Tryhackme|Blue:Windows Machine Learning.

This is my first windows machine to work on, Before this I never Tried windows machine But now I decided to work mostly on windows machine. So I also started it for first time from tryhackme. So now Lets Start Machine after 60 seconds we could see our target IP of machine Blue. Whose IP is 10.10.241.36

First step is to scan the machine and also we should remember that there machine does not respond to ping (ICMP). So lets scan it

We got these ports open on which we are going to work on. Next question was What is this machine vulnerable to? (Answer in the form of: ms??-???, ex: ms08–067). Here is was unable to find exact exploit from it so I trued according to machine name Blue which was exploit/windows/smb/ms17_010_eternalblue and that was right. So the answer is ms17_010 Here. Now lets move on to Task 2 (Gain Access). Here first we have to start msfconsole and second question was to Find the exploitation code and its path which is shown below.

Here exploit/windows/smb/ms17_010_eternalblue is exploit path.

Second amswer was RHOSTS which have to change and I think You shoul have known. So lets move forward. Now We have to run this payload given by Task 2 is payload windows/x64/shell/reverse_tcp.

Now configure all options well and exploit it. By tasks 2 we have to put a shell in background if we get a shell. So, lets try and remember that you have to your tun0’s ip in LHOST.

As you can see above we have got windows shell, But now we need to put this shell in background and convert it into meterpreter shell. And also question is What is the name of the post module we will use. So, first we will put this shell in background with Command (Control+Z). Show Below.

Here it.

Now the modulw we are going to use to put shell into meterpreter is post/multi/manage/shell_to_meterpreter which is also a answer, Now lets configure all options and run it. And in next question is what to change in options and it is SESSION.

Here it, Now lets exploit it.

Now we have got another meterpreter shell shown below.

Here it.

Now according to instructions we have to use meterpreter shell and take windows shell from it with the help of shell command and run whoami command which is shown Below.

Here it.

Now according to next instructions we have to put this shell in background and work again from meterpreter shell. Now see all process running on and try to migrate bottom process which not stable and we have try again and again and if its not working then we can try another process according to instaructions. All that I will show in below images.

This is the output of ps command, and there are more process down which I cannot show in image.

Finally I migrated one process which is shown below.

Here it.

Now next step step is to dump all users credential through hashdump command. Which show in below images.

Here it.

Here we got all the users hashes which we will store in hashes.txt file and now we have crack it. Which we try it from hashcat.

Here we got a NTLM id or number or whatever you call it which is 1000.

Lets start. And one more thing that from hint I got to see that we can crack it from rockyou.txt.

Here we got a plain text which is alqfna22, which Jon’s Password.

Now lets search for a flag.

Here W got our first flag.

Lets search for another.

Here we got our third flag.

Second flag find with yourself.