tryhackme.com
Open in
urlscan Pro
2606:4700:10::6816:36e4
Public Scan
Submitted URL: https://t.co/RWSMTWbENe
Effective URL: https://tryhackme.com/room/blue
Submission: On December 06 via api from US — Scanned from DE
Effective URL: https://tryhackme.com/room/blue
Submission: On December 06 via api from US — Scanned from DE
Form analysis
1 forms found in the DOMPOST /feedback
<form method="post" action="/feedback" id="roomFeedbackForm" class="d-none mt-3">
<input type="hidden" name="_csrf" value="dkEgwKO4-u5y9Pq3lNIS7PlssnyNy4ZT6IeU">
<input type="hidden" name="roomCode" value="blue">
<input type="hidden" name="type" value="rooms">
<input type="hidden" name="redirect" value="json">
<div class="form-group">
<label class="mb-0" for="like">What do you like about the room?</label>
<textarea type="text" name="like" id="like" class="form-control"></textarea>
</div>
<div class="form-group">
<label class="mb-0" for="dislike">What don't you like about the room?</label>
<textarea type="text" name="dislike" id="dislike" class="form-control"></textarea>
</div>
<div class="form-group">
<label class="mb-0" for="details">Please send your suggestions, ideas and comments!</label>
<textarea id="details" type="text" name="details" class="form-control" style="padding: 5px;"></textarea>
</div>
<button type="submit" id="submitBtn" class="btn btn-success">Send Feedback</button>
</form>
Text Content
We uses cookies to ensure you get the best user experience. For more information contact us. Read more Got it! * Learn * Compete King of the Hill Attack & Defend Leaderboards Platform Rankings * Networks Throwback Attacking Active Directory Wreath Network Pivoting * For Education Teaching Use our security labs Create Labs Upload & Deploy VMs * For Business * Login * Join Now 3851 BLUE Start AttackBox Use Kali Linux Web-based Kali Machine Use AttackBox Recommended Show Split View Awards Help Clone Room Writeups Reset Progress Leave Deploy & hack into a Windows machine, leveraging common misconfigurations issues. To access material, start machines and answer questions login. * Chart * Scoreboard * Video * Discuss * Writeups * More Difficulty: Easy Rank Username Total Score DISCORD Come join our Discord server for support or further discussions FORUM Read or post on the dedicated forum post Official Write-Up by DarkStar7471 Blue - Write-up by MrSeth6797 Blue - Solucion by sckull Blue - Walkthrough by wuggles Windows Blue by crhystamil CTF: TRYHackMe Blue Makinesi Çözümü by ctaner فيديو عربي - Blue@tryhackme by tareq Blue- Walkthough by c0gnitiveFl0w Blue Walkthrough by m4sterph0enix Blue Walkthrough by parasarora06 Blue Walkthrough - No Metasploit Version by TheMayor Erebus - Walkthrough by MrAnarchy Blue Walkthrough by Akshay12 [SP] Video - Solución - Blue by hackadvisermx Blue CTF Write-up by R0101 Eternally Blue, and FUN by 0xb2b Blue Spanish Video Walkthrough by takito1812 [THM] Blue Writeup by infernoMarvelous TryHackMe - Blue writeup by m0rn1ngstr Blue Write-up by civilwaryank WriteUp Blue by DirectorFusion Blue Walkthrough by NightmareProject Blue - Walkthrough by DarkTangent Add Writeup Submit Writeups should have a link to TryHackMe and not include any passwords/cracked hashes/flags This is a free room, which means anyone can deploy virtual machines in the room (without being subscribed)! 113555 users are in here and this room is 995 days old. Created by DarkStar7471 Subscribe to watch a walkthrough video. Otherwise, you can complete this room for free! SUBSCRIBE FOR JUST $10 OR £8 20% less if you are a student! Subscribe * Access to all premium learning content * Get your own browser-based Kali Machine * Enroll in all learning paths * Private OpenVPN servers * Start machines faster Learn More Active Machine Information Loading... Loading... Loading... Loading... 0% Task 1 Recon Start Machine Scan and learn what exploit this machine is vulnerable to. Please note that this machine does not respond to ping (ICMP) and may take a few minutes to boot up. This room is not meant to be a boot2root CTF, rather, this is an educational series for complete beginners. Professionals will likely get very little out of this room beyond basic practice as the process here is meant to be beginner-focused. Art by one of our members, Varg - THM Profile - Instagram - Blue Merch - Twitter Link to Ice, the sequel to Blue: Link You can check out the third box in this series, Blaster, here: Link ----------------------------------------- The virtual machine used in this room (Blue) can be downloaded for offline usage from https://darkstar7471.com/resources.html Enjoy the room! For future rooms and write-ups, follow @darkstar7471 on Twitter. Answer the questions below Scan the machine. (If you are unsure how to tackle this, I recommend checking out the Nmap room) Login to answer.. Hint How many ports are open with a port number under 1000? Login to answer.. Hint What is this machine vulnerable to? (Answer in the form of: ms??