Windows exploits are typically targeted toward listening services of the operating system. Here is a list that targets the SMB service that runs on port 445 of Windows:
- Eternalblue – MS17-010
The following are some tools often used by pen testers:
PsExec is a tool included in the Sysinternals toolkit; it is used for remote management and is a popular tool among pen testers, system admins, and hackers. The PsExec binary is usually copied to the $admin share on the machine, then it uses remote management to create a service on the remote machine. Keep in mind that PsExec requires admin privileges on the remote machine:
- Download Sysinternals
- Open the PowerShell prompt
- Type cd <Sysinternals ...