tryhackme.com
Open in
urlscan Pro
2606:4700:10::6816:36e4
Public Scan
Submitted URL: https://t.co/RWSMTWbENe
Effective URL: https://tryhackme.com/room/blue
Submission: On December 06 via api from US — Scanned from DE
Effective URL: https://tryhackme.com/room/blue
Submission: On December 06 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
POST /feedback
<form method="post" action="/feedback" id="roomFeedbackForm" class="d-none mt-3">
<input type="hidden" name="_csrf" value="dkEgwKO4-u5y9Pq3lNIS7PlssnyNy4ZT6IeU">
<input type="hidden" name="roomCode" value="blue">
<input type="hidden" name="type" value="rooms">
<input type="hidden" name="redirect" value="json">
<div class="form-group">
<label class="mb-0" for="like">What do you like about the room?</label>
<textarea type="text" name="like" id="like" class="form-control"></textarea>
</div>
<div class="form-group">
<label class="mb-0" for="dislike">What don't you like about the room?</label>
<textarea type="text" name="dislike" id="dislike" class="form-control"></textarea>
</div>
<div class="form-group">
<label class="mb-0" for="details">Please send your suggestions, ideas and comments!</label>
<textarea id="details" type="text" name="details" class="form-control" style="padding: 5px;"></textarea>
</div>
<button type="submit" id="submitBtn" class="btn btn-success">Send Feedback</button>
</form>Text Content
We uses cookies to ensure you get the best user experience. For more information
contact us. Read more
Got it!
* Learn
* Compete
King of the Hill
Attack & Defend
Leaderboards
Platform Rankings
* Networks
Throwback
Attacking Active Directory
Wreath
Network Pivoting
* For Education
Teaching
Use our security labs
Create Labs
Upload & Deploy VMs
* For Business
* Login
* Join Now
3851
BLUE
Start AttackBox
Use Kali Linux
Web-based Kali Machine
Use AttackBox
Recommended
Show Split View Awards Help
Clone Room Writeups Reset Progress Leave
Deploy & hack into a Windows machine, leveraging common misconfigurations
issues.
To access material, start machines and answer questions login.
* Chart
* Scoreboard
* Video
* Discuss
* Writeups
* More
Difficulty: Easy
Rank Username Total Score
DISCORD
Come join our Discord server for support or further discussions
FORUM
Read or post on the dedicated forum post
Official Write-Up by DarkStar7471
Blue - Write-up by MrSeth6797
Blue - Solucion by sckull
Blue - Walkthrough by wuggles
Windows Blue by crhystamil
CTF: TRYHackMe Blue Makinesi Çözümü by ctaner
فيديو عربي - Blue@tryhackme by tareq
Blue- Walkthough by c0gnitiveFl0w
Blue Walkthrough by m4sterph0enix
Blue Walkthrough by parasarora06
Blue Walkthrough - No Metasploit Version by TheMayor
Erebus - Walkthrough by MrAnarchy
Blue Walkthrough by Akshay12
[SP] Video - Solución - Blue by hackadvisermx
Blue CTF Write-up by R0101
Eternally Blue, and FUN by 0xb2b
Blue Spanish Video Walkthrough by takito1812
[THM] Blue Writeup by infernoMarvelous
TryHackMe - Blue writeup by m0rn1ngstr
Blue Write-up by civilwaryank
WriteUp Blue by DirectorFusion
Blue Walkthrough by NightmareProject
Blue - Walkthrough by DarkTangent
Add Writeup
Submit
Writeups should have a link to TryHackMe and not include any passwords/cracked
hashes/flags
This is a free room, which means anyone can deploy virtual machines in the room
(without being subscribed)! 113555 users are in here and this room is 995 days
old.
Created by DarkStar7471
Subscribe to watch a walkthrough video. Otherwise, you can complete this room
for free!
SUBSCRIBE FOR JUST $10 OR £8
20% less if you are a student!
Subscribe
* Access to all premium learning content
* Get your own browser-based Kali Machine
* Enroll in all learning paths
* Private OpenVPN servers
* Start machines faster
Learn More
Active Machine Information
Loading...
Loading...
Loading...
Loading...
0%
Task 1 Recon
Start Machine
Scan and learn what exploit this machine is vulnerable to. Please note that this
machine does not respond to ping (ICMP) and may take a few minutes to boot up.
This room is not meant to be a boot2root CTF, rather, this is an educational
series for complete beginners. Professionals will likely get very little out of
this room beyond basic practice as the process here is meant to be
beginner-focused.
Art by one of our members, Varg - THM Profile - Instagram - Blue Merch - Twitter
Link to Ice, the sequel to Blue: Link
You can check out the third box in this series, Blaster, here: Link
-----------------------------------------
The virtual machine used in this room (Blue) can be downloaded for offline usage
from https://darkstar7471.com/resources.html
Enjoy the room! For future rooms and write-ups, follow @darkstar7471 on Twitter.
Answer the questions below
Scan the machine. (If you are unsure how to tackle this, I recommend checking
out the Nmap room)
Login to answer..
Hint
How many ports are open with a port number under 1000?
Login to answer..
Hint
What is this machine vulnerable to? (Answer in the form of: ms??-???, ex:
ms08-067)
Login to answer..
Hint
Task 2 Gain Access
Exploit the machine and gain a foothold.
Answer the questions below
Start Metasploit
Login to answer..
Hint
Find the exploitation code we will run against the machine. What is the full
path of the code? (Ex: exploit/........)
Login to answer..
Hint
Show options and set the one required value. What is the name of this value?
(All caps for submission)
Login to answer..
Hint
Usually it would be fine to run this exploit as is; however, for the sake of
learning, you should do one more thing before exploiting the target. Enter the
following command and press enter:
set payload windows/x64/shell/reverse_tcp
With that done, run the exploit!
Login to answer..
Hint
Confirm that the exploit has run correctly. You may have to press enter for the
DOS shell to appear. Background this shell (CTRL + Z). If this failed, you may
have to reboot the target VM. Try running it again before a reboot of the
target.
Login to answer..
Task 3 Escalate
Escalate privileges, learn how to upgrade shells in metasploit.
Answer the questions below
If you haven't already, background the previously gained shell (CTRL + Z).
Research online how to convert a shell to meterpreter shell in metasploit. What
is the name of the post module we will use? (Exact path, similar to the exploit
we previously selected)
Login to answer..
Hint
Select this (use MODULE_PATH). Show options, what option are we required to
change?
Login to answer..
Set the required option, you may need to list all of the sessions to find your
target here.
Login to answer..
Hint
Run! If this doesn't work, try completing the exploit from the previous task
once more.
Login to answer..
Hint
Once the meterpreter shell conversion completes, select that session for use.
Login to answer..
Hint
Verify that we have escalated to NT AUTHORITY\SYSTEM. Run getsystem to confirm
this. Feel free to open a dos shell via the command 'shell' and run 'whoami'.
This should return that we are indeed system. Background this shell afterwards
and select our meterpreter session for usage again.
Login to answer..
List all of the processes running via the 'ps' command. Just because we are
system doesn't mean our process is. Find a process towards the bottom of this
list that is running at NT AUTHORITY\SYSTEM and write down the process id (far
left column).
Login to answer..
Migrate to this process using the 'migrate PROCESS_ID' command where the process
id is the one you just wrote down in the previous step. This may take several
attempts, migrating processes is not very stable. If this fails, you may need to
re-run the conversion process or reboot the machine and start once again. If
this happens, try a different process next time.
Login to answer..
Task 4 Cracking
Dump the non-default user's password and crack it!
Answer the questions below
Within our elevated meterpreter shell, run the command 'hashdump'. This will
dump all of the passwords on the machine as long as we have the correct
privileges to do so. What is the name of the non-default user?
Login to answer..
Copy this password hash to a file and research how to crack it. What is the
cracked password?
Login to answer..
Hint
Task 5 Find flags!
Find the three flags planted on this machine. These are not traditional flags,
rather, they're meant to represent key locations within the Windows system. Use
the hints provided below to complete this room!
-----------------------------------------------------------------
Completed Blue? Check out Ice: Link
You can check out the third box in this series, Blaster, here: Link
Answer the questions below
Flag1? This flag can be found at the system root.
Login to answer..
Hint
Flag2? This flag can be found at the location where passwords are stored within
Windows.
*Errata: Windows really doesn't like the location of this flag and can
occasionally delete it. It may be necessary in some cases to terminate/restart
the machine and rerun the exploit to find this flag. This relatively rare,
however, it can happen.
Login to answer..
Hint
flag3? This flag can be found in an excellent location to loot. After all,
Administrators usually have pretty interesting things saved.
Login to answer..
Hint
Created by DarkStar7471
This is a free room, which means anyone can deploy virtual machines in the room
(without being subscribed)! 113555 users are in here and this room is 995 days
old.
