Hack The Box (Blue)

By: Nicholas Werner

Starting off with an nmap scan to find what ports are open and what services are running.

I see that on port 445 it is running Windows 7 Professional 7601 Service Pack 1 so I know immediately that this machine is probably going to be vulnerable to eternal blue (hence the box name “Blue”).

I want to run Metasploit and search for the eternal blue vulnerability (ms17–010)

I want to scan first to see if this machine is vulnerable to eternal blue so I type the command below.

Looks like the host is likely vulnerable so now we can use the eternal blue exploit as shown below.

The exploit worked and I got a meterpreter shell.

Looks like I already have system access so I can pretty much do whatever now. I want to type shell so that I can have a shell directly on the Windows machine and navigate its directories.

Commands used:

cd c:\

dir

cd Users

dir

cd Administrator

dir

cd Desktop

dir

type root.txt

I found the root flag.

Now, I want to cd back to the users file and find the other flag.

Commands used:

cd haris

dir

cd Desktop

dir

type user.txt

I found the user flag.