Blue

use your htb IP

I took over Blue using Nessus and Armitage/Metasploit - GCIH newby here.
If I wanted to defend the box, how could I harden the system to prevent people like us from taking over?

Apply the patch for the appropriate CVE and/or disable SMBv1

ah, disable the service - or course. Thank you

@ghostheadx2 said:
Does anyone have any hints for Blue? I tried an intense nmap scan and a ping scan and found the name of the PC and that some ports were open but it’s not like its something simple like SSH. Could I have a hint as to what to do next? I don’t want the answer, I just want a hint because I’m a beginner and I don’t have a clue. Thanks.

Remember the exploit that wrecked havoc on major systems across the world. Trust me this is the easiest machine to exploit if you it It took me 5 minutes the moment i knew what OS it was running.

I believe I’ve found the right exploit, but when I attempt to run it from metasploit, I get an error mentioning “RubySMB::Error::UnexpectedStatusCode: STATUS_DUPLICATE_NAME”. Is this expected, or am I barking down the wrong path?

Can somebody help I’ve exploited the system (I have a shell) but I don’t know where to find the flag I’m stuck :frowning:

SAME> @damag3d said:

Can somebody help I’ve exploited the system (I have a shell) but I don’t know where to find the flag I’m stuck :frowning:

@damag3d said:
Can somebody help I’ve exploited the system (I have a shell) but I don’t know where to find the flag I’m stuck :frowning:

Just get the right files mentioned in OWN ROOT and OWN USER and go through them to get what is required.

@technocyber2 said:

@ghostheadx2 said:
Does anyone have any hints for Blue? I tried an intense nmap scan and a ping scan and found the name of the PC and that some ports were open but it’s not like its something simple like SSH. Could I have a hint as to what to do next? I don’t want the answer, I just want a hint because I’m a beginner and I don’t have a clue. Thanks.

Remember the exploit that wrecked havoc on major systems across the world. Trust me this is the easiest machine to exploit if you it It took me 5 minutes the moment i knew what OS it was running.

In addition to it. GOOGLE is your best friend :wink:

can some one help please , i am getting this error

Reading profile /etc/firejail/wine.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-programs.inc
[-] Error getting output back from Core; aborting…
[-] 10.10.10.40:445 - Are you sure it’s vulnerable?
Reading profile /etc/firejail/wine.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-programs.inc
[-] 10.10.10.40:445 - Oops, something was wrong!
[*] Exploit completed, but no session was created.

@redteampa1 I am also getting the same error.
Please if you find how to fix it tell me in the comments.

i m inside but i can not find flag.How can i find? Can u help me?

Hi guys, I’m a noob here and I am currently stuck on this too! I think i’ve found the right exploit but it doesnt seem to be working. Are we definitely talking SMB related? Tried running exploit directly with metasploit which seemed to struggle finding deps folder. Ran in armitage but I cant seem to get that working either. Now all of sudden I cannot scan any machines - despite still being connected correctly to vpn? Any ideas please, I’m about to pull the hair out of my bald head! Thank you

I am a new user here. I signed up few months back but haven’t had any chance to work on any of the machines. I finally took up a challenge today and after so much research with GOOGLE, I was able to get a meterpreter session on the machine Indeed Blue. After the meterpreter session, i must say i really don’t know what i need to find on the Machine since this was my first time of doing this, and having to be a collect student, I only took a screenshot of the machine and it came in directly to one of my folder. Can any body please point me in the direction of what is exactly needed to be done on the Machine? Do i need to find something? What is needed to be done to be sure i finally owned the machine?

@Arrexel said:
The name of the machine is a hint as to what exploit you will need to use. Think of something released fairly recently. Was all over the news when it was released

This was a killer

@hackmatterz said:

@Arrexel said:
The name of the machine is a hint as to what exploit you will need to use. Think of something released fairly recently. Was all over the news when it was released

This was a killer
Can you tell what i really need to do on the machine after the meterpreter session? DO i have to look for something to own it? It’s really not detailed on the machine on HTB

@hackmatterz said:

@Arrexel said:
The name of the machine is a hint as to what exploit you will need to use. Think of something released fairly recently. Was all over the news when it was released

This was a killer

I also would like to add that the exploit sometimes gives FAIL, sometimes WIN. That’s what it’s nature, so you gotta try the exploit a few times.

@erkana said:

@hackmatterz said:

@Arrexel said:
The name of the machine is a hint as to what exploit you will need to use. Think of something released fairly recently. Was all over the news when it was released

This was a killer

I also would like to add that the exploit sometimes gives FAIL, sometimes WIN. That’s what it’s nature, so you gotta try the exploit a few times.

Yes it shows FAILS and pick it self. Please what am i to look for once the meterpreter session open? That’s the problem am facing now and it disconnects if i leave it for a while without doing anything on it. i am still unsure of what to lookout for since it will not well detailed on the Machine Name in HTB Main Site. Can you please advise? Thanks

Own User
Type below the hash that is inside the user.txt file in the machine. The file can be found under /home/{username} on Linux machines and at the Desktop of the user on Windows.

Warning: Based on our rules and ToS, you are not allowed to post any writeups or solutions for this machine until it is retired.