TryHackMe: Blue

6 min readMay 4, 2021

An educational series on Windows exploitation for complete beginners. A walkthrough.

Source: Varg — THM ProfileInstagramBlue MerchTwitter

Task 1: Recon

We start our recon with scanning the target machine using Nmap.

How many ports are open with a port number under 1000?


If you run the scan with -A flag it will scan all the ports on the host and we only need port numbers < 1000. It would be better to just specify -p 1000 to scan the first 1000 ports.

What is this machine vulnerable to? (Answer in the form of: ms??-???, ex: ms08–067)


To get this answer I ran nmap script which scans for the vulnerabilities on the host.

nmap --script vuln
nmap — script vuln command

Task 2: Gain Access

Start Metasploit

(To do that, type the following command in the terminal:)


Find the exploitation code we will run against the machine. What is the full path of the code? (Ex: exploit/……..)





Everything is unknown until it’s known. Self-learner.