Blaster TryHackMe (Writeup)

4 min readDec 7, 2020

Difficulty: Easy (Windows)

#NMAP:

sV : Version Scan
-A : Aggressive Scan
-p- : Scan all ports TCP/UDP
-oN : Output of text
-Pn : This is used when the car appears to be down. So we tell Nmap to ping it.

#Gobuster:

And we have found the hidden directory /retro let’s browse.
Command: gobuster dir -u http://10.10.51.42 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,txt,html,js -t 64

And we found a potential Username Wade
Now we move in /author/wade

Click on the comments RSS and we found a potentially password: XXXXXXX

#Microsoft Remote Desktop (MSRDP):

Now we can try to log into the Remote Desktop, thanks to “Remmina”, if you don’t have it, install it. “apt-get install remmina”

Enter the credentials found and the domain and we are in !!!!!

And we found 1st Flag!!

If we continue to browse the machine from remote access, we can see that in the history, there is interesting information about the CVE. Which we could make use of.

Inside the machine we find a program that appears to be executable.

But it seems to want the password. Then click on “show more details”

So it’s asking for Administrator password let’s click on “Show information about the publisher’s certificate”

And click on “VeriSign Commercial Software Publishers CA” after that Internet explorer will open.

Click on “ Settings” “File” and click on “Save as”

So you can see we are getting error click on “OK” and in the “File name” enter this command: C:\Windows\System32\*.* and save.
For more information visit: https://www.youtube.com/watch?v=3BQKpPNlTSo
Now search for : cmd