TRYHackMe: Blue Machine Solution
TRYHackMe: Blue Machine Solution

TRYHackMe: Blue Machine Solution

In this article, we will share the solution of the Blue machine?available on Tryhackme?.?After Deploying Room, we get the IP address it gets.

Bu resim i?in metin sa?lanmad?

First, we do an nmap scan.

Bu resim i?in metin sa?lanmad?

Here I also added the –script vuln parameter.?Thus, we have also had Nmap scan for vulnerabilities using the Nmap Script Engine.?You can use Nessus?or?Openvas?for broader vulnerability scans in real-world applications?.

As a result of the Nmap scan, you can see the vulnerabilities in the VULNERABLE section.

Bu resim i?in metin sa?lanmad?

Here is one of the most famous Windows vulnerabilities?ms17-010

Bu resim i?in metin sa?lanmad?

We know that there is a metasploit exploit for this vulnerability.?We're running the Metasploit Framework right now.

Bu resim i?in metin sa?lanmad?

To use the exploit listed in the 3rd row, it is enough to type?use 3?.

With the show options command, you can see the options that need to be set to exploit.?It is enough to set the target machine IP address with the RHOSTS parameter.

Bu resim i?in metin sa?lanmad?

We fire it with the exploit?command.?If the exploit is successful, you've won.

Bu resim i?in metin sa?lanmad?

As you can see above, we have gained access to the target system.?Let's put this session in the background by pressing Ctrl+Z.

Bu resim i?in metin sa?lanmad?

Thanks to the exploit, we will use the famous Meterpreter payload in order to do what we want in the target we reach and to be a more privileged user (root for Linux, Administrator for Windows).?We use the?use/post/multi/manage/shell_to_meterpreter?command for this.

Bu resim i?in metin sa?lanmad?

The option we need to set is?session .?When we use this command, the sessions we previously obtained thanks to the exploit appear.?We wrote?set session 1 and then sent the payload with the?run??command.

Bu resim i?in metin sa?lanmad?

When we looked at sessions again, we saw that we were logged in with an authorized user.?Now we write the session id of the -i parameter to open a meterpreter session with this authority.?The command we need to use is?sessions -i 2

Bu resim i?in metin sa?lanmad?

We got a meterpreter session.?Let's see if we get privilege in the system.?We saw that we were admin when?whoami pulled.

Bu resim i?in metin sa?lanmad?

Now let's try to obtain the user name and password information of the users in the system.?If you pay attention, they are asked in the questions that we need to answer.

We return to the meterpreter with Ctrl+Z and list the running processes with the ps command.

Bu resim i?in metin sa?lanmad?

Being privileged at the system level may not be enough.?So we need to migrate a process with privileged permissions (here SYSTEM).

Bu resim i?in metin sa?lanmad?

Now we can get hashes of user information with hashdump.

Bu resim i?in metin sa?lanmad?

I saved the hash values of the Jon user to a file named win7.txt with the nano editor.

Bu resim i?in metin sa?lanmad?
Bu resim i?in metin sa?lanmad?

Now let's try to crack this hash value with the john the ripper tool.

Bu resim i?in metin sa?lanmad?

As you can see above, Jon's password is alqfna22.

Now let's go to the C: directory and start looking for flags.

Bu resim i?in metin sa?lanmad?

We found the first flag in the C: directory, and we can look at its contents with the?cat?command.?We found the first flag as access_the_machine.

Bu resim i?in metin sa?lanmad?

We start to search for the 2nd and 3rd flags in other directories.?Let's take a look at the Windows/System32/config directory

Bu resim i?in metin sa?lanmad?

We also caught the 2nd flag (flag2.txt) here.?Again, you can look at the content with cat.

Bu resim i?in metin sa?lanmad?

Next is the last flag.?We also find this in Jon's Documents directory.

Bu resim i?in metin sa?lanmad?
Bu resim i?in metin sa?lanmad?
Bu resim i?in metin sa?lanmad?












要查看或添加评论,请登录

社区洞察

其他会员也浏览了