nmap scans: This reveals the open port 445 running SMB and that the host runs Windows 7 Professional. SMB We can check these smb shares hosted by port 445 by providing bogus credentials: where we see that Share and Users are readable. These are however empty and does not get us any further. Nmap Vuln Instead we might use the other information provided from our nmap scan, that the user runs an old windows version. We can check if the host has any obvious vulnerabilities that we can exploit on port 445 with the vuln script from nmap: ...