HTB - Blue Writeup

Featured image

Initial Enumeration

1. Nmap Scanning

Starting with a scan of the target ip address:

nmap -sC -sV -oA blue.nmap 10.10.10.40

Based on the output of the nmap scan we can determine this is a Windows machine. Ports 135,139 and 445. We also see a potential username “Haris”

The OS looks to be “Windows 7 SP1 7601 Build”.

Based on the name of this box and the SMB port being open, this box will potentially require an EternalBlue exploit.

2. SMB Enumeration

We can run smbmap to see if we have access to any network shares with the anonymous user.

smbmap -H 10.10.10.40 -u anonymous

Exploitation

3. EternalBlue Exploit

Let’s use Metasploit and load up the following module:

exploit/windows/smb/ms17_010_eternalblue

Set your LHOST and RHOST. Then run it and it will immediately grant a root shell.

Grab the flags: