3 minutes
TryHackme - Blue - Write Up
Blue

Enumeration
Initiated the first scan using nmap: The scan results:
Next, I performed an aggressive scan on the open ports:
Vuln Scan
Executed nmap once more with the –script vuln option targeting open port

The machine is confirmed to be vulnerable to ms17-010.
Exploitation
Search Exploit
I launched msfconsole
and searched for the ms17-010 exploit:

After configuring RHOSTS
, LHOSTS
, and setting the payload to windows/x64/shell/reverse_tcp
, I initiated the exploit:

With access to the shell, I then proceeded to upgrade this shell to a meterpreter shell. After backgrounding the session using CTRL + Z
, I looked up the shell_to_meterpreter
module and set it up:

Upon successful migration, I obtained a meterpreter session:

Hash Extration
Since I already had a session with NT AUTHORITY\SYSTEM privileges, I proceeded to use hasdump
:

I then used john
to crack the extracted password hashes:
Flag Recovery

- Located in
C:\
- Located in
C:\Windows\System32\config
- Located in
C:\Users\Jon\Documents