Help with dll injection

Hi all,

I’m stuck in a lab I’m doing and would like some help.
In the lab I’m given a kali machine and a windows server 2008 machine. This is all web based, and the VMs have no Internet access so I can’t install additional tools like PowerSploit or SysInternals/ProcMon. I’m giving a process that is missing a dll file, and the process runs as SYSTEM. I need to capture a flag in a txt file located in C:.

The nmap scan shows the server is running smb

I have used msfvenom to create a dll file so I can start the reverse tcp. But I need help with two points:
1- finding the vulnerable directory to place dll
2- copying the dll file into the windows machine

I’d appreciate your help or any hints with this, thanks! :grinning:

1 Like

Is it updated server 2008? Scans say? Have you tried EternalBlue-DoublePulsar or smb2_negotiate_func_index both exploits are in Metasploit. Try to give more info on the Windows 2008 Server.

1 Like

hi, thanks for your response,

the nmap scan shows these ports open 135, 139, 445, 3389, 49154.

the smb2_negotiate_func_index did not work, I’ll tryeternalblue in a bit.

what addional information can i give you?