TryHackMe ROOM : https://tryhackme.com/room/blue
Aim : Deploy & hack into a Windows machine, leveraging common misconfigurations issues.
Difficulty Level : Easy
Connect to the TryHackMe network using openvpn.
sudo openvpn /path/to/username.ovpnI will use metasploit to do almost everything in this room . Run :
sudo msfconcoleScanning
we will use nmap(db_nmap) that comes with metasploit to do the initial scanning:
db_nmap -sV --script vuln -vv -p1-1000 target_ip
Gain Access
we will search for the vulnerability we have found during scanning
search ms17-010
we will list the options and will set appropriate values for RHOSTS, LHOST, LPORT:
after that we will go forward and exploit:
we have got the highest authoritah (read in cartman’s voice) here , now we can look for the hidden flags. But before that we have one task to find the password of non-default user. we will run the command hashdump , this will dump all the passwords of the machine if we have enough authoritah:
using hashcat, or some online tool as crackstation we would easily get the password for Jon. Let’s find flags now:
FLAG : 1
Hint: Can you C it ?
FLAG : 2
Hint : I wish I wrote down where I kept my password. Luckily it’s still stored here on Windows.
we have to know where passwords are stored in windows , upon doing some research I found from here that I may have to look in c:\Windows\System32\Config\ directory.
FLAG : 3
Hint : You’ll need to have elevated privileges to access this flag.
Upon seeing the hint I knew that I have to see something like user permissions .So I changed directory to C:\Users , and after looking for quite a time(like a lot, 1 hr), I was finally able to find the flag . Also the text written in flag could be a good advice for future ctf .
Black as My Coffee 