HTB - Blue Writeup

Featured image

Initial Enumeration

1. Nmap Scanning

Starting with a scan of the target ip address:

nmap -sC -sV -oA blue.nmap

Based on the output of the nmap scan we can determine this is a Windows machine. Ports 135,139 and 445. We also see a potential username “Haris”

The OS looks to be “Windows 7 SP1 7601 Build”.

Based on the name of this box and the SMB port being open, this box will potentially require an EternalBlue exploit.

2. SMB Enumeration

We can run smbmap to see if we have access to any network shares with the anonymous user.

smbmap -H -u anonymous


3. EternalBlue Exploit

Let’s use Metasploit and load up the following module:


Set your LHOST and RHOST. Then run it and it will immediately grant a root shell.

Grab the flags: