Blue machine is a vulnerable machine with windows operating system among retired machines. It is expected to obtain user and root flags using these vulnerabilities.
We perform a network scan with nmap to recognize the target machine.
Classic scan

Full port scan

As a result of the port scan, we encountered a lot of ports. Let’s scan the first three ports for vulnerabilities.
nmap -T5 -Pn -p 135,139,445 –script vuln -vvv -oN vulnscan.txt

We have detected ms17-010 vulnerability in the smb service.
Let’s search for this vulnerability on Google, let’s look at the github codes to see if there is an exploit we can use?

Here we tried the codes that provide the least error-prone and easy Shell
We detected the address, downloaded and ran the code here
git clone https://github.com/d4t4s3c/Win7Blue.git
cd Win7Blue
chmod +x Win7Blue.sh
We ran the commands respectively

We entered the desired input values
And we’ve made a connection with the one we opened in the back.

This way we got user and root flags.

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir