3 minutes
Hack the Box - Blue- Write Up
Enumeration
Initial scan:
Second nmap scan with --script vuln
only on the open ports:
The host is vulnerable to ms17-10:

Exploit
Let’s double-check this vuln with msfconsole
.
Search for “ms17-010” and use the module: scanner/smb/smb_ms17_010:

We have the confirmation:

We need to set the exploit windows/smb/ms17_010_eternal
and configure the options: RPORT, RHOSTS, LPORT and LHOST. Also, check the payload.

After that we could run the exploit and get access to the host:

Flag
Search for the flag in the commons users folders.