Hack The Box - Blue
Reconnaissance
To recon this box I started with nmap as usual.
After the initial search the most obvious place to look for a way in is the smb service. I did another nmap scan this time using — script vuln to check for vulnerabilities on port 445.
ms17–010 looks t be the way in so I used searchsploit to check for exploits.
Exploitation
For the exploitation step I can see there is probably a metasploit module due to the *.rb results in searchsploit. After opening metasploit a search for 17–010 gives a few results.
Since I know from the first nmap scan the host is running win 7 I use the #3 result. Once it’s loaded using use 3 all thats left is to check if any options need set and then running the exploit.
The only required option that doesn’t have a default value is RHOSTS. After setting the RHOSTS value to 10.10.10.40 it’s time to run the exploit using either the run or exploit commands.
The exploit ran successfully and whoami shows we have system authority so we can collect both flags.