Another room & another room, feeling like an ELEVATOR OPERATOR..
This room focuses on Blue a Windows machine that we exploit via leveraging common misconfigurations issues.
The room starts by asking you to use a port scanner to check for open ports and also check what type of CVE this room is vulnerable to and as you may have guessed it’s Eternal Blue aka MS17-010.
We check the information relating to this exploit via the ‘info’ option in Metasploit.
We set the options for the exploit and let it run.
The dreaded “Meterpreter session 1 closed. Reason: Died” after I backgrounded the task…
Were back!
We use the whoami command to verify we are NT_AUTHORITY\SYSTEM the highest privilege we can gain on a Windows machine.
We then dump the hashes using hashdump and find the user ‘jon’.
We capture jon’s hash and then use crackstation to crack jon’s hash.
We then use the search function in meterpreter to find the three flags which are present on the box!
Until next time & don’t sleepwalk through life!
Näkemiin