-???, ex: ms08-067) Login to answer.. Hint Task 2 Gain Access Exploit the machine and gain a foothold. Answer the questions below Start Metasploit Login to answer.. Hint Find the exploitation code we will run against the machine. What is the full path of the code? (Ex: exploit/........) Login to answer.. Hint Show options and set the one required value. What is the name of this value? (All caps for submission) Login to answer.. Hint Usually it would be fine to run this exploit as is; however, for the sake of learning, you should do one more thing before exploiting the target. Enter the following command and press enter: set payload windows/x64/shell/reverse_tcp With that done, run the exploit! Login to answer.. Hint Confirm that the exploit has run correctly. You may have to press enter for the DOS shell to appear. Background this shell (CTRL + Z). If this failed, you may have to reboot the target VM. Try running it again before a reboot of the target. Login to answer.. Task 3 Escalate Escalate privileges, learn how to upgrade shells in metasploit. Answer the questions below If you haven't already, background the previously gained shell (CTRL + Z). Research online how to convert a shell to meterpreter shell in metasploit. What is the name of the post module we will use? (Exact path, similar to the exploit we previously selected) Login to answer.. Hint Select this (use MODULE_PATH). Show options, what option are we required to change? Login to answer.. Set the required option, you may need to list all of the sessions to find your target here. Login to answer.. Hint Run! If this doesn't work, try completing the exploit from the previous task once more. Login to answer.. Hint Once the meterpreter shell conversion completes, select that session for use. Login to answer.. Hint Verify that we have escalated to NT AUTHORITY\SYSTEM. Run getsystem to confirm this. Feel free to open a dos shell via the command 'shell' and run 'whoami'. This should return that we are indeed system. Background this shell afterwards and select our meterpreter session for usage again. Login to answer.. List all of the processes running via the 'ps' command. Just because we are system doesn't mean our process is. Find a process towards the bottom of this list that is running at NT AUTHORITY\SYSTEM and write down the process id (far left column). Login to answer.. Migrate to this process using the 'migrate PROCESS_ID' command where the process id is the one you just wrote down in the previous step. This may take several attempts, migrating processes is not very stable. If this fails, you may need to re-run the conversion process or reboot the machine and start once again. If this happens, try a different process next time. Login to answer.. Task 4 Cracking Dump the non-default user's password and crack it! Answer the questions below Within our elevated meterpreter shell, run the command 'hashdump'. This will dump all of the passwords on the machine as long as we have the correct privileges to do so. What is the name of the non-default user? Login to answer.. Copy this password hash to a file and research how to crack it. What is the cracked password? Login to answer.. Hint Task 5 Find flags! Find the three flags planted on this machine. These are not traditional flags, rather, they're meant to represent key locations within the Windows system. Use the hints provided below to complete this room! ----------------------------------------------------------------- Completed Blue? Check out Ice: Link You can check out the third box in this series, Blaster, here: Link Answer the questions below Flag1? This flag can be found at the system root. Login to answer.. Hint Flag2? This flag can be found at the location where passwords are stored within Windows. *Errata: Windows really doesn't like the location of this flag and can occasionally delete it. It may be necessary in some cases to terminate/restart the machine and rerun the exploit to find this flag. This relatively rare, however, it can happen. Login to answer.. Hint flag3? This flag can be found in an excellent location to loot. After all, Administrators usually have pretty interesting things saved. Login to answer.. Hint Created by DarkStar7471 This is a free room, which means anyone can deploy virtual machines in the room (without being subscribed)! 