The blue box from hack the box!!!! Yes it is blue and it has a well known The Eternal blue vulnerability. Let’s crack it like NSA style. JOKE.
Started with nmap
so we found out that its windows 7 SP1 great. Let’s start enumerating port 139,445
Ladies and gentlemen we have touched down to ms17-010. Now we need to exploit this manually. This is the first time I’m actually gonna do it manually. With Metasploit it’s like drinking water so anyway found a good working exploit on github. https://github.com/3ndG4me/AutoBlue-MS17-010
we have the exploit. let’s start exploiting. after reading the github page. And I have to say this guy has humor. You will see it later. Wait for the big surprise.
Target is not patched. That’s good news. Now we need to generate shell code.
This is what I’m talking about wooooo!!!!!. Guess that part is done. Moving on …
with the with shell code and listener, have to specify everything. It will automatically start metasploit mutihandler which is allowerd in the OSCP exam. You can use it. There is no limitation to it.
After executing the exploit on the right side. We get a session as on the left side.
As you can see I make noob mistakes. But I’m happy about it. And finally the Adminitrator we have been waiting for
It’s all good folks.