Logo
HackTheBox - Blue Writeup

HackTheBox - Blue Writeup

SH∆FIQ∆IM∆N SH∆FIQ∆IM∆N
July 20, 2021
1 min read
index

Enumeration

First, lets do an enumeration with the IP address of this machine. Im gonna run Nmap [Netwok Mapper] to scan any open ports. Im gonna run this command

nmap -sC -sV -oN nmap/initial 10.10.10.40

Explaining the nmap scan:

  • -sC := scan using nmap default script
  • -sV := scan for version
  • -oN := output in normal format

nmap initial scan

nmap initial scan

The Nmap scan is done. The result shows us this is a Windows 7 machine and has smb!

This is a very old machine. I’m pretty sure this is vulnerable to Eternalblue. Let’s run the Nmap smb-vuln script to double-check.

Terminal window
nmap --script smb-vuln* -p139,445 -oN nmap/vuln_script 10.10.10.40

NSE check vulnerable to Eternalblue

NSE check vulnerable to Eternalblue

Yup. This machine is vulnerable to Eternalblue exploit.

Foothold/Gaining Access

I’m gonna run Metasploit and search for eternalblue and use it

search Eternalblue exploit

search Eternalblue exploit

Before we run it. We need to set up the RHOSTS and LHOST. Make the lhost is set into your htb ip addr.

setup listener ip and port

setup listener ip and port

Oopsie

After that just type run.

execute the exploit

execute the exploit

WE’RE IN AS SYSTEM!!! cool.

Now, let’s hunt for the user & admin flag.

User flag

user flag

user flag

Root/Admin flag

root flag

root flag

Conclusion

Ive learned a lot today. Please update the system. In this case, I’m able to exploit using EternalBlue and become root. That’s super scary.

I have a fun time doing this machine and I hope you guys too. Bye ;)