DEV Community

Cover image for Tryhackme Blue
S1a
S1a

Posted on • Updated on

Tryhackme Blue

Eternal-Blue

eternalBlue is an exploit thatallows cyber threat actors to remotely execute arbitrary code and gain access to a network by sending specially crafted packets. It exploits a software vulnerability in Microsoft’s Windows operating systems (OS) Server Message Block(SMB) version 1 (SMBv1) protocol, a network file sharing protocol that allows access to files on a remoteserver.
This exploit potentially allows cyber threat actors to compromise the entire network and all devices connected to it. Due to EternalBlue’s ability to compromise networks, if one device is infected by malware via EternalBlue, every device connectedto the network is at risk. This makes recovery difficult, asall devices on a network may have to be taken offline for remediation.This vulnerability was patched and is listed on Microsoft’s security bulletin as MS17-010

As always we start with nmap scanning,
sudo nmap -A 10.10.237.221
Inline-style:
alt text

Escalate

If you haven't already, background the previously gained shell (CTRL + Z). Research online how to convert a shell to meterpreter shell in metasploit. What is the name of the post module we will use? (Exact path, similar to the exploit we previously selected)

Top comments (0)