Joshua Cruz

Hack The Box :: Blue

August 24, 2019

Blue info card

Quick Summary

Blue is a very easy Windows machine box with only a couple ports open.. Named after the EternalBlue exploit, this box takes advantage of a vulnerability in Microsoft’s implementation of the SMB protocol.

Nmap

Start with an active reconnasissance on the targeted machine. We use nmap to scan for open ports on the machine.

nmap

Port 445, seemed interesting to me. As a beginner I wasn’t too familar with microsoft-ds. So I ended doing some quick google searches about it and found a few hits about it.

Exploiting

After researching on those two links, I ended up searching Metasploit for a exploit on MS17-010..

metasploit

Here, I found one suitable for exploit and set up the remote host to the targeted machine. with a reverse tcp shell to my own machine.

Pwned

Executing the payload we then pwned the box and have user privileges.

pwned

There we go! We are now in the machine.

User Flag

If you recall from the nmap scan it says Service Info: Host: HARIS-PC; OS: Windows; CPE: cpe:/p:microsoft:windows.

user flag

This clearly gives an hint that the user flag is in the haris folder. After looking through the users fodlers we can then see the user flag in the user.txt file.

Root Flag

But we aren’t done with the machine yet. We still have to find the root flag to escalate privileges further.

root flag

Looking into the Administrator folder, we can see snoop around. Looking in the Desktop of the Administrator user, we can see the root flag in the root.txt file.

Conlusion

This was a very easy box. Overall, this box taught me to do your research and not dive head first and assume. If I didn’t end up doing some research on a port where I always assume its Samba SMB service, I would have been stuck on it much longer. Figuring that one specific part out were then able to easily exploit the machine using basic penetration testing techniques.

As per usual, now that we pwned this box, we can then move onto another box. You can expect a write-up for Shocker next.