TryHackMe:Blue

Task 1: Recon

Question 1

How many ports are open with a port number under 1000?

Solve:

Command: nmap <target ip>

Question 2

What is this machine vulnerable to? (Answer in the form of: ms??-???, ex: ms08–067)

Solve:

Command: nmap — script vuln -p445 <target ip>

Task 2: Gain Access

Question 1

Find the exploitation code we will run against the machine. What is the full path of the code? (Ex: exploit/……..)

Solve:

Let’s examine the weakness in front of us and find the appropriate exploit

We found a suitable exploit

Answer to the first question

Question 2

Show options and set the one required value. What is the name of this value? (All caps for submission)

Solve:

Answer to the second question

Task 3: Escalate

Question 1

If you haven’t already, background the previously gained shell (CTRL + Z). Research online how to convert a shell to meterpreter shell in metasploit. What is the name of the post module we will use? (Exact path, similar to the exploit we previously selected)

Question 2

Select this (use MODULE_PATH). Show options, what option are we required to change?

Solve:

Stop the process (ctrl+z) after exploiting. Find the answers to the questions with the necessary command.

Command for the first question: search shell_to

Command for the second question: show options

Answers to questions

Task 4: Cracking

Question 1

Within our elevated meterpreter shell, run the command ‘hashdump’. This will dump all of the passwords on the machine as long as we have the correct privileges to do so. What is the name of the non-default user?

Solve:

Command: hashdump

Answer to question “Jon”

Question 2

Copy this password hash to a file and research how to crack it. What is the cracked password?

Solve:

First, let’s mark the hash of the password.

Then break the password with the John tool.

Command: john — format=NT — wordlist=/usr/share/wordlists/rockyou.txt <file.txt>

Answer to question

Task 5: Find flags!

Flag1? This flag can be found at the system root.

Solve:

To locate a file.

Command: search -f <filename>

Flag2? This flag can be found at the location where passwords are stored within Windows.

  • Errata: Windows really doesn’t like the location of this flag and can occasionally delete it. It may be necessary in some cases to terminate/restart the machine and rerun the exploit to find this flag. This relatively rare, however, it can happen.

Solve:

flag3? This flag can be found in an excellent location to loot. After all, Administrators usually have pretty interesting things saved.

Solve:

Find and send the flags and complete the lab.

Good h4cks)

--

--

--

Hello, my name is Elman. I am from Azerbaijan. I wish you a good days

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Top Cybersecurity Threats to Watch Out for in 2020

Cyber security Threats

{UPDATE} Star Crush Hack Free Resources Generator

Will Article 13 kill all the independent content creators?

{UPDATE} Solitarios: la colección Hack Free Resources Generator

7 Ways to Prevent Phishing Attacks in 2021

{UPDATE} La Manille Hack Free Resources Generator

EU Privacy Complaints Target Apple

Bugédex: My first step into cybersecurity!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Al1z4deh:~# echo "Welcome"

Al1z4deh:~# echo "Welcome"

Hello, my name is Elman. I am from Azerbaijan. I wish you a good days

More from Medium

VU Cyberthon 2022 — What is my name? & handshaking challenge writeups.

Devzat — Hackthebox walkthrough

HackTheBox: Previse

HackTheBox — Previse Writeup