Blue machine is a vulnerable machine with windows operating system among retired machines. It is expected to obtain user and root flags using these vulnerabilities.
We perform a network scan with nmap to recognize the target machine.
Full port scan
As a result of the port scan, we encountered a lot of ports. Let’s scan the first three ports for vulnerabilities.
nmap -T5 10.10.10.10.40 -Pn -p 135,139,445 –script vuln -vvv -oN vulnscan.txt
We have detected ms17-010 vulnerability in the smb service.
Let’s search for this vulnerability on Google, let’s look at the github codes to see if there is an exploit we can use?
Here we tried the codes that provide the least error-prone and easy Shell
We detected the address, downloaded and ran the code here
git clone https://github.com/d4t4s3c/Win7Blue.git
chmod +x Win7Blue.sh
We ran the commands respectively
We entered the desired input values
And we’ve made a connection with the one we opened in the back.
This way we got user and root flags.