Debriefing of Attack
Muhammad Qaseem
Introduction:
Bytewise Exam 01, We were provided with a vulnerable image and were provided with a boot to root scenario. Lets start with the .ova file.
After importing the image into vmware, we can conclude that it is a Windows 7 machine with a user Jon
Windows 7 got very famous because of the eternal blue vulnerability but lets continue.
Reconnaissance Phase
Nmap:
nmap -sV -sC --script vuln $IP
Initial Access
As we have concluded that the machine is vulnerable to ms17–010, so now lets find an exploit, for automated procedure, I will use metasploit.
After setting all the relevant settings including lhost, rhost, payload, lets exploit.
We have successfully got root. Now lets elevate shell to meterpreter.
We have got the elevated meterpreter shell.
Post-Exploitation / Data Exfiltration
We look for some files which might contain some important info.
We found flag1.txt, which indicates that the flags will be in flag{n}.txt format, lets search for them as flag*.txt
Found all the 3 flags.
Dumping Hashes of already existing users
Cracking them.
john --format=nt --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
After cracking the hashes, a successful login into the machine.
Additional Lookup
I import winPeas.bin on the machine and ran it, share the useful from it here.
Conclusion
A lot of Windows 7 machines got exploited when the exploit was made public and still due to lack of awareness, some cases arrive. Cybersecurity is essential to protect sensitive data and systems from cyber threats, as demonstrated by the havoc caused by exploits like EternalBlue.
