[HackTheBox] Blue

This is one of the easiest boxes out there. Almost no enumeration is required and we get direct root.

Initial Scan:

EternalBlue
Direct root with metasploit.

But I am preparing for OSCP so I was looking for a manual method too. I came across this but it wasn't working at all somehow. Then I switched tools and went over to this.

This also did not work right out of the box so I was looking for people manually doing the exploit on YouTube.

After watching a few videos, I figured out that I needed a name pipe which had open permissions, in this box there were none for unauthenticated users, but “guest”:”” was technically authenticated so I tried the exploit with these credentials.

Okay so “guest”:”” will give us results.

Made a stage-less reverse tcp shell “root.exe” with msfvenom and used send_and_execute.py to get a reverse shell.

The reverse shell that spawned has system permissions so basically the box is Pwned!!!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store