[HackTheBox] Blue

This is one of the easiest boxes out there. Almost no enumeration is required and we get direct root.

Initial Scan:

EternalBlue
Direct root with metasploit.

But I am preparing for OSCP so I was looking for a manual method too. I came across this but it wasn't working at all somehow. Then I switched tools and went over to this.

This also did not work right out of the box so I was looking for people manually doing the exploit on YouTube.

After watching a few videos, I figured out that I needed a name pipe which had open permissions, in this box there were none for unauthenticated users, but “guest”:”” was technically authenticated so I tried the exploit with these credentials.

Okay so “guest”:”” will give us results.

Made a stage-less reverse tcp shell “root.exe” with msfvenom and used send_and_execute.py to get a reverse shell.

The reverse shell that spawned has system permissions so basically the box is Pwned!!!

--

--

--

To hack the world, first you need to make coffee

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Ethical aspects relating to cyberspace: Self-regulation and codes of conduct

AVCMDS: Autonomous Vehicle Cybersecurity Manufacturer Disclosure Statement

Scams in cryptocurrency — Baited Scams

How to track a cell phone easily, quickly and safely

Establishing a Culture of Data Security at PoP

Ignite Token (IGN)

The Corix Partners Friday Reading List

Emergency Update 0.17.2

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Siddharth Johri

Siddharth Johri

To hack the world, first you need to make coffee

More from Medium

HackTheBox: Oopsie WalkThrough

Penetration Testing Interview Questions- Part 1

Project 5 Part 2 : ESP32 Output — PWM

Log4Shell