Hack the Box Challenge: Blue Walkthrough

Hello friends!! Today we are going to solve another CTF challenge “Blue” which is lab presented by Hack the Box for making online penetration practices according to your experience level. They have collection of vulnerable labs as challenges from beginners to Expert level. HTB have two partitions of lab i.e. Active and retired since we can’t submit write up of any Active lab therefore we have chosen retried Blue lab.

Level: Beginners

Task: find user.txt and root.txt file in victim’s machine.

Let’s begin the Game!!

Since these labs are online available therefore they have static IP and IP of blue is so let’s begin with nmap port enumeration.

From given below image, you can observe that we found so many open ports and port 137, 139 and 445 denotes that it is windows machine.

When I extract complete result of nmap I found following details

  • OS: windows 7 professional
  • Computer name: haris-pc
  • NetBIOS computer name haric-pc
  • Smb version: 02

Great!! Form this result I can conclude username can be “haris” moreover smb 2.02 can be exploit by eternal blue vulnerability.

Let confirm eternal blue vulnerability in victims system using namp script.

Awesome!! Victim’s machine is vulnerable to eternal blue exploit. 

Then I run msfconsole command in terminal and load metasploit framework for using eternal blue module for exploiting target machine.

Terrific!! I have got unauthorized access of victims command shell through session 1 as shown in below image.

Inside c:\Users\haris \Desktop I found user.txt file and used type “file name” command for reading this file.

Great!! We got our 1st flag successfully

Inside c:\Users\Administrator \Desktop I found root.txt file and used type “file name” command for reading this file.

Great!! We got our 2st flag successfully.

It was very easy challenge for those candidate who have knowledge little know vulnerability analysis.

Happy Hacking!!

Author: Pavandeep Singh is a Technical Writer, Researcher and Penetration Tester Contact here

Leave a Reply

Your email address will not be published. Required fields are marked *