tsustyle

Red Team Aspirant

Blue

less than 1 minute read

img

Port Scanning and General Enumeration (Nmap)

Initial nmap scan shows 135,139,445,49152-3-4-5-6-7 open. So I targeted those ports in my targets scan.

img

Also ran a --script=vuln scan

img

Access (metasploit, EternalBlue (ms17-010))

Knowing that the SMB version is vulnerable to EternalBlue and that the OS hasn’t been patched (Windows 7 Professional SP1) we can use a metasploit module for access

msfconsole search ms17-010

img

img

That was easy! Capture the flags.

img

img

You may also enjoy

Tenet

‘Tenet’ is a medium rated box on Hack the Box. We’ll be using PHP Object Injection to get RCE and identify a race condition in a custom script for privesc.

Skynet

‘Skynet’ is a box on TryHackMe. We’ll be enumerating SMB shares, brute forcing a login and exploiting a Remote File Inclusion vulnerability in Cuppa CMS for a foothold. For our root shell we’ll take a look at exploiting some wildcard injection using a script that’s being run as a cronjob.

FFuF Cheatsheet

This is a Cheatsheet I created for reference when using FFuF

Ready

‘Ready’ is a medium rated box on Hack the Box. We’ll be using a public exploit for a vulnerable Gitlab version for a shell, enumeration and password reuse for privesc and escape a docker container for root