Blue(10.10.10.40)Hackthebox

1. Reconnaissance

Let’s start with a quick nmap and look for interesting services, with help of following commands:

nmap -sV -sC -oN 10.10.10.40.txt 10.10.10.40

NMAP scan results, we can see running port 445 and Operating System machine running: Windows 7 Professional 7601 Service Pack 1.

We can use Nmap for SMB to identify its vulnerable state for given target machine.

As result, it has shown the target machine is highly vulnerable to Ms17–010 (eternal blue) due to SMBv1.

As we know it is vulnerable to MS17–010 and we can use Metasploit to exploit this machine. Therefore we run the following module which will directly exploit the target machine.

we can read both User.txt and Root.txt.