1 min to read
HTB - Blue Writeup
- Box: Blue
- Difficulty: Easy
- Points: 20
- Release: 28 Jul 2017
- IP: 10.10.10.40
Initial Enumeration
1. Nmap Scanning
Starting with a scan of the target ip address:
nmap -sC -sV -oA blue.nmap 10.10.10.40
Based on the output of the nmap scan we can determine this is a Windows machine. Ports 135,139 and 445. We also see a potential username “Haris”
The OS looks to be “Windows 7 SP1 7601 Build”.
Based on the name of this box and the SMB port being open, this box will potentially require an EternalBlue exploit.
2. SMB Enumeration
We can run smbmap to see if we have access to any network shares with the anonymous user.
smbmap -H 10.10.10.40 -u anonymous
Exploitation
3. EternalBlue Exploit
Let’s use Metasploit and load up the following module:
exploit/windows/smb/ms17_010_eternalblue
Set your LHOST and RHOST. Then run it and it will immediately grant a root shell.
Grab the flags:
- User flag is at
c:\Users\haris\Desktop\user.txt - Root flag is at
c:\Users\Administrator\Desktop\root.txt
