Blue

edited October 2017 in Machines

Does anyone have any hints for Blue? I tried an intense nmap scan and a ping scan and found the name of the PC and that some ports were open but it's not like its something simple like SSH. Could I have a hint as to what to do next? I don't want the answer, I just want a hint because I'm a beginner and I don't have a clue. Thanks.

«1

Comments

  • The name of the machine is a hint as to what exploit you will need to use. Think of something released fairly recently. Was all over the news when it was released

    Arrexel

  • Check the services again, scan versions and their relative vulnerabilities (exploitdb). Name of box is a hint.

    Luna3nigma

  • Check the services running on the open ports and then check recent exploits for those services. Dont overthink it! The name of the machine gives a hint to what you are looking for.

  • use the nmap --scripts or -A it will tell you in your face what you need. happy hacking

    Hack The Box

  • edited November 2017

    I am getting an error with metasploit whenever I try to run the exploit. I am wondering if that's my problem or the machine's problem. I reset it a couple of times and wasn't able to do it. It says the connection timed out.

    If the session timed out, does that just mean that I need to reset it a few times for it to work? I keep getting the feeling that I did it right and the machine just isn't working but I want to make sure.

    I tried it with three different port numbers under RPORT.

  • edited November 2017

    @ghostheadx2 said:
    I tried it with three different port numbers under RPORT.

    Why?

    likwidsec

  • HI, have anyone tried to exploit this manually?

  • @looping said:
    HI, have anyone tried to exploit this manually?

    good question

    peek

  • when i run the exploit without setting my ip by it returns this error also when i set my ip as a local host it doesnt give me any sessions and gives some error lib error any suggestion

    Handler failed to bind to 10.10.10.12:4444:- -
    [-] Handler failed to bind to 0.0.0.0:4444:- -

  • Try setting LHOST as tun0

    "set LHOST tun0"

    likwidsec

  • what does it means tun0

  • @likwidsec said:
    Try setting LHOST as tun0

    "set LHOST tun0"

    after setting lhost tun0 same error

    [] Started reverse TCP handler on 10.10.15.12:4444
    [
    ] 10.10.10.40:445 - Connecting to target for exploitation.
    [-] 10.10.10.40:445 - NameError
    [-] 10.10.10.40:445 - uninitialized constant RubySMB::Error::CommunicationError
    /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in start' /usr/bin/msfconsole:48:in

    '
    [*] Exploit completed, but no session was created.

    any suggestions

  • use your htb IP

    peek

  • I took over Blue using Nessus and Armitage/Metasploit - GCIH newby here.
    If I wanted to defend the box, how could I harden the system to prevent people like us from taking over?

  • Apply the patch for the appropriate CVE and/or disable SMBv1

  • ah, disable the service - or course. Thank you

  • edited December 2017

    @ghostheadx2 said:
    Does anyone have any hints for Blue? I tried an intense nmap scan and a ping scan and found the name of the PC and that some ports were open but it's not like its something simple like SSH. Could I have a hint as to what to do next? I don't want the answer, I just want a hint because I'm a beginner and I don't have a clue. Thanks.

    Remember the exploit that wrecked havoc on major systems across the world. Trust me this is the easiest machine to exploit if you it It took me 5 minutes the moment i knew what OS it was running.

  • I believe I've found the right exploit, but when I attempt to run it from metasploit, I get an error mentioning "RubySMB::Error::UnexpectedStatusCode: STATUS_DUPLICATE_NAME". Is this expected, or am I barking down the wrong path?

  • Can somebody help I've exploited the system (I have a shell) but I don't know where to find the flag I'm stuck :(

  • SAME> @damag3d said:

    Can somebody help I've exploited the system (I have a shell) but I don't know where to find the flag I'm stuck :(

  • edited December 2017

    @damag3d said:
    Can somebody help I've exploited the system (I have a shell) but I don't know where to find the flag I'm stuck :(

    Just get the right files mentioned in OWN ROOT and OWN USER and go through them to get what is required.

  • @technocyber2 said:

    @ghostheadx2 said:
    Does anyone have any hints for Blue? I tried an intense nmap scan and a ping scan and found the name of the PC and that some ports were open but it's not like its something simple like SSH. Could I have a hint as to what to do next? I don't want the answer, I just want a hint because I'm a beginner and I don't have a clue. Thanks.

    Remember the exploit that wrecked havoc on major systems across the world. Trust me this is the easiest machine to exploit if you it It took me 5 minutes the moment i knew what OS it was running.

    In addition to it. GOOGLE is your best friend ;)

  • edited December 2017

    can some one help please , i am getting this error

    Reading profile /etc/firejail/wine.profile
    Reading profile /etc/firejail/disable-common.inc
    Reading profile /etc/firejail/disable-devel.inc
    Reading profile /etc/firejail/disable-programs.inc
    [-] Error getting output back from Core; aborting...
    [-] 10.10.10.40:445 - Are you sure it's vulnerable?
    Reading profile /etc/firejail/wine.profile
    Reading profile /etc/firejail/disable-common.inc
    Reading profile /etc/firejail/disable-devel.inc
    Reading profile /etc/firejail/disable-programs.inc
    [-] 10.10.10.40:445 - Oops, something was wrong!
    [*] Exploit completed, but no session was created.

  • edited December 2017

    @redteampa1 I am also getting the same error.
    Please if you find how to fix it tell me in the comments.

  • i m inside but i can not find flag.How can i find? Can u help me?

  • Hi guys, I'm a noob here and I am currently stuck on this too! I think i've found the right exploit but it doesnt seem to be working. Are we definitely talking SMB related? Tried running exploit directly with metasploit which seemed to struggle finding deps folder. Ran in armitage but I cant seem to get that working either. Now all of sudden I cannot scan any machines - despite still being connected correctly to vpn? Any ideas please, I'm about to pull the hair out of my bald head! Thank you

  • I am a new user here. I signed up few months back but haven't had any chance to work on any of the machines. I finally took up a challenge today and after so much research with GOOGLE, I was able to get a meterpreter session on the machine Indeed Blue. After the meterpreter session, i must say i really don't know what i need to find on the Machine since this was my first time of doing this, and having to be a collect student, I only took a screenshot of the machine and it came in directly to one of my folder. Can any body please point me in the direction of what is exactly needed to be done on the Machine? Do i need to find something? What is needed to be done to be sure i finally owned the machine?

  • @Arrexel said:
    The name of the machine is a hint as to what exploit you will need to use. Think of something released fairly recently. Was all over the news when it was released

    This was a killer

  • @hackmatterz said:

    @Arrexel said:
    The name of the machine is a hint as to what exploit you will need to use. Think of something released fairly recently. Was all over the news when it was released

    This was a killer

    Can you tell what i really need to do on the machine after the meterpreter session? DO i have to look for something to own it? It's really not detailed on the machine on HTB

  • @hackmatterz said:

    @Arrexel said:
    The name of the machine is a hint as to what exploit you will need to use. Think of something released fairly recently. Was all over the news when it was released

    This was a killer

    I also would like to add that the exploit sometimes gives FAIL, sometimes WIN. That's what it's nature, so you gotta try the exploit a few times.

Sign In to comment.