113555 users are in here and this room is 995 days old. -------------------------------------------------------------------------------- Copyright TryHackMe 2018-2021160 Kemp House, London, EC1V 2NX LEARN * Hacktivities * Leaderboards * Paths DOCS * Teaching * About Us * Blog * Buy Vouchers SOCIALS * Twitter * Email * Discord * Forum WEB-BASED MACHINE INFORMATION Use the web-based machine to attack other target machines you start on TryHackMe. * Public IP: * Private IP: (Use this for your reverse shells) * Username: * Password: * Protocol: -------------------------------------------------------------------------------- * To copy to and from the browser-based machine, highlight the text and press CTRL+SHIFT+C or use the clipboard * When accessing target machines you start on TryHackMe tasks, make sure you're using the correct IP (it should not be the IP of your AttackBox) × Blue Hacking into Windows via EternalBlue Complete the room to earn this badge QUESTION HINT × ... × CONGRATULATIONS You've completed the room! Leave feedback What do you like about the room? What don't you like about the room? Please send your suggestions, ideas and comments! Send Feedback TO ACCESS THIS MACHINE, YOU NEED TO EITHER × Use a VPN Connect to our network via a VPN See Instructions or Use the AttackBox Use a web-based attack machine (recommended) Start AttackBox EXPIRING SOON Your machine is going to expire soon. Close this and add an hour to stop it from terminating! Close EXPIRED MACHINE Your machine has expired and terminated. Close HOW TO ACCESS MACHINES × Now you've started your machine, to access it you need to either Download your VPN configuration file and import it into a OpenVPN client Control a web-based machine with everything you need, all from inside your browser × Close RESET YOUR PROGRESS × Warning You will keep your points but all your answers in this room will be erased. Yes, please! GENERATING YOUR CERTIFICATE × HEY THERE, WHAT'S YOUR NAME? If you want your name to appear on your certificate, please fill the field below. Full Name YOU'RE HERE INCOGNITO? IT'S OK! If you chose skip, your username will be used instead! Generate with my full name Generate with my username Video Solution Writeups Forum Post Knowledge Base Ask Community HELP How to access machines Some tasks will have you learning by doing, often through hacking a virtual machine. However, to access these machines you need to either: * Use the in-browser machine - If you're subscribed, you can start your in-browser Kali machine and use it to access machines you've started! * Use OpenVPN - You need to download your configuration file and install OpenVPN. Follow the guide here to connect using OpenVPN. Unable to access a machine? * Are you connected to the TryHackMe network? You can check by starting the machine in the welcome room (task 3), waiting a few minutes and accessing its webserver - If you see a website, you are connected. * If its a Windows machine you've started, it might not be pingable. Try using the -Pn flag when scanning the machine with nmap: nmap MACHINE_IP -Pn -v * Has the machine had long enough to start up? It can take between 1 and 5 minutes. * Not all machines have a web server or SSH service running. Try pinging the machine in your console first: ping MACHINE_IP. If its responds, its reachable and you're not accessing it in the intended way. * Are you definetly using the machine's IP and the correct method of access with the right details (e.g. username) - try rereading the task, have you missed something? Unable to SSH into a machine? Not all machines will have SSH enabled. You shouldn't be trying to SSH / RDP / Access a webserver unless you've been told specifically to do so, or have scanned the machine first to check that the service is running. Machine has no website? Not all machines you start will have a web server running. Why not scan the machine with nmap to see if there is one running on another port. Use the following nmap command: nmap -v MACHINE_IP - If there is a webserver running on another port, go to http://MACHINE_IP:PORT Machine has no internet access? If you are on a machine, the chances are it won't have internet access. To put a file onto your remote machine, you can: * Use SCP - You can copy a file to a remote machine with the following command: scp YOUR_FILE you@remote.machine.org:/DIRECTORY * Host a mini-webserver - You can host a mini-webserver on your machine. On your machine type: python3 -m http.server 1234 where your files are hosted, then on the remote machine go to http://MACHINE_IP:1234 and download it. Stuck on a question? * Writeups - Does the room have any writeups you can check? (Click the writeup tab or go to room options) * Using the internet - Being able to research effectively is really important. You can improve your researching skills here. * Discord - As a last resort, if you're really stuck why not ask our community for a hint on Discord? No in-browser machine capability? Not every room has the in-browser functionality. Its up to the room creator to add this capability. Which rooms to start with? If you are not sure where to start, check out: * Pathways - Choose a path and build up your knowledge using a mixture of room guides and challenges! * Hacktivities - Search for a topic you