Blue- HTB Walkthrough

The IP address of the machine is: 10.10.10.40

Nmap:

Nmap shows that smb server is installed on the host and on port 445 service is running. The name of the box “blue” suggests that it must be eternal blue vulnerability and also I have searched google with service running on port 445 which gives below exploit.

So I have opened Metasploit and searched for the exploit, whether I can use the direct exploit.

I have used windows 7 exploit of eternal blue because in nmap it gave windows 7 version.

Observe we got the shell session.

Now we will check the privileges and try to access the hashes.

Observe we got system privileges, no need to privilege escalation here.

And also we can do below to post exploitation steps to create a new user and make a rdp connection if the shell is not stable.

As seen in the above screenshot we can see newuser is being used to login using rdesktop.