Hacking
GithubTwitter
Search…
Hacking
Hacking, Bug Bounties & Penetration Testing
The Hacker Lab
Methodologies
Basic Buffer Overflow
Basic Internal Network test
Basic Mobile Testing guide
Basic Subdomain Enumeration guide
Guides
Build A Raspberry Pi Dropbox
Golang
Powershell / PowerView
PurpleSharp
Hack The Box last updated - 2019
Legacy
Devel
Optimum
Popcorn
Beep
Tenten
Arctic
Cronos
Grandpa
Granny
October
Lazy
Sneaky
Holiday
Blocky
Shrek
Blue
Joker
Europa
Haircut
Bank
SolidState
Mantis
Shocker
Tally
Sense
Jeeves
Stratosphere
Inception
Bashed
Fluxcapacitor
Canape
Rabbit
Chatterbox
Nibbles
Sunday
Aragog
Valentine
Silo
Olympus
Poison
Celestial
Waldo
Jerry
Access
Active
Netmon
Powered By GitBook
Blue

Blue - 10.10.10.40

Target Enumeration:

OS: Windows
IP: 10.10.10.40
User: 4c546aea7dbee75cbd71de245c8deea9
Root: ff548eb71e920ff6c08843ce9df4e717

Ports / Services / Software Versions Running

135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows 7 - 10 microsoft-ds (workgroup: WORKGROUP)
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49156/tcp open msrpc Microsoft Windows RPC
49157/tcp open msrpc Microsoft Windows RPC

Vulnerability Exploited:

EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. This vulnerability is denoted by entry CVE-2017-0144 in the Common Vulnerabilities and Exposures (CVE) catalog. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows mishandles specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer. In February 2018, EternalBlue was ported to all Windows operating systems since Windows 2000 by RiskSense security researcher Sean Dillon. EternalChampion and EternalRomance, two other exploits originally developed by the NSA and leaked by The Shadow Brokers, were also ported at the same event. They were made available as open sourced Metasploit modules.[18]

Exploiting the host:

Nmap SMB script scan:
Set metasploit options as follows:
Execute the exploit:
Evidence
Grabbing hashes:
Add a user called vdk with the password Pentest12345! To the administrators group.
Background your session and use windows/smb/ms17_010_psexec module to get a meterpreter shell (or do it via powershell)
Run the exploit
Background session and retrieve password hashes with smart_hashdump and attempt to crack them offline.
Hack The Box last updated - 2019 - Previous
Shrek
Next - Hack The Box last updated - 2019
Joker
Last modified 3yr ago
Copy link
Outline
Blue - 10.10.10.40
Target Enumeration:
Ports / Services / Software Versions Running
Vulnerability Exploited:
Exploiting the host: