💙Blue

#nmap #metaploit #windows-privilege-escalation #intro-to-windows-command-line

Blue, while possibly the most simple machine on Hack The Box, demonstrates the severity of the EternalBlue exploit, which has been used in multiple largepscale ransomware and crypto-mining attacks since it was leaked

Goodies

export TARGET=10.10.10.40

Enumeration

NMAP

sudo nmap -sC -sV -sS ${TARGET} -F -v

# Nmap 7.94SVN scan initiated Fri Jun  7 23:06:47 2024 as: nmap -sV -O -Pn -oA ./machines/htb/blue/blue --top-ports 1000 -v 10.10.10.40
Nmap scan report for 10.10.10.40
Host is up (0.023s latency).
Not shown: 991 closed tcp ports (reset)
PORT      STATE SERVICE      VERSION
135/tcp   open  msrpc        Microsoft Windows RPC
139/tcp   open  netbios-ssn  Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds Microsoft Windows 7 - 10 microsoft-ds (workgroup: WORKGROUP)
49152/tcp open  msrpc        Microsoft Windows RPC
49153/tcp open  msrpc        Microsoft Windows RPC
49154/tcp open  msrpc        Microsoft Windows RPC
49155/tcp open  msrpc        Microsoft Windows RPC
49156/tcp open  msrpc        Microsoft Windows RPC
49157/tcp open  msrpc        Microsoft Windows RPC
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.94SVN%E=4%D=6/7%OT=135%CT=1%CU=44254%PV=Y%DS=2%DC=I%G=Y%TM=6663
OS:062F%P=aarch64-unknown-linux-gnu)SEQ(SP=105%GCD=1%ISR=10A%TI=I%CI=I%II=I
OS:%SS=S%TS=7)SEQ(SP=105%GCD=1%ISR=10A%TI=I%CI=RD%II=I%SS=S%TS=7)OPS(O1=M53
OS:ANW8ST11%O2=M53ANW8ST11%O3=M53ANW8NNT11%O4=M53ANW8ST11%O5=M53ANW8ST11%O6
OS:=M53AST11)WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)ECN(R=Y%DF
OS:=Y%T=80%W=2000%O=M53ANW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%
OS:Q=)T2(R=Y%DF=Y%T=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3(R=Y%DF=Y%T=80%W=0%S=Z
OS:%A=O%F=AR%O=%RD=0%Q=)T4(R=Y%DF=Y%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T4(R=Y%
OS:DF=Y%T=80%W=0%S=O%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%
OS:O=%RD=0%Q=)T6(R=Y%DF=Y%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=80%
OS:W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)T7(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q
OS:=)U1(R=Y%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y
OS:%DFI=N%T=80%CD=Z)

Uptime guess: 0.032 days (since Fri Jun  7 22:21:12 2024)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: Host: HARIS-PC; OS: Windows; CPE: cpe:/o:microsoft:windows

Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Jun  7 23:07:59 2024 -- 1 IP address (1 host up) scanned in 71.84 seconds

The nmap scan results show that Blue is running SMB with ports 135, 139 and 445 open.

SMB Enumeration

smbclient -L ${TARGET}

PreviousBoardLight NextEditorial

Last updated 1 year ago