BLUE — OSCP LIKE HTB Machine

IP of the Machine: 10.10.10.40

Let’s do a Nmap scan to enumerate the ports open and services running:

Command: nmap -A 10.10.10.40

Let’s do a nmap script scan over port 139 and 445:

Command: nmap — script=smb-vuln* -p139,445 10.10.10.40

It seems that this box is running Windows 7, and it’s vulnerable to ms17–010 / CVE-2017–0143.

Let’s fire up our Metasploit and search for the vulnerability for any available modules for the exploit

Cool, let’s use the ms17–010 eternal blue exploit.

Set the RHOST(Victim’s IP) and Run.

Cool, We got an Administrative level Shell.

Let’s explore and capture the flags.

Root Flag:

User Flag: