Blue

The name of the machine is a hint as to what exploit you will need to use. Think of something released fairly recently. Was all over the news when it was released

Check the services again, scan versions and their relative vulnerabilities (exploitdb). Name of box is a hint.

Check the services running on the open ports and then check recent exploits for those services. Dont overthink it! The name of the machine gives a hint to what you are looking for.

use the nmap --scripts or -A it will tell you in your face what you need. happy hacking

I am getting an error with metasploit whenever I try to run the exploit. I am wondering if that’s my problem or the machine’s problem. I reset it a couple of times and wasn’t able to do it. It says the connection timed out.

If the session timed out, does that just mean that I need to reset it a few times for it to work? I keep getting the feeling that I did it right and the machine just isn’t working but I want to make sure.

I tried it with three different port numbers under RPORT.

@ghostheadx2 said:
I tried it with three different port numbers under RPORT.

Why?

HI, have anyone tried to exploit this manually?

@looping said:
HI, have anyone tried to exploit this manually?

good question

when i run the exploit without setting my ip by it returns this error also when i set my ip as a local host it doesnt give me any sessions and gives some error lib error any suggestion

Handler failed to bind to 10.10.10.12:4444:- -
[-] Handler failed to bind to 0.0.0.0:4444:- -

Try setting LHOST as tun0

“set LHOST tun0”

what does it means tun0

@likwidsec said:
Try setting LHOST as tun0

“set LHOST tun0”

after setting lhost tun0 same error

[] Started reverse TCP handler on 10.10.15.12:4444
[
] 10.10.10.40:445 - Connecting to target for exploitation.
[-] 10.10.10.40:445 - NameError
[-] 10.10.10.40:445 - uninitialized constant RubySMB::Error::CommunicationError
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in start' /usr/bin/msfconsole:48:in
[*] Exploit completed, but no session was created.

any suggestions

use your htb IP

I took over Blue using Nessus and Armitage/Metasploit - GCIH newby here.
If I wanted to defend the box, how could I harden the system to prevent people like us from taking over?

Apply the patch for the appropriate CVE and/or disable SMBv1

ah, disable the service - or course. Thank you

@ghostheadx2 said:
Does anyone have any hints for Blue? I tried an intense nmap scan and a ping scan and found the name of the PC and that some ports were open but it’s not like its something simple like SSH. Could I have a hint as to what to do next? I don’t want the answer, I just want a hint because I’m a beginner and I don’t have a clue. Thanks.

Remember the exploit that wrecked havoc on major systems across the world. Trust me this is the easiest machine to exploit if you it It took me 5 minutes the moment i knew what OS it was running.

I believe I’ve found the right exploit, but when I attempt to run it from metasploit, I get an error mentioning “RubySMB::Error::UnexpectedStatusCode: STATUS_DUPLICATE_NAME”. Is this expected, or am I barking down the wrong path?

Can somebody help I’ve exploited the system (I have a shell) but I don’t know where to find the flag I’m stuck :frowning:

SAME> @damag3d said:

Can somebody help I’ve exploited the system (I have a shell) but I don’t know where to find the flag I’m stuck :frowning: