Skip to main content

[Hack The Box] Blue Write-up

Hi friends,

Yesterday, I hacked successfully the box Blue on Hack The Box site. This box is quite easy if you have the experience and feeling from the previous box: Legacy. We almost use the same technique from Legacy to compromise this Blue box. Let's get started:

First, we use nmap to scan for the open ports on that box: "nmap -T4 -p 1-65535 -A -sV 10.10.10.40". Do you see the port 445 is open? Then keep using nmap to check if there is any vulnerability on that port: "nmap --script vuln -p445 10.10.10.40"


And, we will find that the box is vulnerable with MS17-010 bug. Now, we can use Metasploit to compromise it.


After using Metasploit, we will have the shell and can find the flags on the Desktop folder of user Administrator and haris.

If you want to go beyond the duty, you can do some forensics on that remote PC:






Happy hacking, my friends!
Labels:

Comments

Post a Comment

Popular posts from this blog

[Metasploitable 2] Method #3: Bind Shell Backdoor

Hi friends, This post will be short because the vulnerability is very clear and straightforward. As you may know, on my 2nd post on Metasploitable 2 hacking , I used Nessus to confirm the vulnerability found by Nmap. The scan results from Nessus are very interesting! So let's just start by looking at the first one: Bind Shell Backdoor Detection. The detail of this vulnerability says very clear that the Metasploitable 2 machine's shell is listening on port 1524. So let's try to use netcat to connect to port 1524. That's easy, right? We also can see the connection from Kali to Metasploitable 2 on port 1524. Let's move to another way.
Post a Comment
Read more

[Metasploitable 2] Method #1: Meet My Old Friend distccd v1

Hi friends, I would like to share with you how I hack Metasploitable 2 by utilize the distccd v1 vulnerability. These are many bugs in Metasploitable 2 that can help you to hack it. Why I choose distccd? After using NMAP to scan for open ports on Metasploitable 2, I think I might meet an old friend again. I faced up to distccd when playing with Hack The Box's Lame (you can read my write-up on box Lame here ). So, I guess I could use the same technique to hack Metasploitable 2 for the first time. Let's start! Using NMAP to scan for vulnerability on port 3632 :  nmap --script vuln -p3632 192.168.32.129 We got  CVE-2004-2687 ! Fire up Metasploit to search for the appropriate module or you can just use Google:  msf > search type:exploit name:distcc We know what module we have to use and then we can get in the box with the daemon user. How to become root? We have to find a way to escalate our privilege. Let's take a look on this article to know how ...
Post a Comment
Read more

[Tutorial] Cracking Windows 7 Password with Physical Access

Hi friends, In some engagements, we can have a physical access to a Windows machine. So, today I'll try to simulate that situation on VMware virtual environment: cracking a Windows 7 password with Kali Linux live CD/DVD. I have to say clearly that I'll show how to crack the password, not change or reset or disable it. I'll use the Windows 7 VMware image from Microsoft website to show you the steps below. Please download the virtual machine if you want: link . Because the above Windows 7 is a 32 bit machine, we have to use the 32 bit Kali Linux. 1. Change the setting of the Windows 7 to use the Kali Linux 32 bit ISO file and choose "Connect at power on": 2. Power on the machine to firmware --> change the boot order --> Save change and reboot: 3. Now, we can boot the machine by Kali Linux, let's browse to the folder Windows\System32\config and open a terminal from that location: 4. From that terminal, fire up ophcrack --> ...
1 comment
Read more