Fun box, do it both with and without Metasploit. Doing it without Metasploit I use Nishang to get a Powershell Reverse Shell, Sherlock to find suitable exploits, then steal a module from Empire to privesc.
Most people were having issue’s on this box with the PrivEsc. The issue is with Meterpreter not being started as 64bit. If you use a 32 bit meterpreter, migrate to switch to x64, then launch MS16-032 you will have issues. This is shown in the video.
1:38 - Go to HTTPFileServer
2:56 - Explanation of Vulnerability
4:49 - Testing the Exploit
6:25 - Getting rev tcp shell with Nishang
11:54 - Shell returned
13:15 - Finding exploits with Sherlock
15:15 - Using Empire Module without Empire for Privesc
21:00 - Start of doing the box with Metasploit
22:36 - Reverse Shell Returned (x32)
24:45 - MSF Error during PrivEsc
25:35 - Reverse Shell Returned (x64)
26:19 - Same PrivEsc as earlier, different result
28:47 - Examining how Rejetto MSF Module works with Burp