--------------------------------------------------------------------------------
Copyright TryHackMe 2018-2021160 Kemp House, London, EC1V 2NX
LEARN
* Hacktivities
* Leaderboards
* Paths
DOCS
* Teaching
* About Us
* Blog
* Buy Vouchers
SOCIALS
* Twitter
* Email
* Discord
* Forum
WEB-BASED MACHINE INFORMATION
Use the web-based machine to attack other target machines you start on
TryHackMe.
* Public IP:
* Private IP: (Use this for your reverse shells)
* Username:
* Password:
* Protocol:
--------------------------------------------------------------------------------
* To copy to and from the browser-based machine, highlight the text and press
CTRL+SHIFT+C or use the clipboard
* When accessing target machines you start on TryHackMe tasks, make sure you're
using the correct IP (it should not be the IP of your AttackBox)
×
Blue
Hacking into Windows via EternalBlue
Complete the room to earn this badge
QUESTION HINT
×
...
×
CONGRATULATIONS
You've completed the room!
Leave feedback
What do you like about the room?
What don't you like about the room?
Please send your suggestions, ideas and comments!
Send Feedback
TO ACCESS THIS MACHINE, YOU NEED TO EITHER
×
Use a VPN
Connect to our network via a VPN
See Instructions
or
Use the AttackBox
Use a web-based attack machine (recommended)
Start AttackBox
EXPIRING SOON
Your machine is going to expire soon. Close this and add an hour to stop it from
terminating!
Close
EXPIRED MACHINE
Your machine has expired and terminated.
Close
HOW TO ACCESS MACHINES
×
Now you've started your machine, to access it you need to either
Download your VPN configuration file and import it into a OpenVPN client
Control a web-based machine with everything you need, all from inside your
browser
×
Close
RESET YOUR PROGRESS
×
Warning You will keep your points but all your answers in this room will be
erased.
Yes, please!
GENERATING YOUR CERTIFICATE
×
HEY THERE, WHAT'S YOUR NAME?
If you want your name to appear on your certificate, please fill the field
below.
Full Name
YOU'RE HERE INCOGNITO? IT'S OK!
If you chose skip, your username will be used instead!
Generate with my full name
Generate with my username
Video Solution
Writeups
Forum Post
Knowledge Base
Ask Community
HELP
How to access machines
Some tasks will have you learning by doing, often through hacking a virtual
machine. However, to access these machines you need to either:
* Use the in-browser machine - If you're subscribed, you can start your
in-browser Kali machine and use it to access machines you've started!
* Use OpenVPN - You need to download your configuration file and install
OpenVPN. Follow the guide here to connect using OpenVPN.
Unable to access a machine?
* Are you connected to the TryHackMe network? You can check by starting the
machine in the welcome room (task 3), waiting a few minutes and accessing its
webserver - If you see a website, you are connected.
* If its a Windows machine you've started, it might not be pingable. Try using
the -Pn flag when scanning the machine with nmap: nmap MACHINE_IP -Pn -v
* Has the machine had long enough to start up? It can take between 1 and 5
minutes.
* Not all machines have a web server or SSH service running. Try pinging the
machine in your console first: ping MACHINE_IP. If its responds, its
reachable and you're not accessing it in the intended way.
* Are you definetly using the machine's IP and the correct method of access
with the right details (e.g. username) - try rereading the task, have you
missed something?
Unable to SSH into a machine?
Not all machines will have SSH enabled.
You shouldn't be trying to SSH / RDP / Access a webserver unless you've been
told specifically to do so, or have scanned the machine first to check that the
service is running.
Machine has no website?
Not all machines you start will have a web server running. Why not scan the
machine with nmap to see if there is one running on another port.
Use the following nmap command: nmap -v MACHINE_IP - If there is a webserver
running on another port, go to http://MACHINE_IP:PORT
Machine has no internet access?
If you are on a machine, the chances are it won't have internet access.
To put a file onto your remote machine, you can:
* Use SCP - You can copy a file to a remote machine with the following command:
scp YOUR_FILE you@remote.machine.org:/DIRECTORY
* Host a mini-webserver - You can host a mini-webserver on your machine. On
your machine type: python3 -m http.server 1234 where your files are hosted,
then on the remote machine go to http://MACHINE_IP:1234 and download it.
Stuck on a question?
* Writeups - Does the room have any writeups you can check? (Click the writeup
tab or go to room options)
* Using the internet - Being able to research effectively is really important.
You can improve your researching skills here.
* Discord - As a last resort, if you're really stuck why not ask our community
for a hint on Discord?
No in-browser machine capability?
