Blue is probably the easiest box on Hack The Box and where I will begin my pentesting write ups. This machine is extremely easy using msfconsole so it should not take us too long. We are going to start with an nmap scan with the command ‘ nmap -sCV <ip> ‘. There are not many interesting ports that are open, but port 445 peaks my interest.

I run a vuln scan with nmap on the port and see if it is vulnerable with the command ‘ nmap -p 445 –script vuln <ip> ‘. As it turns out it seems to be vulnerable to ms17-010, which is one of my favorite exploits due to its history.

We will now open up msfconsole and use the smb_ms17_010 scanner to check again if it is vulnerable. Once again it is confirmed to be exploitable so now it is time to go to work.

First we search for EternalBlue exploits. The one that ends up working is not EternalBlue, but instead EternalRomance, so we select to use the second option. Now it is time to set the options. I set the RHOST to the IP of the target machine, and the LHOST to my tun0 which is my VPN. Now all the setup is done and it is time to exploit it.

The exploit is successful! We are dropped into the system32 folder, so the first thing we gotta do is change directories to the admin’s desktop to get the root flag. After a few cd commands onto the admin’s desktop we get the first flag.

Now we do the same thing, but for the user which happens to be haris on this machine.

We now have both flags and the machine is complete. Thanks for reading and happy reversing hacking!