enjoy and filter by your difficulty rating. * Zero to Hero post - An overview on which rooms to start with both as a free and subscribed user. How do points work? Completing rooms gets you a certain number of points. A breakdown of how questions are scored as as follow: Answered Score 1st to answer 80 points After first 30 points If the room type is a walkthrough room, you only get 25% of those points added to your account score. Challenge room’s receive 100% if the room has been released during this month. All points you get are added to your ‘All-time’ score, however not all points are added to your ‘Monthly’ score (which is reset to 0 on the last day of the month 23:59 GMT). You only get 100% of a room's monthly points if a room has been released during that month; you get 25% of challenge room points if its not released in this month. This stops new users being able obtain large amounts of points as they have more rooms to solve than older users - by monthly points only being awarded if a room is released this month, everyone has a fair chance to be number 1 on the ‘Monthly’ leaderboard and everyone has an equal chance to be number 1 on the ‘All-time’ leaderboard. Summary * Challenge rooms released this month, give you 100% of the points (to both your all-time and monthly score). * Old challenge rooms (not released this month) will give you 25% of the points to your monthly score and 100% to your all-time score. * Walkthrough rooms released this month, give you 25% of the points to both your all-time and monthly score. * Old Walkthrough rooms (not released this month) only give you 25% of the points to your all-time score, none for your monthly score. Accessing networks To access a network, you need to download and connect using your networks OpenVPN configuration file. Go to the access page, click the networks tab and select the network. Once downloaded, import your OpenVPN config file (details to this process are on the access page). How do I reset a network? You can request to reset your network once an hour. Show Connection Options To access target machines you need to either: AttackBox Use a browser-based attack machine OpenVPN Connect to our network via a VPN View the dedicated OpenVPN access page for more information WHAT OPERATING SYSTEM ARE YOU USING? * Windows * Linux * MacOS 1. Download your OpenVPN configuration pack. 2. Download the OpenVPN GUI application. 3. Install the OpenVPN GUI application. Then open the installer file and follow the setup wizard. 4. Open and run the OpenVPN GUI application as Administrator. 5. The application will start running in the system tray. It's at the bottom of your screen, near the clock. Right click on the application and click Import File. 6. Select the configuration file you downloaded earlier. 7. Now right click on the application again, select your file and click Connect 1. Download your OpenVPN configuration pack. 2. Run the following command in your terminal: sudo apt install openvpn 3. Locate the full path to your VPN configuration file (normally in your ~/Downloads folder). 4. Use your OpenVPN file with the following command: sudo openvpn /path/to/file.ovpn 1. Download your OpenVPN configuration pack. 2. Download OpenVPN for MacOS. 3. Install the OpenVPN GUI application, by opening the dmg file and following the setup wizard. 4. Open and run the OpenVPN GUI application. 5. The application will start running and appear in your top bar. Right click on the application and click Import File -> Local file. 6. Select the configuration file you downloaded earlier. 7. Right click on the application again, select your file and click connect. HAVING PROBLEMS? * If you can access 10.10.10.10, you're connected. * Downloading and getting a 404? Go the access page and switch VPN servers. * Getting inline cert error? Go the access page and switch VPN servers. * If you are using a virtual machine, you will need to run the VPN inside that machine. * Is the OpenVPN client running as root? (On Windows, run OpenVPN GUI as administrator. On Linux, run with sudo) * Have you restarted your VM? * Is your OpenVPN up-to-date? * Only 1 OpenVPN connection is allowed. (Run ps aux | grep openvpn - are there 2 VPN sessions running?) * Still having issues? Check our docs out. ATTACKBOX Use your own web-based linux machine to access machines on TryHackMe To start your AttackBox in the room, click the Start AttackBox button. Your private machine will take 2 minutes to start. You can also use the dedicated My-Machine page to start and access your machine. From here you can also deploy: * AttackBox - Custom cyber-ready linux instance * Kali Linux - Industry standard security linux instance * Free AttackBox - Less powerful Attackbox with no internet Free users get 1 free AttackBox hour. Subscribed users get more powerful machines with unlimited deploys. Hide IP