search
HomeWriteups
Page cover

🪟Blue Room TryHackMe

Deploy & hack into a Windows machine, leveraging common misconfigurations issues.

hashtag
Introduction

In this room we are going to learn about eternal blue exploit.

EternalBlue is a computer exploit developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on April 14, 2017, one month after Microsoft released patches for the vulnerability.

On May 12, 2017, the worldwide WannaCry ransomware used this exploit to attack unpatched computers. On June 27, 2017, the exploit was again used to help carry out the 2017 NotPetya cyberattack on more unpatched computers.

EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. This vulnerability is denoted by entry CVE-2017-0144 in the Common Vulnerabilities and Exposures (CVE) catalog. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows mishandles specially crafted packets from remote attackers, allowing them to remotely execute code on the target computer. Source: Wikipedia

hashtag
Blue Room TryHackMe

hashtag
Room Initial View

Initial room view

Room Tasks

The questions given in the room to be solved

The Room has 5 tasks to be solved. Task 1: Recon Task 2: Gain Access Task 3: Escalate Task 4: Cracking Task 5: Find Flags!

Lets start the machine and complete the tasks.

hashtag
Task 1: Recon

lets take a look at the questions from task 1

These are the questions given in Task 1

now to get the answers for this questions we need to scan the target machine ip with Nmap.

hashtag
Scanning the target

I opened the attack box and started the Nmap scan.

Scan result from Nmap

now with this scan we found the how many ports are open and also the vulnerability's in the machine given.

Now with the information gathered we can answer all the questions in Task 1

hashtag
Task 2: Gain Access

Question's in Task 2

In Task 2 to get the answers we need to use Metasploitarrow-up-right.

Lets start metasploits

after the Metasploit has open'd search for 'ms17-010' since we found that the vulnerability from Nmap scan.

Lets check the options and use the exploit

Set RHOST to the target machine ip

Now we exploit and wait for the exploit to finish.

Exploit completed and succesful.

Some times the exploit might fail but just run it again or restart the machine.

my exploit was success and even the meterpreter session was created.

now type shell to open cmd of the victim.

shell successful

if you are running from kali VM make sure to set LHOST as tun0.

now with the information gathered we can answer all the questions present in task 2

hashtag
Task 3: Escalate

Let's take a look at the questions from task 3

hashtag
Task 4: Cracking

lets taka look at the questions from task 4

to crack the hashes we use john with rockyou.txt as the wordlist

if this is your first time using the rockyou.txt wordlist you need to first unzip it and then use it

unziping rockyou.txt.gz

make sure that only the username and the hash are present in the hash file

now run john against the hash's we get the password in plain text.

cracking hash with john
LogoHow to Crack NTHASH (commonly referred to as NTLM) password hashes?PwnDefendchevron-right
you can also check this page to crack the NTLM passwords.

now with the information gathered we can answer all the questions present in task 4.

hashtag
Task 5: Find Flags!

now to find the flags we go to the starting of the directory and search for the file name with flag

now we found the locations of the flags.

submit the flags and enjoy your new blue batch when completed.

Until next time...

Last updated