HackTheBox.eu - Retired -Blue Recon I again started with a little up/down scan on TCP ports using nmap Namp -T4 -p- 10.10.10.40 -oX /root/Desktop/HTB/Blue/nmapb.xml Then I converted that to HTML # xsltproc /root/Desktop/HTB/Blue/nmapb.xml -o /root/Desktop/HTB/Blue/nmapb.html A goodly amount of open ports to feed into our next scan, which will utlizse the -A switch in nmap to finger the OS and services. # nmap -T4 -A -p135,139,445,49152,49153,49154,49155,49156,49157 10.10.10.40 -oX /root/Desktop/HTB/Blue/nmapf.xml The results show lots of ports for RPC, one net bios and SMB on port 445 No FTP, Web, SSH to try and exploit. But we do have SMB open which has a bunch of vulns… so lets get to googling Exploit The first result for Win7 smb Exploit is probably one you've heard of before.. Eternal Blue https://www.exploit-db.com/exploits/42315 If not you might want to read up on it here. https://en.wikipedia.org/wiki/EternalBlue Basically this an
@circusmonkey404 on the twitters; DM for contact