BLUE — OSCP LIKE HTB Machine

Image for post
Image for post

IP of the Machine: 10.10.10.40

Let’s do a Nmap scan to enumerate the ports open and services running:

Command: nmap -A 10.10.10.40

Image for post
Image for post

Let’s do a nmap script scan over port 139 and 445:

Command: nmap — script=smb-vuln* -p139,445 10.10.10.40

Image for post
Image for post

It seems that this box is running Windows 7, and it’s vulnerable to ms17–010 / CVE-2017–0143.

Let’s fire up our Metasploit and search for the vulnerability for any available modules for the exploit

Image for post
Image for post

Cool, let’s use the ms17–010 eternal blue exploit.

Set the RHOST(Victim’s IP) and Run.

Image for post
Image for post

Cool, We got an Administrative level Shell.

Image for post
Image for post

Let’s explore and capture the flags.

Root Flag:

Image for post
Image for post

User Flag:

Image for post
Image for post

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store