Tuesday, January 15, 2019

Blue


BLUE

- Layout for this exercise:





1 - INTRODUCTION

- The goal of this exercise is to develop a hacking process for the vulnerable machine Blue, what is a retired machine from the Hack The Box pentesting platform:

https://www.hackthebox.eu/


2 - ENUMERATION

- Blue's IP is 10.10.10.40:




- Scanning with Nmap:





- Scanning deeper ports like 135, 139 and 445:







- This Nmap script discovers that Blue is vulnerable to SMB MS17-010 at port 445:





- Metasploit helps to confirm SMB and Operating System versions:





3 - EXPLOITATION

- Looking for information about the vulnerability MS17-010:




- There is an associated Metasploit exploit with MS17-010 vulnerability:





- Launching Metasploit and using exploit/windows/smb/ms17_010_eternalblue:




- Setting Blue's IP as RHOST:





- Setting Meterpreter as payload, Kali's IP as LHOST (interface tun0 with IP 10.10.14.2), and port 5555 as LPORT:





- Running the exploit we get a Meterpreter session with System privileges:



.... etc ....





- So in this case there is no need of Privilege Escalation.



4 - CAPTURING THE FLAGS

- Reading the 1st flag:





- Reading the 2nd flag: