Hack The Box (Blue)
By: Nicholas Werner
Starting off with an nmap scan to find what ports are open and what services are running.
I see that on port 445 it is running Windows 7 Professional 7601 Service Pack 1 so I know immediately that this machine is probably going to be vulnerable to eternal blue (hence the box name “Blue”).
I want to run Metasploit and search for the eternal blue vulnerability (ms17–010)
I want to scan first to see if this machine is vulnerable to eternal blue so I type the command below.
Looks like the host is likely vulnerable so now we can use the eternal blue exploit as shown below.
The exploit worked and I got a meterpreter shell.
Looks like I already have system access so I can pretty much do whatever now. I want to type shell so that I can have a shell directly on the Windows machine and navigate its directories.
I found the root flag.
Now, I want to cd back to the users file and find the other flag.
I found the user flag.