HTB Retired Box Walkthrough: Blue

Blue is a retired Windows machine that is rated as Easy on Hack the Box.

Hostname: Blue
IP: 10.10.10.40
Operating System: Windows

Port Scan Results*

A simple nmap port scan nmap -vvvvv 10.10.10.40 yields the following ports:

135/tcp: msrpc
139/tcp: netbios-ssn
445/tcp: microsoft-ds
49152/tcp: unknown
49153/tcp: unknown
49154/tcp: unknown
49155/tcp: unknown
49156/tcp: unknown
49157/tcp: unknown

Further Enumeration*

This initial port scan didn’t give us much. We need to approach this with a three-pronged attack. 1: amp up our nmap, 2: look at the actual website, and 3: go snooping through the directories.

For the next part of enumeration, I attempt a service version scan using nmap nmap -vvvvvv -sTV 10.10.10.40.

That gave some service versions.

135/tcp: Microsoft Windows RPC
139/tcp: Microsoft Windows netbios-ssn
445/tcp: Microsoft Windows 7–10 microsoft-ds (Workgroup: workgroup)
49152/tcp: unknown
49153/tcp: unknown
49154/tcp: Microsoft Windows RPC
49155/tcp: Microsoft Windows RPC
49156/tcp…