1 min to read
HTB - Blue Writeup
- Box: Blue
- Difficulty: Easy
- Points: 20
- Release: 28 Jul 2017
- IP: 10.10.10.40
1. Nmap Scanning
Starting with a scan of the target ip address:
nmap -sC -sV -oA blue.nmap 10.10.10.40
Based on the output of the nmap scan we can determine this is a Windows machine. Ports 135,139 and 445. We also see a potential username “Haris”
The OS looks to be “Windows 7 SP1 7601 Build”.
Based on the name of this box and the SMB port being open, this box will potentially require an EternalBlue exploit.
2. SMB Enumeration
We can run smbmap to see if we have access to any network shares with the anonymous user.
smbmap -H 10.10.10.40 -u anonymous
3. EternalBlue Exploit
Let’s use Metasploit and load up the following module:
Set your LHOST and RHOST. Then run it and it will immediately grant a root shell.
Grab the flags:
- User flag is at
- Root flag is at