TryHackme:Blue
I was searching for some basic and good windows based CTF challenges and I found this website https://tryhackme.com . This is a very good website to practice CTF challenges .
So in this article we are going to solve CTF challenge named Blue. This is a beginner level challenge .
walkthrough
IP of the target : 10.10.77.18First of all we start by finding open ports and services in the target system using the command
sudo nmap -sV -Pn -sS --script vuln 10.10.77.18 -o nmap.txt
we can see clearly here that this is vulnerable to smb-vuln-ms17-010 , So we open up msfconsole and search there for this exploit.
we are going to use this exploit to gain access to the target system.
This exploit only Requires to set RHOSTS and then just "run" to make the exploit work .
Boom! this was really very easy . We just gained the admin shell here without any extra work.
But challenge is not complete yet . We need to perform some more task to complete this challenge and have to answer the questions asked in the tryhackme website .
Now by pressing ctl+z we background our current session and searched on the internet about shell to meterpreter and we found that we can use
post/multi/manage/shell_to_meterpreter
Now lets run the exploit and if everything goes fine then we should get a meterpreter session 2 .
Alright ! Now by using sysinfo command we checked for the system architecture first.
Now we run the "ps" command to check for the process running in the system so that we can use one of them .
Now we use the command migrate -N lsass.exe to migrate to that process running by Authority\System .
Now our next task is to find the hash of all users and for that we used the command , hashdump.
with the help of hashcat or whatever tool you want to use we crack the password of user Jon and last task is to find all the 3 flags.
first flag :)
flag2.txt :)
And this completes our challenge :)
This machine is old but very interesting to get some basic idea about windows based CTF challenges