Sws101_blue

Topic : Blue - TryHackMe Walkthrough

Introduction:

This journal will be about Blue Room CTF on TryHackMe where I will be sharing what I did to solve it out. This room is dedicated to the process of hacking a windows machine and is presented in a structured manner. For the lab, I had to discover that I only required two tools which are NMap and Metasploit Framework Console to be able to get the admin and the flags on the machine.

Walkthrough:

I began the process by conducting reconnaissance using NMap. I scanned the target machine using the -sV option to identify the services running on it. The scan revealed that the machine was running Windows and had several services exposed.

Next, I performed a vulnerability scan using the NMap ‘vuln’ script. This scan identified a remote code execution vulnerability, specifically MS17-010, on the target machine.

To exploit this vulnerability, I launched the Metasploit Framework Console in Kali Linux. I searched for the identified vulnerability within Metasploit and found a corresponding exploit. I loaded the exploit and configured the target’s IP address.

With the exploit set up, I initiated the attack. Shortly after, I successfully obtained a shell on the target machine. Upon checking the user account, I discovered that I had gained access as the system account, granting me full control over the machine.

With administrative access secured, I proceeded to search for the flags hidden within the system. I found one flag easily located in the root C:\ directory. To locate the remaining flags, I used the command ‘dir flag*.txt /s’ from the root of the C: drive. This command quickly revealed the locations of all the flags on the machine.

Conclusion:

The Blue Room CTF would be categorized under the Windows exercising room where I was able to sharpen my reconnaissance, vulnerability scanning, and exploitation on a given machine. The tools used included NMap and Metasploit which provided the means of scanning the target network for a known vulnerability and then subsequently exploiting it to achieve a level of root access on the target machine.

Regarding the experience, Dave stated that it was crucial to conduct extensive reconnaissance and that it is effective to act according to known weaknesses. It also showed how the correct tools such as the Metasploit were available in order to make this process much easier hence efficient.

All in all, Blue Room CTF not only enhanced my knowledge of how hacking works but also allowed to practice on gettting into a Windows machine. Nevertheless, it can be concluded that studying it can be effective in terms of pointing out specifics of maintaining updated with the known risks and the importance of the proper security approach for preventing such attacks.