Blue
Last updated
Last updated
Looks like we have SMB open and some RPC open on other ports as well.
Based on the name alone, I'm highly suspicious that this thing is susceptible to eternal blue. I'm going to use an Nmap scan I found in a previous lab to check.
Based on the fact that it allows for SMBv1 and it is running Windows 7, I'm fairly confident that we could probably get Eternal Blue to run.
Use the set command to set the different options.
Now let's check to see if the host is vulnerable before moving forward.
Looks favorable. Let's exploit.
Let's start a command prompt shell and verify who we are.
And now I have administrator privileges on the machine. Wow that was easy. Let's go grab the flags.
This was really easy and I had a feeling it was going to be really easy. Since I first saw the name of this machine and that it was a Windows machine, I already guessed it was going to be an eternal blue exploit.
I skipped a LOT of steps in the process that I normally would not have but since I already had a pretty good idea of where to go, I figured I would give that a try. Worst case scenario it doesn't work and I go back to my usual process of Recon and Enumeration to discover other methods.
Having done a coupe of other labs with Eternal Blue, I already knew how to exploit this machine so it was pretty quick. It's also scary to think how easy this tool is to use to immediately gain admin power in a system. Good job on creating an awesome tool NSA agents.