Not every room has the in-browser functionality. Its up to the room creator to
add this capability.
Which rooms to start with?
If you are not sure where to start, check out:
* Pathways - Choose a path and build up your knowledge using a mixture of room
guides and challenges!
* Hacktivities - Search for a topic you enjoy and filter by your difficulty
rating.
* Zero to Hero post - An overview on which rooms to start with both as a free
and subscribed user.
How do points work?
Completing rooms gets you a certain number of points. A breakdown of how
questions are scored as as follow:
Answered Score 1st to answer 80 points After first 30 points
If the room type is a walkthrough room, you only get 25% of those points added
to your account score. Challenge room’s receive 100% if the room has been
released during this month.
All points you get are added to your ‘All-time’ score, however not all points
are added to your ‘Monthly’ score (which is reset to 0 on the last day of the
month 23:59 GMT). You only get 100% of a room's monthly points if a room has
been released during that month; you get 25% of challenge room points if its not
released in this month. This stops new users being able obtain large amounts of
points as they have more rooms to solve than older users - by monthly points
only being awarded if a room is released this month, everyone has a fair chance
to be number 1 on the ‘Monthly’ leaderboard and everyone has an equal chance to
be number 1 on the ‘All-time’ leaderboard.
Summary
* Challenge rooms released this month, give you 100% of the points (to both
your all-time and monthly score).
* Old challenge rooms (not released this month) will give you 25% of the points
to your monthly score and 100% to your all-time score.
* Walkthrough rooms released this month, give you 25% of the points to both
your all-time and monthly score.
* Old Walkthrough rooms (not released this month) only give you 25% of the
points to your all-time score, none for your monthly score.
Accessing networks
To access a network, you need to download and connect using your networks
OpenVPN configuration file.
Go to the access page, click the networks tab and select the network. Once
downloaded, import your OpenVPN config file (details to this process are on the
access page).
How do I reset a network?
You can request to reset your network once an hour.
Show Connection Options
To access target machines you need to either:
AttackBox
Use a browser-based attack machine
OpenVPN
Connect to our network via a VPN
View the dedicated OpenVPN access page for more information
WHAT OPERATING SYSTEM ARE YOU USING?
* Windows
* Linux
* MacOS
1. Download your OpenVPN configuration pack.
2. Download the OpenVPN GUI application.
3. Install the OpenVPN GUI application. Then open the installer file and follow
the setup wizard.
4. Open and run the OpenVPN GUI application as Administrator.
5. The application will start running in the system tray. It's at the bottom of
your screen, near the clock. Right click on the application and click Import
File.
6. Select the configuration file you downloaded earlier.
7. Now right click on the application again, select your file and click Connect
1. Download your OpenVPN configuration pack.
2. Run the following command in your terminal: sudo apt install openvpn
3. Locate the full path to your VPN configuration file (normally in your
~/Downloads folder).
4. Use your OpenVPN file with the following command: sudo openvpn
/path/to/file.ovpn
1. Download your OpenVPN configuration pack.
2. Download OpenVPN for MacOS.
3. Install the OpenVPN GUI application, by opening the dmg file and following
the setup wizard.
4. Open and run the OpenVPN GUI application.
5. The application will start running and appear in your top bar. Right click
on the application and click Import File -> Local file.
6. Select the configuration file you downloaded earlier.
7. Right click on the application again, select your file and click connect.
HAVING PROBLEMS?
* If you can access 10.10.10.10, you're connected.
* Downloading and getting a 404? Go the access page and switch VPN servers.
* Getting inline cert error? Go the access page and switch VPN servers.
* If you are using a virtual machine, you will need to run the VPN inside that
machine.
* Is the OpenVPN client running as root? (On Windows, run OpenVPN GUI as
administrator. On Linux, run with sudo)
* Have you restarted your VM?
* Is your OpenVPN up-to-date?
* Only 1 OpenVPN connection is allowed. (Run ps aux | grep openvpn - are there
2 VPN sessions running?)
* Still having issues? Check our docs out.
ATTACKBOX
Use your own web-based linux machine to access machines on TryHackMe
To start your AttackBox in the room, click the Start AttackBox button. Your
private machine will take 2 minutes to start.
You can also use the dedicated My-Machine page to start and access your machine.
From here you can also deploy:
* AttackBox - Custom cyber-ready linux instance
* Kali Linux - Industry standard security linux instance
* Free AttackBox - Less powerful Attackbox with no internet
Free users get 1 free AttackBox hour. Subscribed users get more powerful
machines with unlimited deploys.
Hide IP